Add utility function for converting an address to checksummed string

[cairoeth]

Closes #4633

PR Checklist

• Tests
• Documentation
• Changeset entry (run npx changeset add)

[changeset-bot]

🦋 Changeset detected

Latest commit: 8f11b32

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
openzeppelin-solidity	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[cairoeth]

There's some re-used logic here from toHexString but the main difference is removing the 0x from the string. toHexString adds 0x to the buffer by default, so to use this function it would require removing it form the returned string which would be extra computation just for reusability.

[ernestognw]

I've been trying to come up with a way of reusing the logic of toHexString and I noticed some old behaviors we've kept in the library like providing the expected length of the hex string (which we already know by Math.log256(value) + 1).

Perhaps this PR derives in a broader discussion about how to implement this, but I'd say the simplest option is to rewrite toHexString in the following way:

function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
    if (length < Math.log256(value) + 1) {
        revert StringsInsufficientHexLength(value, length);
    }

    bytes memory buffer = new bytes(2 * length + 2);
    buffer[0] = "0";
    buffer[1] = "x";
    _setHexString(buffer, 2, value);

    return string(buffer);
}

function _setHexString(bytes memory buffer, uint256 offset, uint256 value) internal pure {
    for (uint256 i = buffer.length - 1; i >= offset; --i) {
        buffer[i] = HEX_DIGITS[value & 0xf];
        value >>= 4;
    }
}

This way, we can reuse _setHexString in the new function. Similar to:

function toChecksumHexString(address addr) internal pure returns (string memory) {
    bytes memory lowercase = new bytes(40);
    _setHexString(lowercase, 0, uint160(address);
    bytes32 hashedAddr = keccak256(abi.encodePacked(lowercase));
    ...
}

What do you think?

[cairoeth]

@ernestognw Yes, I was thinking something like that as well -- should we should make _setHexString private as it's not designed to be used outside the library (mainly because it doesn't have any checks on value after the operation)?

[ernestognw]

There's a rust implementation of this checksum algorithm in Foundry (as seen in cast), so it should be relatively trivial to make a PR and request for it to be exposed through VM.sol as with Base64.

With that, we can fuzz the implementation, which would be extremely valuable.
Not required for this PR though, but something to consider given that the changes we're making are somewhat relevant

[cairoeth]

totally -- fuzzing should be used in some of the other utils as well.

[ernestognw]

Agree, feel free to open PRs adding fuzzing or Halmos FV to those utils you consider make sense

[ernestognw]

There's a little consideration in the documentation of getAddress:

• If %%address%% contains both upper-case and lower-case, it is
• assumed to already be a checksum address and its checksum is
• validated, and if the address fails its expected checksum an
• error is thrown.

None of these tests are using mixed-case letters so I'd recommend adding .toLowerCase() according to the same docs:

• If you wish the checksum of %%address%% to be ignore, it should
• be converted to lower-case (i.e. .toLowercase()) before
• being passed in.

Even better, let's rewrite these tests:

const addresses = [...]

describe('toChecksumHexString address', function () {
  for (const addr of addresses) {
    it(`converts ${addr}`, async function () {
      expect(await this.mock.getFunction('$toChecksumHexString(address)')(addr.toLowerCase())).to.equal(
        ethers.getAddress(addr),
      );
    });
  }
});

I'm pushing a commit

[ernestognw]

LGTM, we'll need an approval from @Amxx imo

[Amxx]

computing the log is quite expensive. Checking at the end is less expensive (when everything works fine, which is the case we should optimize for). Any reason to not keep it?

[Amxx]

You often do abi.encodePacked(x) when x is already a bytes. (here and on line 107)

Used like this, abi.encodePacked is the identity function ... the output exactly match the input ... so it is not necessary. One thing that happens however, is that memory is allocated for this copy... there is also a copy loop (or a mcopy if we are lucky).

Anyway, this increasse costs and leaks memory, so we should avoid it!

[Amxx]

This entier function should be done "in place". Allocating two buffers is a waste.

[Amxx]

Redesigned toChecksumHexString to avoid double allocation.

• removed the need for _unsafeSetHexString
• removed the need for HEX_DIGITS_UPPERCASE

[ernestognw]

Right this is extremely cleaner. Thanks!

[cairoeth]

great changes, thxs!

[Amxx]

note: this is safe because we know buffer is 42 bytes long.

[ernestognw]

LGTM again

[gitpoap-bot]

Congrats, your important contribution to this open-source project has earned you a GitPOAP!

GitPOAP: 2024 OpenZeppelin Contracts Contributor:

Head to gitpoap.io & connect your GitHub account to mint!

Learn more about GitPOAPs here.