Using Signatures

close button

Part I

Writing Signatures

Download quests in Questplay

The Grandmasters would like to deploy a contract onto the blockchain that will give out ETH to their followers (aka blessings). Only whitelisted addresses (aka Grandmasters) can:

  1. Approve a new Grandmaster to be whitelisted.

  2. Approve ETH to be transferred from the contract to a specified address.

Correspondingly, anyone can:

  1. Receive ETH from the contract (if approved).

  2. Whitelist themselves as a Grandmaster (if approved).

However, we want to build a contract that allows the Grandmasters to signal approval off-chain (i.e. without having to call any function on the blockchain).

This can be done with signatures! Grandmasters can sign instructions off-chain and hand them to followers. Followers can then submit these signatures to the smart contract to prove that the requested action has been approved.

Let us start by figuring out how to sign messages off-chain. We want to sign two kinds of messages.

1. Invite a Grandmaster

Instruction for the smart contract to promote an address to be a Grandmaster.

  • address : Address of individual to be invited as a Grandmaster [20 bytes long]

2. Receive Blessing

Instruction for the smart contract to transfer ETH to a recipient.

  • address : Address of recipient of blessing [20 bytes long]

  • amount : Amount of blessing (in wei) [32 bytes long]

  • ctr : Number of blessings the recipient has been given beforehand [4 bytes long]

Why add ctr? Without ctr, the contract is vulnerable to a signature replay attack. i.e. the recipient can reuse the signature to withdraw contract funds over and over again.

Grandmasters will be signing the messages by:

  1. First hashing the message using keccak256.

  2. Then, prepend "\x19Ethereum Signed Message:\n32" to the hash.

  3. Hash the message again using keccak256.

  4. Using ECDSA secp256k1 to sign the hash.

Read the walkthrough to understand the motivation behind this standard.

Your Task

Transform the inputs in input/invites.json and input/blessings.json into their corresponding signatures. Log the signatures into output/invites.json and output/blessings.json respectively (create these new files yourself).

The submitted json files must be top-level arrays.

[ "0x04c3b43414...", "0x28159c5701...", // Rest of array ]

Run tests in Questplay

The Grandmasters watch over and bless their followers. Occasionally, they even choose an acolyte to join their ranks.