EIP191 signature verification fails on-chain for a signer for different datasets. ecrecover fails to provide same signer address

[jayeshbairagi]

Contract:

/* SPDX-License-Identifier: MIT */
pragma solidity ^0.8.0;

contract Sig {
    function validateSignerAndRequest(
        string[] memory _paths,
        string[] memory _hashes,
        address[] memory _recipients,
        address _owner,
        uint8 _v,
        bytes32 _r,
        bytes32 _s
    ) public pure returns (address) {
        bytes32 requestHash = hashData(_paths, _hashes, _recipients, _owner);
        address signer = verifyDigest(requestHash, _v, _r, _s);

        require(signer == address(_owner), "Req::InvalidSignature");

        return signer;
    }

    function hashData(
        string[] memory _paths,
        string[] memory _hashes,
        address[] memory _recipients,
        address _owner
    ) public pure returns (bytes32) {
        bytes32 computedHash = _hashData(_paths[0], _hashes[0], _recipients[0], _owner);

        if (_recipients.length == 1) {
            return computedHash;
        } else {
            for (uint256 i = 1; i < _recipients.length; i++) {
                bytes32 currentHash = _hashData(_paths[i], _hashes[i], _recipients[i], _owner);
                computedHash = keccak256(abi.encodePacked(currentHash, computedHash));
            }
        }

        return computedHash;
    }

    function _hashData(
        string memory _path,
        string memory _hash,
        address _recipient,
        address _owner
    ) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked(_path, _hash, _recipient, _owner));
    }

    function verifyDigest(
        bytes32 _message,
        uint8 _v,
        bytes32 _r,
        bytes32 _s
    ) private pure returns (address signer) {
        bytes32 messageDigest = keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", _message));
        return ecrecover(messageDigest, _v, _r, _s);
    }
}

GasLimit calculations script:

const { ethers } = require("ethers");

const provider = new ethers.JsonRpcProvider("https://rpc.chiadochain.net");
// Contract address
const contractAddress = "0x88B4C32618B9C26AE1500C6613Ac8a29b2Dc6e9C";
// Contract ABI
const abi = [
  "function validateSignerAndRequest(string[] memory _paths, string[] memory _hashes, address[] memory _recipients, address _owner, uint8 _v, bytes32 _r, bytes32 _s) public pure returns (address)",
  "function hashData(string[] memory _paths, string[] memory _hashes, address[] memory _recipients, address _owner) public pure returns (bytes32)"
];
// Create an instance of the contract with the correct ABI and provider
const contract = new ethers.Contract(contractAddress, abi, provider);
const wallet = new ethers.Wallet("0x5dae2015153fd64f0a26b34e6fac7e68dabe3289d8d47640a203e68ade1b4138");

// Estimate gas for `validateSignerAndRequest`
async function estimateValidateSignerAndRequest(hashDataParams) {
  try {
    const hash = await contract.hashData(...hashDataParams);
    const bytesPayload = ethers.toBeArray(hash);
    const signed = await wallet.signMessage(bytesPayload);
    const sig = ethers.Signature.from(signed);
    const gasEstimate = await contract.validateSignerAndRequest.estimateGas(...hashDataParams, sig.v, sig.r, sig.s);
    console.log("Gas estimate for validateSignerAndRequest:", gasEstimate.toString());
  } catch (error) {
    console.error("Error estimating gas for validateSignerAndRequest:", error);
  }
}

// Run the estimations
(async () => {
  await estimateValidateSignerAndRequest([
    ["/0x07e9fdf8d5d740aaa287de95ac0e934ee8774b7c5fc40195ea4a9e5ca79816ea"],
    ["0x07e9fdf8d5d740aaa287de95ac0e934ee8774b7c5fc40195ea4a9e5ca79816ea"],
    ["0x387893670d81b988fe9f67f568f8b68a5ed56bec"],
    "0x63e2004354c595d1c26e0dfb5dee412832edb0e2"
  ]);
  await estimateValidateSignerAndRequest([
    ["/0x5cfb85d1b7d2a3f88cb4644c5ee0695cb04ad0ed4db2c1de9c4bce6144066508"],
    ["0x5cfb85d1b7d2a3f88cb4644c5ee0695cb04ad0ed4db2c1de9c4bce6144066508"],
    ["0x387893670d81b988fe9f67f568f8b68a5ed56bec"],
    "0x63e2004354c595d1c26e0dfb5dee412832edb0e2"
  ]);
})();

For the above contract and GasLimit calculations script, the first run is successful while the second run is failing with the GasLimit error: "Error estimating gas for validateSignerAndRequest: Error: execution reverted: "Req::InvalidSignature".

As seen in the above contract and script, the validateSignerAndRequest function is used to validate the signer.

The difference between the two runs is the first 2 parameters of the contract call. For both the cases hash is calculated using the hashData function and then signed using the wallet. The signed message is then passed to the validateSignerAndRequest function along with the hashData parameters and the signature. The validateSignerAndRequest function of the contract then verifies the signer on-chain using the verifyDigest function and returns the signer address.

But, the second run fails with the GasLimit error: "Error estimating gas for validateSignerAndRequest: Error: execution reverted: "Req::InvalidSignature".

How can I fix this issue? What is missing? Since the hash calculation and signing process are the same, signed data is just another hash that should be validated if signed by the valid keys for all instances, what is causing the second run to fail?