Crypto contract bug?

On the docs page for the crypto contract the example uses ECDSA_P256 as the signature algorithm, but the API for the contract mentions the ECDSA_Secp256k1 SignatureAlgorithm.

I’ve tested with it and get the error
"decode public key failed: the signature scheme UNKNOWN is not supported".
when I call keyList.isValid

Is there a bug in the contract, or am I misinterpreting the error and there’s a problem with my code?

Hi Matthew!

Good question, this could be a problem with your code or a bug on the Cadence/node software side.
Could you please post the code you’re trying to run and which produces this error? That would allow us to investigate the issue. Thanks!

Here’s the code I’ve been running. I’ve generated the signature and signedData using web3js’s web3.eth.accounts.sign/web3.eth.accounts.hashMessage functions.

import Crypto
pub fun main() {
    let keyList = Crypto.KeyList()
    let publicKey = Crypto.PublicKey(publicKey: "63d6820c82a9e31dffa9a876b328d9f26f2757f808243498b8ab158165e27d79607ffac074dfc65861adaad9ff14084fce020d9cf60cb1b971b9d176d0a41756".decodeHex(), 
    signatureAlgorithm: Crypto.ECDSA_Secp256k1)
    keyList.add(
        publicKey,
        hashAlgorithm: Crypto.SHA3_256,
        weight: 0.5
    )
    let signatureSet = [
    Crypto.KeyListSignature(
        keyIndex: 0,
        signature:
            "c5fa321c918a598f2abbc1d9f3f890fdbc1db01836e04ab9f93e21f8a13a24495b9b14d7ad6d010bd25e818e46b0667f3aefd05a945ec9bb854d4fb34fd302241c".decodeHex()
    )]

    let signedData = "5c783139457468657265756d205369676e6564204d6573736167653a5c6e3332666f6f".decodeHex()

    keyList.isValid(
    signatureSet: signatureSet, 
    signedData: signedData
    )
}

Thanks in advance!

1 Like

Thanks for sharing the code!

I’ve had a look and it seems like there’s a bug where Crypto contract asks for “ECDSA_Secp256k1”, but it’s named “ECDSA_secp256k1” in the crypto library:

@tarak.by Do you have any preference where we should fix this?

Good catch @MatthewW and @turbolent. I would suggest we update the FVM code to decouple the strings from Cadence and the crypto library.

I’ll open a bug report and will fix this.

Still wanted to mention: isValid only returns a boolean to indicate if the signatures are valid, so currently (if the bug is fixed) the script will always succeed, because the result is not used. Maybe use assert or return it from the script and check the result off-chain.

I’ve opened Fix Crypto.ECDSA_Secp256k1 by turbolent · Pull Request #510 · onflow/flow-go · GitHub to fix this.

@MatthewW Thank you again for reporting this!

Glad to be of service! Thanks for the quick response time.

Hi. I ran into the exact same problem today. I am looking to validate signatures with Ethereum addresses in my contract on Flow.
This information was very helpful.

However I’m still having this issue with the latest version of Flow CLI (v0.15.0).
How do I solve this? :joy:

Currently, this error occurs in the following environments, which makes it difficult to develop and test the functionality I want to achieve. :sweat_drops:

  • Flow CLI v0.15.0 (flow scripts execute command)
  • Flow CLI v0.15.0 + @onflow/fcl 0.0.68-alpha.13
  • Playground

Any advice would be greatly appreciated.

This fix hasn’t made it into Emulator/CLI and Playground yet, we’re working on the next release

1 Like