OpenZeppelin · martriay · Jun 29, 2022 · Jun 10, 2022 · Jun 10, 2022 · Jun 10, 2022
diff --git a/docs/Account.md b/docs/Account.md
@@ -159,6 +159,13 @@ If utilizing multicall, send multiple transactions with the `send_transactions`
     )
 ```
 
+### TestEthSigner utility
+
+The `TestEthSigner` class in [utils.py](../tests/utils.py) is used to perform transactions on a given Account with a secp256k1 curve key pair, crafting the transaction and managing nonces. It differs from the `TestSigner` implementation by:
+* not using the public key but its derived address instead (the last 20 bytes of the keccak256 hash of the public key and adding `0x` to the beginning)
+* using keccak to hash transactions
+* signing the message with a secp256k1 curve address
+
 ## Account entrypoint
 
 `__execute__` acts as a single entrypoint for all user interaction with any contract, including managing the account contract itself. That's why if you want to change the public key controlling the Account, you would send a transaction targeting the very Account contract:
@@ -386,6 +393,49 @@ response_len: felt
 response: felt*
 ```
 
+### `is_eth_valid_signature`
+
+Returns `TRUE` if a given signature in the secp256k1 curve is valid, otherwise it reverts. In the future it will return `FALSE` if a given signature is invalid (for more info please check [this issue](https://github.com/OpenZeppelin/cairo-contracts/issues/327)).
+
+Parameters:
+
+```cairo
+hash: felt
+signature_len: felt
+signature: felt*
+```
+
+Returns:
+
+```cairo
+is_valid: felt
+```
+
+> returns `TRUE` if a given signature is valid. Otherwise, reverts. In the future it will return `FALSE` if a given signature is invalid (for more info please check [this issue](https://github.com/OpenZeppelin/cairo-contracts/issues/327)).
+
+### `eth_execute`
+
+This follows the same idea as the vanilla version of `execute` with the sole difference that signature verification is on the secp256k1 curve.
+
+Parameters:
+
+```cairo
+call_array_len: felt
+call_array: AccountCallArray*
+calldata_len: felt
+calldata: felt*
+nonce: felt
+```
+
+> Note that the current signature scheme expects a 7-element array like `[sig_v, uint256_sig_r_low, uint256_sig_r_high, uint256_sig_s_low, uint256_sig_s_high, uint256_hash_low, uint256_hash_high]` given that the parameters of the verification are bigger than a felt.
+
+Returns:
+
+```cairo
+response_len: felt
+response: felt*
+```
+
 ## Account differentiation with ERC165
 
 Certain contracts like ERC721 require a means to differentiate between account contracts and non-account contracts. For a contract to declare itself as an account, it should implement [ERC165](https://eips.ethereum.org/EIPS/eip-165) as proposed in [#100](https://github.com/OpenZeppelin/cairo-contracts/discussions/100). To be in compliance with ERC165 specifications, the idea is to calculate the XOR of `IAccount`'s EVM selectors (not StarkNet selectors). The resulting magic value of `IAccount` is 0x50b70dcb.
@@ -400,7 +450,6 @@ Currently, there's only a single library/preset Account scheme, but we're lookin
 
 * multisig
 * guardian logic like in [Argent's account](https://github.com/argentlabs/argent-contracts-starknet/blob/de5654555309fa76160ba3d7393d32d2b12e7349/contracts/ArgentAccount.cairo)
-* [Ethereum signatures](https://github.com/OpenZeppelin/cairo-contracts/issues/161)
 
 ## L1 escape hatch mechanism
 

diff --git a/src/openzeppelin/account/Account.cairo b/src/openzeppelin/account/Account.cairo
@@ -3,7 +3,7 @@
 
 %lang starknet
 
-from starkware.cairo.common.cairo_builtins import HashBuiltin, SignatureBuiltin
+from starkware.cairo.common.cairo_builtins import HashBuiltin, SignatureBuiltin, BitwiseBuiltin
 
 from openzeppelin.account.library import Account, AccountCallArray
 
@@ -95,7 +95,8 @@ func __execute__{
         syscall_ptr : felt*,
         pedersen_ptr : HashBuiltin*,
         range_check_ptr,
-        ecdsa_ptr: SignatureBuiltin*
+        ecdsa_ptr: SignatureBuiltin*,
+        bitwise_ptr: BitwiseBuiltin*
     }(
         call_array_len: felt,
         call_array: AccountCallArray*,

diff --git a/src/openzeppelin/account/library.cairo b/src/openzeppelin/account/library.cairo
@@ -3,12 +3,13 @@
 from starkware.cairo.common.registers import get_fp_and_pc
 from starkware.starknet.common.syscalls import get_contract_address
 from starkware.cairo.common.signature import verify_ecdsa_signature
-from starkware.cairo.common.cairo_builtins import HashBuiltin, SignatureBuiltin
+from starkware.cairo.common.cairo_builtins import HashBuiltin, SignatureBuiltin, BitwiseBuiltin
 from starkware.cairo.common.alloc import alloc
+from starkware.cairo.common.uint256 import Uint256
 from starkware.cairo.common.memcpy import memcpy
 from starkware.cairo.common.bool import TRUE
 from starkware.starknet.common.syscalls import call_contract, get_caller_address, get_tx_info
-
+from starkware.cairo.common.cairo_secp.signature import verify_eth_signature_uint256
 from openzeppelin.introspection.ERC165 import ERC165
 
 from openzeppelin.utils.constants import IACCOUNT_ID
@@ -141,12 +142,47 @@ namespace Account:
         return (is_valid=TRUE)
     end
 
+ func is_valid_eth_signature{
+            syscall_ptr : felt*,
+            pedersen_ptr : HashBuiltin*,
+            range_check_ptr,
+            bitwise_ptr: BitwiseBuiltin*
+        }(
+            signature_len: felt,
+            signature: felt*
+        ) -> (is_valid: felt):
+        alloc_locals
+        let (_public_key) = get_public_key()
+        let (__fp__, _) = get_fp_and_pc()
+
+        # This interface expects a signature pointer and length to make
+        # no assumption about signature validation schemes.
+        # But this implementation does, and it expects a the sig_v, sig_r, 
+        # sig_s, and hash elements.
+        let sig_v: felt = signature[0]
+        local sig_r : Uint256 = Uint256(low=signature[1], high=signature[2])
+        local sig_s : Uint256 = Uint256(low=signature[3], high=signature[4])
+        local msg_hash : Uint256 = Uint256(low=signature[5], high=signature[6])
+
+        let (local keccak_ptr : felt*) = alloc()
+
+        with keccak_ptr:
+            verify_eth_signature_uint256(
+                msg_hash=msg_hash,
+                r=sig_r,
+                s=sig_s,
+                v=sig_v,
+                eth_address=_public_key)                        
+        end
+
+        return (is_valid=TRUE)
+    end
 
     func execute{
             syscall_ptr : felt*,
             pedersen_ptr : HashBuiltin*,
             range_check_ptr,
-            ecdsa_ptr: SignatureBuiltin*
+            bitwise_ptr: BitwiseBuiltin*
         }(
             call_array_len: felt,
             call_array: AccountCallArray*,
@@ -163,32 +199,47 @@ namespace Account:
 
         let (__fp__, _) = get_fp_and_pc()
         let (tx_info) = get_tx_info()
-        let (_current_nonce) = Account_current_nonce.read()
+        let (local ecdsa_ptr : SignatureBuiltin*) = alloc()
+        with ecdsa_ptr:
+            # validate transaction
+            let (is_valid) = is_valid_signature(tx_info.transaction_hash, tx_info.signature_len, tx_info.signature)
+            with_attr error_message("Account: invalid signature"):
+                assert is_valid = TRUE
+            end
+        end        
+
+        return unsafe_execute(call_array_len, call_array, calldata_len, calldata, nonce)
+    end
 
-        # validate nonce
-        with_attr error_message("Account: nonce is invalid"):
-            assert _current_nonce = nonce
+    func eth_execute{
+            syscall_ptr : felt*,
+            pedersen_ptr : HashBuiltin*,
+            range_check_ptr,
+            bitwise_ptr: BitwiseBuiltin*
+        }(
+            call_array_len: felt,
+            call_array: AccountCallArray*,
+            calldata_len: felt,
+            calldata: felt*,
+            nonce: felt
+        ) -> (response_len: felt, response: felt*):
+        alloc_locals
+
+        let (caller) = get_caller_address()
+        with_attr error_message("Account: no reentrant call"):
+            assert caller = 0
         end
 
-        # TMP: Convert `AccountCallArray` to 'Call'.
-        let (calls : Call*) = alloc()
-        _from_call_array_to_call(call_array_len, call_array, calldata, calls)
-        let calls_len = call_array_len
+        let (__fp__, _) = get_fp_and_pc()
+        let (tx_info) = get_tx_info()
 
-        # validate transaction
-        let (is_valid) = is_valid_signature(tx_info.transaction_hash, tx_info.signature_len, tx_info.signature)
+        # validate transaction        
+        let (is_valid) = is_valid_eth_signature(tx_info.signature_len, tx_info.signature)
         with_attr error_message("Account: invalid signature"):
             assert is_valid = TRUE
         end
-
-        # bump nonce
-        Account_current_nonce.write(_current_nonce + 1)
-
-        # execute call
-        let (response : felt*) = alloc()
-        let (response_len) = _execute_list(calls_len, calls, response)
-
-        return (response_len=response_len, response=response)
+
+        return unsafe_execute(call_array_len, call_array, calldata_len, calldata, nonce)
     end
 
     func _execute_list{syscall_ptr: felt*}(
@@ -240,4 +291,37 @@ namespace Account:
         _from_call_array_to_call(call_array_len - 1, call_array + AccountCallArray.SIZE, calldata, calls + Call.SIZE)
         return ()
     end
+
+    func unsafe_execute{
+            syscall_ptr : felt*,
+            pedersen_ptr : HashBuiltin*,
+            range_check_ptr,
+            bitwise_ptr: BitwiseBuiltin*
+        }(
+            call_array_len: felt,
+            call_array: AccountCallArray*,
+            calldata_len: felt,
+            calldata: felt*, 
+            nonce: felt
+        ) -> (response_len: felt, response: felt*):
+        alloc_locals
+        let (_current_nonce) = Account_current_nonce.read()
+        # validate nonce
+        with_attr error_message("Account: nonce is invalid"):
+             assert _current_nonce = nonce
+        end
+        # bump nonce
+        Account_current_nonce.write(_current_nonce + 1)
+
+        # TMP: Convert `AccountCallArray` to 'Call'.
+        let (calls : Call*) = alloc()
+        _from_call_array_to_call(call_array_len, call_array, calldata, calls)
+        let calls_len = call_array_len
+
+        # execute call
+        let (response : felt*) = alloc()
+        let (response_len) = _execute_list(calls_len, calls, response)
+
+        return (response_len=response_len, response=response)
+    end
 end