morpho-org · MathisGD · Jul 31, 2023 · Jul 11, 2023 · Jul 11, 2023 · Jul 11, 2023
diff --git a/src/Blue.sol b/src/Blue.sol
@@ -11,6 +11,23 @@ import {SafeTransferLib} from "src/libraries/SafeTransferLib.sol";
 uint256 constant WAD = 1e18;
 uint256 constant ALPHA = 0.5e18;
 
+/// @dev The prefix used for EIP-712 signature.
+string constant EIP712_MSG_PREFIX = "\x19\x01";
+
+/// @dev The name used for EIP-712 signature.
+string constant EIP712_NAME = "Blue";
+
+/// @dev The domain typehash used for the EIP-712 signature.
+bytes32 constant EIP712_DOMAIN_TYPEHASH =
+    keccak256("EIP712Domain(string name,uint256 chainId,address verifyingContract)");
+
+/// @dev The typehash for approveManagerWithSig Authorization used for the EIP-712 signature.
+bytes32 constant EIP712_AUTHORIZATION_TYPEHASH =
+    keccak256("Authorization(address delegator,address manager,bool isAllowed,uint256 nonce,uint256 deadline)");
+
+/// @dev The highest valid value for s in an ECDSA signature pair (0 < s < secp256k1n ÷ 2 + 1).
+uint256 constant MAX_VALID_ECDSA_S = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0;
+
 // Market id.
 type Id is bytes32;
 
@@ -24,6 +41,13 @@ struct Market {
     uint256 lltv;
 }
 
+/// @notice Contains the `v`, `r` and `s` parameters of an ECDSA signature.
+struct Signature {
+    uint8 v;
+    bytes32 r;
+    bytes32 s;
+}
+
 using {toId} for Market;
 
 function toId(Market calldata market) pure returns (Id) {
@@ -34,6 +58,10 @@ contract Blue {
     using MathLib for uint256;
     using SafeTransferLib for IERC20;
 
+    // Immutables.
+
+    bytes32 public immutable domainSeparator;
+
     // Storage.
 
     // Owner.
@@ -60,11 +88,16 @@ contract Blue {
     mapping(uint256 => bool) public isLltvEnabled;
     // User's managers.
     mapping(address => mapping(address => bool)) public approval;
+    // User's nonces. Used to prevent replay attacks with EIP-712 signatures.
+    mapping(address => uint256) public userNonce;
 
     // Constructor.
 
     constructor(address newOwner) {
         owner = newOwner;
+
+        domainSeparator =
+            keccak256(abi.encode(EIP712_DOMAIN_TYPEHASH, keccak256(bytes(EIP712_NAME)), block.chainid, address(this)));
     }
 
     // Modifiers.
@@ -127,7 +160,7 @@ contract Blue {
         Id id = market.toId();
         require(lastUpdate[id] != 0, "unknown market");
         require(amount != 0, "zero amount");
-        require(isSenderApprovedFor(onBehalf), "not approved");
+        require(_isSenderApprovedFor(onBehalf), "not approved");
 
         accrueInterests(market, id);
 
@@ -148,7 +181,7 @@ contract Blue {
         Id id = market.toId();
         require(lastUpdate[id] != 0, "unknown market");
         require(amount != 0, "zero amount");
-        require(isSenderApprovedFor(onBehalf), "not approved");
+        require(_isSenderApprovedFor(onBehalf), "not approved");
 
         accrueInterests(market, id);
 
@@ -204,7 +237,7 @@ contract Blue {
         Id id = market.toId();
         require(lastUpdate[id] != 0, "unknown market");
         require(amount != 0, "zero amount");
-        require(isSenderApprovedFor(onBehalf), "not approved");
+        require(_isSenderApprovedFor(onBehalf), "not approved");
 
         accrueInterests(market, id);
 
@@ -251,11 +284,40 @@ contract Blue {
 
     // Position management.
 
+    function setApproval(
+        address delegator,
+        address manager,
+        bool isAllowed,
+        uint256 nonce,
+        uint256 deadline,
+        Signature calldata signature
+    ) external {
+        require(uint256(signature.s) <= MAX_VALID_ECDSA_S, "invalid s");
+        // v ∈ {27, 28} (source: https://ethereum.github.io/yellowpaper/paper.pdf #308)
+        require(signature.v == 27 || signature.v == 28, "invalid v");
+
+        bytes32 structHash =
+            keccak256(abi.encode(EIP712_AUTHORIZATION_TYPEHASH, delegator, manager, isAllowed, nonce, deadline));
+        bytes32 digest = keccak256(abi.encodePacked(EIP712_MSG_PREFIX, domainSeparator, structHash));
+        address signatory = ecrecover(digest, signature.v, signature.r, signature.s);
+
+        require(signatory != address(0) && delegator == signatory, "invalid signatory");
+        require(block.timestamp < deadline, "signature expired");
+
+        require(nonce == userNonce[signatory]++, "invalid nonce");
+
+        _setApproval(signatory, manager, isAllowed);
+    }
+
     function setApproval(address manager, bool isAllowed) external {
-        approval[msg.sender][manager] = isAllowed;
+        _setApproval(msg.sender, manager, isAllowed);
+    }
+
+    function _setApproval(address delegator, address manager, bool isAllowed) internal {
+        approval[delegator][manager] = isAllowed;
     }
 
-    function isSenderApprovedFor(address user) internal view returns (bool) {
+    function _isSenderApprovedFor(address user) internal view returns (bool) {
         return msg.sender == user || approval[user][msg.sender];
     }