From 0591f1d32a4696924d9b063b09ec8a373e6757c7 Mon Sep 17 00:00:00 2001
From: Fabio Berger <me@fabioberger.com>
Date: Thu, 27 Sep 2018 10:03:54 +0100
Subject: Add address normalization to isValidECSignature method

---
 packages/order-utils/CHANGELOG.json         | 10 ++++++++++
 packages/order-utils/src/signature_utils.ts |  4 +++-
 2 files changed, 13 insertions(+), 1 deletion(-)

(limited to 'packages/order-utils')

diff --git a/packages/order-utils/CHANGELOG.json b/packages/order-utils/CHANGELOG.json
index 1162bbc83..2927373d6 100644
--- a/packages/order-utils/CHANGELOG.json
+++ b/packages/order-utils/CHANGELOG.json
@@ -1,4 +1,14 @@
 [
+    {
+        "version": "1.0.6",
+        "changes": [
+            {
+                "note":
+                    "Add signerAddress normalization to `isValidECSignature` to avoid `invalid address recovery` error if caller supplies a checksummed address",
+                "pr": 1094
+            }
+        ]
+    },
     {
         "timestamp": 1537907159,
         "version": "1.0.5",
diff --git a/packages/order-utils/src/signature_utils.ts b/packages/order-utils/src/signature_utils.ts
index c0c9e71a7..3b656d3fc 100644
--- a/packages/order-utils/src/signature_utils.ts
+++ b/packages/order-utils/src/signature_utils.ts
@@ -174,6 +174,7 @@ export const signatureUtils = {
         assert.isHexString('data', data);
         assert.doesConformToSchema('signature', signature, schemas.ecSignatureSchema);
         assert.isETHAddressHex('signerAddress', signerAddress);
+        const normalizedSignerAddress = signerAddress.toLowerCase();
 
         const msgHashBuff = ethUtil.toBuffer(data);
         try {
@@ -184,7 +185,8 @@ export const signatureUtils = {
                 ethUtil.toBuffer(signature.s),
             );
             const retrievedAddress = ethUtil.bufferToHex(ethUtil.pubToAddress(pubKey));
-            return retrievedAddress === signerAddress;
+            const normalizedRetrievedAddress = retrievedAddress.toLowerCase();
+            return normalizedRetrievedAddress === normalizedSignerAddress;
         } catch (err) {
             return false;
         }
-- 
cgit v1.2.3