fix: resolves #3593

Author: jxom

.changeset/lazy-snakes-yawn.md

@@ -0,0 +1,5 @@
+---
+"viem": patch
+---
+
+Added assertion for signature length in signature validation.

src/actions/public/verifyHash.test.ts

@@ -25,10 +25,12 @@ import { http } from '../../clients/transports/http.js'
 import { signMessage as signMessageErc1271 } from '../../experimental/erc7739/actions/signMessage.js'
 import type { Hex } from '../../types/misc.js'
 import {
+  concat,
   encodeFunctionData,
   hashMessage,
   pad,
   serializeErc6492Signature,
+  slice,
   toBytes,
 } from '../../utils/index.js'
 import { parseSignature } from '../../utils/signature/parseSignature.js'
@@ -471,3 +473,18 @@ test('https://github.com/wevm/viem/issues/2484', async () => {
     }),
   ).resolves.toBe(true)
 })
+
+test('https://github.com/wevm/viem/issues/3593', async () => {
+  const signature = await signMessage(client, {
+    account: localAccount,
+    message: 'hello world',
+  })
+
+  expect(
+    verifyHash(client, {
+      address: localAccount.address,
+      hash: hashMessage('hello world'),
+      signature: concat([slice(signature, 0, 64), '0x001b']),
+    }),
+  ).resolves.toBe(false)
+})

src/utils/signature/recoverAddress.ts

@@ -19,5 +19,5 @@ export async function recoverAddress({
   hash,
   signature,
 }: RecoverAddressParameters): Promise<RecoverAddressReturnType> {
-  return publicKeyToAddress(await recoverPublicKey({ hash: hash, signature }))
+  return publicKeyToAddress(await recoverPublicKey({ hash, signature }))
 }

src/utils/signature/recoverPublicKey.ts

@@ -1,6 +1,7 @@
 import type { ErrorType } from '../../errors/utils.js'
 import type { ByteArray, Hex, Signature } from '../../types/misc.js'
 import { type IsHexErrorType, isHex } from '../data/isHex.js'
+import { size } from '../data/size.js'
 import {
   type HexToNumberErrorType,
   hexToBigInt,
@@ -41,6 +42,7 @@ export async function recoverPublicKey({
 
     // typeof signature: `Hex | ByteArray`
     const signatureHex = isHex(signature) ? signature : toHex(signature)
+    if (size(signatureHex) !== 65) throw new Error('invalid signature length')
     const yParityOrV = hexToNumber(`0x${signatureHex.slice(130)}`)
     const recoveryBit = toRecoveryBit(yParityOrV)
     return secp256k1.Signature.fromCompact(