erecover compute a public key from a signature

[erecover](https://soliditydeveloper.com/ecrecover) [Ethereum Transactions](https://ethereum.org/en/developers/docs/transactions/) A transaction has the following properties Before signing ```json { nonce: "0x00", gasPrice: "0x09184e72a000", gasLimit: "0x27100", to: "0x0000000000000000000000000000000000000000", value: "0x01", data: "0x7f7465737432000000000000000000000000000000000000000000000000000000600057, } ``` After signing ```json { nonce: "0x00", gasPrice: "0x09184e72a000", gasLimit: "0x27100", to: "0x0000000000000000000000000000000000000000", value: "0x01", data: "0x7f7465737432000000000000000000000000000000000000000000000000000000600057", v: "0x26", r: "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e", s: "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663, } ``` *Note that when signing, any change in one of the main Transaction fields, such as nonce, gasPrice, gasLimit, to, value and data will result in a different signature value* The user’s address can be computed with a function that takes as an input the `tx hash`, `v`, `r`, `s` Example ```solidity function recoverSignerFromSignature(uint8 v, bytes32 r, bytes32 s, bytes32 hash) external { address signer = ecrecover(hash, v, r, s); require(signer != address(0), "ECDSA: invalid signature"); } ``` ### Signing standards - **eth_sign**: Allows for signing arbitrary data. Unsafe since users may sign data which is actually a transaction. - **personal_sign:** Prefixes any signed data with "\x19Ethereum Signed Message:\n” making any signed transaction data invalid - **EIP-721:** Ensures users know what they are actually signing by making each signature only be used once at maximum. This is done by signing hashes of all required configuration (data address, chain id, version, data types) + the actual data itself. ### Security Considerations - In some cases **ecrecover** can return a random address instead of 0 for an invalid signature. This is prevented above by the owner address inside the typed data. 1. Signature are [malleable](http://coders-errand.com/malleability-ecdsa-signatures/), meaning you might be able to create a second also valid signature for the same data. In our case we are not using the signature data itself (which one may do as an id for example). 2. An attacker can construct a hash and signature that look valid if the hash is not computed within the contract itself.