ECDSA.recover(hash, signature) throwing invalid signature 'v' value", whereas ECDSA.recover(hash, v, r, s) working

[alfheimrShiven]

I'm trying to recover the signature object properties (uint8 v, bytes32 r, bytes32 s) from a signature hash. I'm creating the signature in Foundry as follows.

 function testLockRequestSignatureRecovery() external {
        (address guardian, bytes guardianPK) = vm.getAddrAndKey("guardian");
        // SETUP
        vm.startPrank(guardian);
        bytes32 lockRequest = accountLock.createLockRequest(account);

        (uint8 v, bytes32 r, bytes32 s) = vm.sign(guardianPK, lockRequest);
        bytes memory signature = abi.encodePacked(v, r, s);
        address guardianRecovered = ECDSA.recover(lockRequest, signature); // throws error "ECDSA: invalid signature 'v' value"

        address guardianRecovered = ECDSA.recover(lockRequest, v, r, s); // works!

💻 Environment
Framework: Foundry

📝 Details
When calling ECDSA.recover(lockRequest, signature) the ECDSA contract tries to first retrieve the v, r, s values from the signature using the function tryRecover(bytes32 hash, bytes memory signature) which further calls tryRecover(hash, v, r, s) which throws the error indicating invalid value of v, whereas if I bypass the function tryRecover(bytes32 hash, bytes memory signature) and directly call the ECDSA.tryRecover(hash, v, r, s) function, it works. That concludes that the value of v retrieved by vm.sign(guardianPK, lockRequest) is correct. I can even see it in my logs that v = 27 which is a valid value:

VM::sign(<pk>, 0x46a4a6b86560880572154cc245188597806bacb2ed65aa43fdd0c670c5f762dc) [staticcall]
    │   └─ ← 27, 0x1b5ae0bf91052a8ac3cfbc285fb915cca056865a1db7b832b851e2907107540b, 0x01a519d1066a48c2f4e43fb12f35144065c7dc82ee057f284502d34908703ca5
    └─ ← "ECDSA: invalid signature 'v' value"

🔢 Code to reproduce bug
https://github.com/alfheimrShiven/smart-wallet

🐞Cmd to reproduce bug
forge test --mt testLockRequestConcensysEvaluation -vvvv

[ernestognw]

Hey @alfheimrShiven,

Have you tried following the EIP-2098 format for short signatures?

Here you have some reference in Javascript from our tests. The thing is that you'll get an incompatible short signature just by doing bytes memory signature = abi.encodePacked(v, r, s)

[alfheimrShiven]

Hey @ernestognw , thanks for attending to this. Do you know any utility contract/function that can help me convert my (uint8 v, bytes32 r, bytes32 s) values into a EIP-2098 compatible short signature as required by Openzeppelin's ECDSA contract? I did try a bunch of assembly code but non seem to work.

[ernestognw]

In JS you can use ether's compactSerialized version of the Signature class.

Unfortunately, I don't have an example in Solidity right now, but I don't think it requires assembly, just a bit of bits manipulation as in the reference from our test I just pointed you out.

[alfheimrShiven]

@ernestognw the order in which I was concatenating the v, r, s values to create the signature object was wrong. Hence ECDSA.recover(bytes32 hash, bytes memory signature) was throwing the invalid signature error.
I changed the order of concatenation of v, r, s value to

(uint8 v, bytes32 r, bytes32 s) = vm.sign(guardianPK, digest);
bytes memory signature = abi.encodePacked(r, s, v); // note the order here
ECDSA.recover(digest, signature); // works well