Illegal EIP712 signature for signTypedData

[chzyer]

Hi, there.

We are receiving some illegal EIP712 signatures from the ledger wallet, the v is 0 or 1. As we know, v should be 27 or 28 as a valid EIP712 signature.

So I'm checking the source code as follows:

eth-ledger-bridge-keyring/index.js

Lines 417 to 430 in 9a87fac

	let v = payload.v - 27
	v = v.toString(16)
	if (v.length < 2) {
	v = `0${v}`
	}
	const signature = `0x${payload.r}${payload.s}${v}`
	const addressSignedWith = sigUtil.recoverTypedSignature_v4({
	data,
	sig: signature,
	})
	if (ethUtil.toChecksumAddress(addressSignedWith) !== ethUtil.toChecksumAddress(withAccount)) {
	throw new Error('Ledger: The signature doesnt match the right address')
	}
	return signature

I guest it minus 27 because it wants to recover the signer, but it forgot to return the original signature. The signature should be return 0x${payload.r}${payload.s}${payload.v}, not return signature

According to this MetaMask/metamask-extension#10240 (comment), I found some projects also have this issue.

• https://github.com/poap-xyz/poap-fun/pull/62
• Support ledger-produced signature gallery-so/go-gallery#164

So I think maybe we can fix the root cause?

[xiaohanzhu]

Any plan to fix this bug?

[mcmire]

It appears that this bug was fixed in #152. We will issue a new release soon.

[cryptoKevinL]

Is this fix in for Ledger Live or for the Ledger/Metamask Integration? We are having the issue as well