From 501f054d5115ffe923cfc2b21393e36674097a82 Mon Sep 17 00:00:00 2001 From: Leonid Logvinov Date: Tue, 5 Sep 2017 12:22:17 +0200 Subject: Add signature verification as a part of order validation and tests for it --- src/utils/order_validation_utils.ts | 6 +++++- test/order_validation_test.ts | 12 +++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/utils/order_validation_utils.ts b/src/utils/order_validation_utils.ts index 445ad43f9..e64666dfc 100644 --- a/src/utils/order_validation_utils.ts +++ b/src/utils/order_validation_utils.ts @@ -1,4 +1,5 @@ -import {ExchangeContractErrs, SignedOrder, Order} from '../types'; +import {ExchangeContractErrs, SignedOrder, Order, ZeroExError} from '../types'; +import {ZeroEx} from '../0x.js'; import {TokenWrapper} from '../contract_wrappers/token_wrapper'; import {ExchangeWrapper} from '../contract_wrappers/exchange_wrapper'; import {utils} from '../utils/utils'; @@ -19,6 +20,9 @@ export class OrderValidationUtils { throw new Error(ExchangeContractErrs.OrderFillAmountZero); } const orderHash = utils.getOrderHashHex(signedOrder); + if (!ZeroEx.isValidSignature(orderHash, signedOrder.ecSignature, signedOrder.maker)) { + throw new Error(ZeroExError.InvalidSignature); + } const unavailableTakerTokenAmount = await this.exchangeWrapper.getUnavailableTakerAmountAsync(orderHash); if (signedOrder.makerTokenAmount.eq(unavailableTakerTokenAmount)) { throw new Error(ExchangeContractErrs.OrderRemainingFillAmountZero); diff --git a/test/order_validation_test.ts b/test/order_validation_test.ts index 93bcfcce0..9a621555c 100644 --- a/test/order_validation_test.ts +++ b/test/order_validation_test.ts @@ -4,7 +4,7 @@ import * as BigNumber from 'bignumber.js'; import promisify = require('es6-promisify'); import {chaiSetup} from './utils/chai_setup'; import {web3Factory} from './utils/web3_factory'; -import {ZeroEx, SignedOrder, Token, ExchangeContractErrs} from '../src'; +import {ZeroEx, SignedOrder, Token, ExchangeContractErrs, ZeroExError} from '../src'; import {TokenUtils} from './utils/token_utils'; import {BlockchainLifecycle} from './utils/blockchain_lifecycle'; import {FillScenarios} from './utils/fill_scenarios'; @@ -64,6 +64,16 @@ describe('OrderValidation', () => { signedOrder, zeroFillAmount, takerAddress, )).to.be.rejectedWith(ExchangeContractErrs.OrderFillAmountZero); }); + it('should throw when the signature is invalid', async () => { + const signedOrder = await fillScenarios.createFillableSignedOrderAsync( + makerTokenAddress, takerTokenAddress, makerAddress, takerAddress, fillableAmount, + ); + // 27 <--> 28 + signedOrder.ecSignature.v = 27 + (28 - signedOrder.ecSignature.v); + return expect(zeroEx.exchange.validateFillOrderThrowIfInvalidAsync( + signedOrder, fillableAmount, takerAddress, + )).to.be.rejectedWith(ZeroExError.InvalidSignature); + }); it('should throw when the order is fully filled or cancelled', async () => { const signedOrder = await fillScenarios.createFillableSignedOrderAsync( makerTokenAddress, takerTokenAddress, makerAddress, takerAddress, fillableAmount, -- cgit v1.2.3 From 18a52a1ea758ee5640680f1097eba1ce9a9e81fc Mon Sep 17 00:00:00 2001 From: Leonid Logvinov Date: Tue, 5 Sep 2017 12:30:41 +0200 Subject: Update CHANGELOG --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 22bac9224..b45fb6478 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # CHANGELOG +v0.12.2 - _TBD_ + * Added signature validation to validateFillOrderThrowIfInvalidAsync (#152) + v0.12.1 - _September 2, 2017_ * Added the support for web3@1.x.x provider (#142) * Added the optional `zeroExConfig` parameter to the constructor of `ZeroEx` (#139) -- cgit v1.2.3