N-01: add security contact

Author: dcposch

.github/workflows/ci.yml

@@ -23,11 +23,11 @@ jobs:
 
       - run: |
           forge --version
-          forge build --sizes
+          forge build --via-ir --sizes
         id: build
 
       - run: |
-          forge test -vv
+          forge test --via-ir -vv
           forge coverage --ir-minimum --report lcov
           git diff --exit-code
         id: test

README.md

@@ -20,6 +20,7 @@ Our implementation was inspired by [Renaud Dubois/Ledger's FCL library](https://
 Available on any chain. If missing, see `deploy.sh`.
 
 Install with:
+
 - `forge install daimo-eth/p256-verifier`
 - add `p256-verifier/=lib/p256-verifier/src/` to remappings.txt
 
@@ -33,7 +34,7 @@ uint256 x, y; // public key
 bool valid = P256.verifySignature(hash, r, s, x, y);
 ```
 
-Alternately, calling `P256.verifySignatureAllowMalleability` ignores 
+Alternately, calling `P256.verifySignatureAllowMalleability` ignores
 malleability of signatures, matching the behavior specified by the NIST standard
 exactly.
 
@@ -51,7 +52,7 @@ Run `foundryup` to ensure you have the latest foundry. Then,
 ```
 git clone --recurse-submodules [email protected]:daimo-eth/p256-verifier
 cd p256-verifier
-forge test -vv
+forge test --via-ir -vv
 ```
 
 This runs test input and output handling as well as all applicable Wycheproof
@@ -87,7 +88,7 @@ npm test
 # Validate that all vectors also work with EIP-7212
 # Test the fallback contract...
 cd ..
-forge test -vv
+forge test --via-ir -vv
 
 # In future, execution spec and clients can test against the same clean vectors
 ```

src/P256.sol

@@ -2,9 +2,10 @@
 pragma solidity 0.8.21;
 
 /**
- * Helper library for external contracts to verify P256 signatures.
- * Tries to use RIP-7212 precompile if available on the chain, and if not falls
- * back to more expensive Solidity implementation.
+ * @dev Helper library to verify P256 signatures. Uses the RIP-7212 precompile
+ * if available. If unavailable (or if the signature is invalid), falls back to
+ * a more expensive Solidity implementation.
+ * @custom:security-contact [email protected]
  **/
 library P256 {
     address constant PRECOMPILE = address(0x100);

src/P256Verifier.sol

@@ -3,15 +3,16 @@
 pragma solidity 0.8.21;
 
 /**
- * This contract verifies P256 (secp256r1) signatures. It matches the exact
+ * @dev This contract verifies P256 (secp256r1) signatures. It matches the exact
  * interface specified in the EIP-7212 precompile, allowing it to be used as a
  * fallback. It's based on Ledger's optimized implementation:
  * https://github.com/rdubois-crypto/FreshCryptoLib/tree/master/solidity
- **/
+ * @custom:security-contact [email protected]
+ */
 contract P256Verifier {
     /**
-     * Precompiles don't use a function signature. The first byte of callldata
-     * is the first byte of an input argument. In this case:
+     * @dev Precompiles don't use a function signature. The first byte of
+     * calldata is the first byte of an input argument. In this case:
      *
      * input[  0: 32] = signed data hash
      * input[ 32: 64] = signature r

src/WebAuthn.sol

@@ -5,8 +5,9 @@ import "./utils/Base64URL.sol";
 import "./P256.sol";
 
 /**
- * Helper library for external contracts to verify WebAuthn signatures.
- **/
+ * @dev Helper library for verify WebAuthn (aka passkey) signatures.
+ * @custom:security-contact [email protected]
+ */
 library WebAuthn {
     /// Checks whether prefix occurs in the beginning of str.
     function startsWith(