On the current Blend implementation, lenders create offchain loan offers by signing them. Then when a borrower wants to take a loan. It sends a transaction and Blend verifies the loan offer and signature. The problem is that it verifies that the signature corresponds to the address with ECDSA. And this can only be done with Externally Owned Accounts and not smart contracts.
This is a huge problem for composability as protocols cannot build on top of Blend.
The solution is to use the already well-known ERC-1271
This EIP support smart contracts as signers by calling the function isValidSignature(hash, signature) on the contract.
So instead of only veryfing the signer with ECDSA the solution would be:
function _verify(
address signer,
bytes32 digest,
uint8 v,
bytes32 r,
bytes32 s
) internal view {
if (v != 27 && v != 28) {
revert InvalidVParameter();
}
bool isContract;
assembly {
isContract := gt(extcodesize(signer), 0)
}
if (isContract) {
if (
IERC1271(signer).isValidSignature(
digest,
encodeSignature(r, s, v)
) != bytes4(keccak256("isValidSignature(bytes32,bytes)"))
) {
revert InvalidSignature();
}
} else {
address recoveredSigner = ecrecover(digest, v, r, s);
if (recoveredSigner == address(0) || signer != recoveredSigner) {
revert InvalidSignature();
}
}
}