check that datahash and hash of the pre-image data match

contracts/Safe.sol

@@ -255,6 +255,7 @@ contract Safe is
         for (i = 0; i < requiredSignatures; i++) {
             (v, r, s) = signatureSplit(signatures, i);
             if (v == 0) {
+                require(keccak256(data) == dataHash, "GS027");
                 // If v is 0 then it is a contract signature
                 // When handling contract signatures the address of the contract is encoded into r
                 currentOwner = address(uint160(uint256(r)));

docs/error_codes.md

@@ -19,6 +19,7 @@
 - `GS024`: `Invalid contract signature provided`
 - `GS025`: `Hash has not been approved`
 - `GS026`: `Invalid owner provided`
+- `GS027`: `Data Hash and hash of the pre-image data do not match`
 
 ### General auth related
 - `GS030`: `Only owners can approve a hash`

test/core/Safe.Signatures.spec.ts

@@ -484,5 +484,21 @@ describe("Safe", async () => {
 
             await safe.checkNSignatures(txHash, txHashData, signatures, 3)
         })
+
+        it('should revert if the hash of the pre-image data and dataHash do not match', async () =>{
+            await setupTests()
+            const safe = await getSafeWithOwners([user1.address, user2.address, user3.address, user4.address], 2)
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = buildSignatureBytes([
+                await safeApproveHash(user1, safe, tx, true),
+                await safeApproveHash(user4, safe, tx),
+                await safeSignTypedData(user2, safe, tx)
+            ])
+            await expect(
+                safe.checkNSignatures(txHash, "0x", signatures, 3)
+            ).to.be.revertedWith("GS021")
+        })
     })
 })