2.3 Solidity by Example

2.3 Solidity by Example

作者: furnace | 来源:发表于2018-12-04 14:18 被阅读24次

Solidity by Example





在投票时间结束时,winnerProposal() 将返回投票数最多的提案。

pragma solidity >=0.4.22 <0.6.0;

/// @title Voting with delegation.
contract Ballot {
    // This declares a new complex type which will
    // be used for variables later.
    // It will represent a single voter.
    struct Voter {
        uint weight; // weight is accumulated by delegation
        bool voted;  // if true, that person already voted
        address delegate; // person delegated to
        uint vote;   // index of the voted proposal

    // This is a type for a single proposal.
    struct Proposal {
        bytes32 name;   // short name (up to 32 bytes)
        uint voteCount; // number of accumulated votes

    address public chairperson;

    // This declares a state variable that
    // stores a `Voter` struct for each possible address.
    mapping(address => Voter) public voters;

    // A dynamically-sized array of `Proposal` structs.
    Proposal[] public proposals;

    /// Create a new ballot to choose one of `proposalNames`.
    constructor(bytes32[] memory proposalNames) public {
        chairperson = msg.sender;
        voters[chairperson].weight = 1;

        // For each of the provided proposal names,
        // create a new proposal object and add it
        // to the end of the array.
        for (uint i = 0; i < proposalNames.length; i++) {
            // `Proposal({...})` creates a temporary
            // Proposal object and `proposals.push(...)`
            // appends it to the end of `proposals`.
                name: proposalNames[i],
                voteCount: 0

    // Give `voter` the right to vote on this ballot.
    // May only be called by `chairperson`.
    function giveRightToVote(address voter) public {
        // If the first argument of `require` evaluates
        // to `false`, execution terminates and all
        // changes to the state and to Ether balances
        // are reverted.
        // This used to consume all gas in old EVM versions, but
        // not anymore.
        // It is often a good idea to use `require` to check if
        // functions are called correctly.
        // As a second argument, you can also provide an
        // explanation about what went wrong.
            msg.sender == chairperson,
            "Only chairperson can give right to vote."
            "The voter already voted."
        require(voters[voter].weight == 0);
        voters[voter].weight = 1;

    /// Delegate your vote to the voter `to`.
    function delegate(address to) public {
        // assigns reference
        Voter storage sender = voters[msg.sender];
        require(!sender.voted, "You already voted.");

        require(to != msg.sender, "Self-delegation is disallowed.");

        // Forward the delegation as long as
        // `to` also delegated.
        // In general, such loops are very dangerous,
        // because if they run too long, they might
        // need more gas than is available in a block.
        // In this case, the delegation will not be executed,
        // but in other situations, such loops might
        // cause a contract to get "stuck" completely.
        while (voters[to].delegate != address(0)) {
            to = voters[to].delegate;

            // We found a loop in the delegation, not allowed.
            require(to != msg.sender, "Found loop in delegation.");

        // Since `sender` is a reference, this
        // modifies `voters[msg.sender].voted`
        sender.voted = true;
        sender.delegate = to;
        Voter storage delegate_ = voters[to];
        if (delegate_.voted) {
            // If the delegate already voted,
            // directly add to the number of votes
            proposals[delegate_.vote].voteCount += sender.weight;
        } else {
            // If the delegate did not vote yet,
            // add to her weight.
            delegate_.weight += sender.weight;

    /// Give your vote (including votes delegated to you)
    /// to proposal `proposals[proposal].name`.
    function vote(uint proposal) public {
        Voter storage sender = voters[msg.sender];
        require(sender.weight != 0, "Has no right to vote");
        require(!sender.voted, "Already voted.");
        sender.voted = true;
        sender.vote = proposal;

        // If `proposal` is out of the range of the array,
        // this will throw automatically and revert all
        // changes.
        proposals[proposal].voteCount += sender.weight;

    /// @dev Computes the winning proposal taking all
    /// previous votes into account.
    function winningProposal() public view
            returns (uint winningProposal_)
        uint winningVoteCount = 0;
        for (uint p = 0; p < proposals.length; p++) {
            if (proposals[p].voteCount > winningVoteCount) {
                winningVoteCount = proposals[p].voteCount;
                winningProposal_ = p;

    // Calls winningProposal() function to get the index
    // of the winner contained in the proposals array and then
    // returns the name of the winner
    function winnerName() public view
            returns (bytes32 winnerName_)
        winnerName_ = proposals[winningProposal()].name;

Possible Improvements


Blind Auction


Simple Open Auction

以下简单拍卖合约的一般概念是每个人都可以在竞标期间发送出价。出价已包括汇款/以太,以便将投标人与其出价绑定。如果提高出价,那么之前出价最高的出价者会收回她的钱。在投标期结束后,必须手动调用合约以便受益人收到他们的钱 - 合约无法自行激活。

pragma solidity >=0.4.22 <0.6.0;

contract SimpleAuction {
    // Parameters of the auction. Times are either
    // absolute unix timestamps (seconds since 1970-01-01)
    // or time periods in seconds.
    address payable public beneficiary;
    uint public auctionEndTime;

    // Current state of the auction.
    address public highestBidder;
    uint public highestBid;

    // Allowed withdrawals of previous bids
    mapping(address => uint) pendingReturns;

    // Set to true at the end, disallows any change.
    // By default initialized to `false`.
    bool ended;

    // Events that will be emitted on changes.
    event HighestBidIncreased(address bidder, uint amount);
    event AuctionEnded(address winner, uint amount);

    // The following is a so-called natspec comment,
    // recognizable by the three slashes.
    // It will be shown when the user is asked to
    // confirm a transaction.

    /// Create a simple auction with `_biddingTime`
    /// seconds bidding time on behalf of the
    /// beneficiary address `_beneficiary`.
        uint _biddingTime,
        address payable _beneficiary
    ) public {
        beneficiary = _beneficiary;
        auctionEndTime = now + _biddingTime;

    /// Bid on the auction with the value sent
    /// together with this transaction.
    /// The value will only be refunded if the
    /// auction is not won.
    function bid() public payable {
        // No arguments are necessary, all
        // information is already part of
        // the transaction. The keyword payable
        // is required for the function to
        // be able to receive Ether.

        // Revert the call if the bidding
        // period is over.
            now <= auctionEndTime,
            "Auction already ended."

        // If the bid is not higher, send the
        // money back.
            msg.value > highestBid,
            "There already is a higher bid."

        if (highestBid != 0) {
            // Sending back the money by simply using
            // highestBidder.send(highestBid) is a security risk
            // because it could execute an untrusted contract.
            // It is always safer to let the recipients
            // withdraw their money themselves.
            pendingReturns[highestBidder] += highestBid;
        highestBidder = msg.sender;
        highestBid = msg.value;
        emit HighestBidIncreased(msg.sender, msg.value);

    /// Withdraw a bid that was overbid.
    function withdraw() public returns (bool) {
        uint amount = pendingReturns[msg.sender];
        if (amount > 0) {
            // It is important to set this to zero because the recipient
            // can call this function again as part of the receiving call
            // before `send` returns.
            pendingReturns[msg.sender] = 0;

            if (!msg.sender.send(amount)) {
                // No need to call throw here, just reset the amount owing
                pendingReturns[msg.sender] = amount;
                return false;
        return true;

    /// End the auction and send the highest bid
    /// to the beneficiary.
    function auctionEnd() public {
        // It is a good guideline to structure functions that interact
        // with other contracts (i.e. they call functions or send Ether)
        // into three phases:
        // 1. checking conditions
        // 2. performing actions (potentially changing conditions)
        // 3. interacting with other contracts
        // If these phases are mixed up, the other contract could call
        // back into the current contract and modify the state or cause
        // effects (ether payout) to be performed multiple times.
        // If functions called internally include interaction with external
        // contracts, they also have to be considered interaction with
        // external contracts.

        // 1. Conditions
        require(now >= auctionEndTime, "Auction not yet ended.");
        require(!ended, "auctionEnd has already been called.");

        // 2. Effects
        ended = true;
        emit AuctionEnded(highestBidder, highestBid);

        // 3. Interaction

Blind Auction





pragma solidity >0.4.23 <0.6.0;

contract BlindAuction {
    struct Bid {
        bytes32 blindedBid;
        uint deposit;

    address payable public beneficiary;
    uint public biddingEnd;
    uint public revealEnd;
    bool public ended;

    mapping(address => Bid[]) public bids;

    address public highestBidder;
    uint public highestBid;

    // Allowed withdrawals of previous bids
    mapping(address => uint) pendingReturns;

    event AuctionEnded(address winner, uint highestBid);

    /// Modifiers are a convenient way to validate inputs to
    /// functions. `onlyBefore` is applied to `bid` below:
    /// The new function body is the modifier's body where
    /// `_` is replaced by the old function body.
    modifier onlyBefore(uint _time) { require(now < _time); _; }
    modifier onlyAfter(uint _time) { require(now > _time); _; }

        uint _biddingTime,
        uint _revealTime,
        address payable _beneficiary
    ) public {
        beneficiary = _beneficiary;
        biddingEnd = now + _biddingTime;
        revealEnd = biddingEnd + _revealTime;

    /// Place a blinded bid with `_blindedBid` =
    /// keccak256(abi.encodePacked(value, fake, secret)).
    /// The sent ether is only refunded if the bid is correctly
    /// revealed in the revealing phase. The bid is valid if the
    /// ether sent together with the bid is at least "value" and
    /// "fake" is not true. Setting "fake" to true and sending
    /// not the exact amount are ways to hide the real bid but
    /// still make the required deposit. The same address can
    /// place multiple bids.
    function bid(bytes32 _blindedBid)
            blindedBid: _blindedBid,
            deposit: msg.value

    /// Reveal your blinded bids. You will get a refund for all
    /// correctly blinded invalid bids and for all bids except for
    /// the totally highest.
    function reveal(
        uint[] memory _values,
        bool[] memory _fake,
        bytes32[] memory _secret
        uint length = bids[msg.sender].length;
        require(_values.length == length);
        require(_fake.length == length);
        require(_secret.length == length);

        uint refund;
        for (uint i = 0; i < length; i++) {
            Bid storage bidToCheck = bids[msg.sender][i];
            (uint value, bool fake, bytes32 secret) =
                    (_values[i], _fake[i], _secret[i]);
            if (bidToCheck.blindedBid != keccak256(abi.encodePacked(value, fake, secret))) {
                // Bid was not actually revealed.
                // Do not refund deposit.
            refund += bidToCheck.deposit;
            if (!fake && bidToCheck.deposit >= value) {
                if (placeBid(msg.sender, value))
                    refund -= value;
            // Make it impossible for the sender to re-claim
            // the same deposit.
            bidToCheck.blindedBid = bytes32(0);

    // This is an "internal" function which means that it
    // can only be called from the contract itself (or from
    // derived contracts).
    function placeBid(address bidder, uint value) internal
            returns (bool success)
        if (value <= highestBid) {
            return false;
        if (highestBidder != address(0)) {
            // Refund the previously highest bidder.
            pendingReturns[highestBidder] += highestBid;
        highestBid = value;
        highestBidder = bidder;
        return true;

    /// Withdraw a bid that was overbid.
    function withdraw() public {
        uint amount = pendingReturns[msg.sender];
        if (amount > 0) {
            // It is important to set this to zero because the recipient
            // can call this function again as part of the receiving call
            // before `transfer` returns (see the remark above about
            // conditions -> effects -> interaction).
            pendingReturns[msg.sender] = 0;


    /// End the auction and send the highest bid
    /// to the beneficiary.
    function auctionEnd()
        emit AuctionEnded(highestBidder, highestBid);
        ended = true;

Safe Remote Purchase

pragma solidity >=0.4.22 <0.6.0;

contract Purchase {
    uint public value;
    address payable public seller;
    address payable public buyer;
    enum State { Created, Locked, Inactive }
    State public state;

    // Ensure that `msg.value` is an even number.
    // Division will truncate if it is an odd number.
    // Check via multiplication that it wasn't an odd number.
    constructor() public payable {
        seller = msg.sender;
        value = msg.value / 2;
        require((2 * value) == msg.value, "Value has to be even.");

    modifier condition(bool _condition) {

    modifier onlyBuyer() {
            msg.sender == buyer,
            "Only buyer can call this."

    modifier onlySeller() {
            msg.sender == seller,
            "Only seller can call this."

    modifier inState(State _state) {
            state == _state,
            "Invalid state."

    event Aborted();
    event PurchaseConfirmed();
    event ItemReceived();

    /// Abort the purchase and reclaim the ether.
    /// Can only be called by the seller before
    /// the contract is locked.
    function abort()
        emit Aborted();
        state = State.Inactive;

    /// Confirm the purchase as buyer.
    /// Transaction has to include `2 * value` ether.
    /// The ether will be locked until confirmReceived
    /// is called.
    function confirmPurchase()
        condition(msg.value == (2 * value))
        emit PurchaseConfirmed();
        buyer = msg.sender;
        state = State.Locked;

    /// Confirm that you (the buyer) received the item.
    /// This will release the locked ether.
    function confirmReceived()
        emit ItemReceived();
        // It is important to change the state first because
        // otherwise, the contracts called using `send` below
        // can call in again here.
        state = State.Inactive;

        // NOTE: This actually allows both the buyer and the seller to
        // block the refund - the withdraw pattern should be used.



Micropayment Channel


Creating and verifying signatures





  • Alice部署了 ReceiverPays 合约,附加了足够的以太币支付将要支付的款项。
  • Alice通过使用其私钥对消息进行签名来授权付款。
  • Alice将加密签名的消息发送给Bob。消息不需要保密(稍后解释),发送它的机制无关紧要。
  • Bob通过向智能合约提交签名的消息来声明他们的付款,它验证消息的真实性然后释放资金。

Creating the signature

Alice不需要与以太坊网络交互来签署交易,该过程完全脱机。在本教程中,我们将使用 web3.jsMetaMask 在浏览器中使用 EIP-762 中描述的方法对消息进行签名,因为它提供了许多其他安全优势。


/// Hashing first makes things easier var hash = web3.utils.sha3(“message to sign”); web3.eth.personal.sign(hash, web3.eth.defaultAccount, function () { console.log(“Signed”); });


`web3.eth.personal.sign` 将消息的长度添加到签名数据之前。由于我们首先进行散列,因此消息将始终精确地为32字节长,因此该长度前缀始终相同。

What to Sign


  1. 收件人的地址。
  2. 要转移的金额。
  3. 防止重播攻击。


当所有者部署 ReceiverPays 智能合约,进行一些付款,然后销毁合约时,可能会发生另一种类型的重播攻击。之后,他们决定再次部署 RecipientPays 智能合约,但新合约不知道先前部署中使用的nonce,因此攻击者可以再次使用旧消息。

Alice可以通过在消息中包含合约地址来防止此攻击,并且只接受包含合约地址的消息。您可以在本节末尾的完整合约的 claimPayment() 函数的前两行中找到此示例。

Packing arguments

既然我们已经确定了要在签名消息中包含哪些信息,我们就可以将消息放在一起,哈希并对其进行签名。为简单起见,我们将数据连接起来。 ethereumjs-abi 库提供了一个名为 soliditySHA3 的函数,它模仿Solidity的 keccak256 函数的行为,该函数应用于使用 abi.encodePacked 编码的参数。这是一个JavaScript函数,它为 ReceiverPays 示例创建了正确的签名:

// recipient is the address that should be paid.
// amount, in wei, specifies how much ether should be sent.
// nonce can be any unique number to prevent replay attacks
// contractAddress is used to prevent cross-contract replay attacks
function signPayment(recipient, amount, nonce, contractAddress, callback) {
    var hash = "0x" + abi.soliditySHA3(
        ["address", "uint256", "uint256", "address"],
        [recipient, amount, nonce, contractAddress]

    web3.eth.personal.sign(hash, web3.eth.defaultAccount, callback);

Recovering the Message Signer in Solidity

通常,ECDSA签名由两个参数 rs 组成。以太坊中的签名包括第三个名为 v 的参数,您可以使用该参数来验证哪个帐户的私钥用于签署邮件,以及交易的发件人。 Solidity提供了一个内置函数 ecrecover,它接受消息以及 rsv 参数,并返回用于对消息进行签名的地址。

Extracting the Signature Parameters

web3.js生成的签名是 rsv 的串联,因此第一步是将这些参数拆分开来。您可以在客户端执行此操作,但在智能合约中执行此操作意味着您只需要发送一个签名参数而不是三个。将字节数组拆分成组件部分非常麻烦,因此我们使用内联汇编在 splitSignature 函数中完成工作(本节末尾的完整合约中的第三个函数)。

Computing the Message Hash

智能合约需要确切地知道签署了哪些参数,因此必须从参数重新创建消息并将其用于签名验证。函数 prefixedrecoverSignerclaimPayment 函数中执行此操作。

The full contract

pragma solidity >=0.4.24 <0.6.0;

contract ReceiverPays {
    address owner = msg.sender;

    mapping(uint256 => bool) usedNonces;

    constructor() public payable {}

    function claimPayment(uint256 amount, uint256 nonce, bytes memory signature) public {
        usedNonces[nonce] = true;

        // this recreates the message that was signed on the client
        bytes32 message = prefixed(keccak256(abi.encodePacked(msg.sender, amount, nonce, this)));

        require(recoverSigner(message, signature) == owner);


    /// destroy the contract and reclaim the leftover funds.
    function kill() public {
        require(msg.sender == owner);

    /// signature methods.
    function splitSignature(bytes memory sig)
        returns (uint8 v, bytes32 r, bytes32 s)
        require(sig.length == 65);

        assembly {
            // first 32 bytes, after the length prefix.
            r := mload(add(sig, 32))
            // second 32 bytes.
            s := mload(add(sig, 64))
            // final byte (first byte of the next 32 bytes).
            v := byte(0, mload(add(sig, 96)))

        return (v, r, s);

    function recoverSigner(bytes32 message, bytes memory sig)
        returns (address)
        (uint8 v, bytes32 r, bytes32 s) = splitSignature(sig);

        return ecrecover(message, v, r, s);

    /// builds a prefixed hash to mimic the behavior of eth_sign.
    function prefixed(bytes32 hash) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash));

Writing a Simple Payment Channel


What is a Payment Channel?


  1. Alice与Ether合作提供智能合约。这将“打开”付款渠道。
  2. Alice会签署一些消息,指明对接收者的欠款量。每次付款都会重复此步骤。
  3. Bob“关闭”支付渠道,撤回其部分以太网并将剩余部分发送回发件人。




Opening the Payment Channel

要打开支付渠道,Alice会部署智能合约,附加要托管的以太币并指定预期的收件人以及该渠道存在的最长持续时间。这是合同中的 SimplePaymentChannel 函数,在本节末尾。

Making Payments



  • 智能合约的地址,用于防止交叉合同重播攻击。
  • 到目前为止,接收方所欠的以太币总量。

在一系列转账结束时,付款渠道仅关闭一次。因此,只有一条发送的邮件被兑换。这就是为什么每条消息都指定了所欠以太币的累计总量,而不是单个小额支付的金额。收件人自然会选择兑换最新消息,因为这是总数最高的消息。不再需要nonce per-message,因为智能合约仅承认单个消息。智能合约的地址仍用于防止用于一个支付渠道的消息被用于不同的渠道。


function constructPaymentMessage(contractAddress, amount) {
    return abi.soliditySHA3(
        ["address", "uint256"],
        [contractAddress, amount]

function signMessage(message, callback) {
        "0x" + message.toString("hex"),

// contractAddress is used to prevent cross-contract replay attacks.
// amount, in wei, specifies how much Ether should be sent.

function signPayment(contractAddress, amount, callback) {
    var message = constructPaymentMessage(contractAddress, amount);
    signMessage(message, callback);

Closing the Payment Channel


智能合约必须验证邮件是否包含发件人的有效签名。执行此验证的过程与收件人使用的过程相同。 Solidity函数 isValidSignaturerecoverSigner 就像上一节中的JavaScript对应函数一样,后者是从 ReceiverPays 合约借用的函数。

只有支付渠道收件人可以调用 close 函数,该功能自然地传递最近的支付消息,因为该消息具有最高的总欠款。如果允许发件人调用此函数,他们可以提供较低金额的邮件,并欺骗收件人的欠款。

该函数验证签名的消息是否与给定的参数匹配。如果一切都结束,收件人将被发送其以太网的一部分,发送者将通过 selfdestruct 发送其余部分。您可以在完整合约中看到 close 函数。

Channel Expiration

Bob可以随时关闭支付渠道,但如果他们不这样做,Alice需要一种方法来收回他们托管的资金。在合约部署时设置了到期时间。一旦达到该时间,Alice可以调用 claimTimeout 以收回他们的资金。您可以在完整合约中查看 claimTimeout 函数。


The full contract

pragma solidity >=0.4.24 <0.6.0;

contract SimplePaymentChannel {
    address payable public sender;      // The account sending payments.
    address payable public recipient;   // The account receiving the payments.
    uint256 public expiration;  // Timeout in case the recipient never closes.

    constructor (address payable _recipient, uint256 duration)
        sender = msg.sender;
        recipient = _recipient;
        expiration = now + duration;

    function isValidSignature(uint256 amount, bytes memory signature)
        returns (bool)
        bytes32 message = prefixed(keccak256(abi.encodePacked(this, amount)));

        // check that the signature is from the payment sender
        return recoverSigner(message, signature) == sender;

    /// the recipient can close the channel at any time by presenting a
    /// signed amount from the sender. the recipient will be sent that amount,
    /// and the remainder will go back to the sender
    function close(uint256 amount, bytes memory signature) public {
        require(msg.sender == recipient);
        require(isValidSignature(amount, signature));


    /// the sender can extend the expiration at any time
    function extend(uint256 newExpiration) public {
        require(msg.sender == sender);
        require(newExpiration > expiration);

        expiration = newExpiration;

    /// if the timeout is reached without the recipient closing the channel,
    /// then the Ether is released back to the sender.
    function claimTimeout() public {
        require(now >= expiration);

    /// All functions below this are just taken from the chapter
    /// 'creating and verifying signatures' chapter.

    function splitSignature(bytes memory sig)
        returns (uint8 v, bytes32 r, bytes32 s)
        require(sig.length == 65);

        assembly {
            // first 32 bytes, after the length prefix
            r := mload(add(sig, 32))
            // second 32 bytes
            s := mload(add(sig, 64))
            // final byte (first byte of the next 32 bytes)
            v := byte(0, mload(add(sig, 96)))

        return (v, r, s);

    function recoverSigner(bytes32 message, bytes memory sig)
        returns (address)
        (uint8 v, bytes32 r, bytes32 s) = splitSignature(sig);

        return ecrecover(message, v, r, s);

    /// builds a prefixed hash to mimic the behavior of eth_sign.
    function prefixed(bytes32 hash) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash));


`splitSignature` 函数不使用所有安全检查。真正的实现应该使用更严格测试的库,例如openzepplin的[此代码版本](https://github.com/OpenZeppelin/openzeppelin-solidity/blob/master/contracts/cryptography/ECDSA.sol)。

Verifying Payments



  1. 验证消息中的联系地址是否与付款渠道匹配。
  2. 验证新总计是否为预期金额。
  3. 验证新总计不超过托管的以太币数量。
  4. 验证签名是否有效并来自付款渠道发件人。

我们将使用 [ethereumjs-util](https://github.com/ethereumjs/ethereumjs-util) 库来编写此验证。最后一步可以通过多种方式完成,我们使用JavaScript。以下代码借用了上面签名 JavaScript代码 中的 constructMessage 函数:

// this mimics the prefixing behavior of the eth_sign JSON-RPC method.
function prefixed(hash) {
    return ethereumjs.ABI.soliditySHA3(
        ["string", "bytes32"],
        ["\x19Ethereum Signed Message:\n32", hash]

function recoverSigner(message, signature) {
    var split = ethereumjs.Util.fromRpcSig(signature);
    var publicKey = ethereumjs.Util.ecrecover(message, split.v, split.r, split.s);
    var signer = ethereumjs.Util.pubToAddress(publicKey).toString("hex");
    return signer;

function isValidSignature(contractAddress, amount, signature, expectedSigner) {
    var message = prefixed(constructPaymentMessage(contractAddress, amount));
    var signer = recoverSigner(message, signature);
    return signer.toLowerCase() ==


项目源代码会逐步上传到 Github,地址为 https://github.com/windstamp/dapp


  1. Windstamp, https://github.com/windstamp


  1. https://solidity.readthedocs.io/en/v0.5.0/
  2. https://solidity-cn.readthedocs.io/zh/develop/
  3. https://github.com/ethereum/web3.js
  4. https://metamask.io/
  5. https://github.com/ethereum/EIPs/pull/712
  6. https://github.com/OpenZeppelin/openzeppelin-solidity/blob/master/contracts/cryptography/ECDSA.sol
  7. https://github.com/ethereumjs/ethereumjs-util



    本文标题:2.3 Solidity by Example
