UNPKG

@ambire/signature-validator

Version:

Signature validation library aiming to verify all different signature types for Ethereum and other EVM chains, including smart contract signatures (EIP 1271) and typed data (EIP 712)

github.com/AmbireTech/signature-validator

AmbireTech/signature-validator

64 lines (45 loc) 3.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Signature Validator library As signatures can be daunting at times, this is a library aiming to implement universal signature verification, supporting: - Standard message verification (`eth_sign`) - EIP-712 Typed data verification (`eth_signTypedData_v*`) - ERC-1271 Smart contract on-chain verification (`isValidSignature`) - [ERC-6492](https://eips.ethereum.org/EIPS/eip-6492): Signature verification for pre-deploy counterfactual contracts ### Usage --- Simple `eth_sign` verification ```ts import ethers from 'ethers'; import { verifyMessage } from '@ambire/signature-validator'; const provider = new ethers.providers.JsonRpcProvider('https://polygon-rpc.com') async function run() { // Replace `ethers.verifyMessage(message, signature) === signer` with this: const isValidSig = await verifyMessage({ signer: '0xaC39b311DCEb2A4b2f5d8461c1cdaF756F4F7Ae9', message: 'My funds are SAFU with Ambire Wallet', signature: '0x9863d84f3119ac01d9e3bf9294e6c0c3572a07780fc7c49e8dc913806f4b1dbd4cc075462dc84422a9b981b2556f9c9197d76da7ba3603e53e9300869c574d821c', // this is needed so that smart contract signatures can be verified; this property can also be a viem PublicClient provider, }) console.log('is the sig valid: ', isValidSig) } run().catch(e => console.error(e)) ``` For more examples, you can check the /tests folder ### viem support The `provider` property can also be a `viem` `PublicClient`, as shown in the tests (`testConfig.js`). ### On-chain usage For on-chain usage, we've deployed a singleton here: https://etherscan.io/address/0x7dd271fa79df3a5feb99f73bebfa4395b2e4f4be#code And it can be deployed at the same address on every othe EVM network thanks to EIP-2470. If you wish to deploy it yourself, just use the [singleton factory](https://etherscan.io/address/0xce0042B868300000d44A59004Da54A005ffdcf9f) (use the target network's explorer) and use the bytecode resulted from compiling `UniversalSigValidator` from [EIP-6492](https://eips.ethereum.org/EIPS/eip-6492) with Solidity 0.8.28 and salt `0x0`. Please note that onchain use cases are rare, but they do exist. For example, if you have a DEX that stores the user's orders in the form of signed messages that can be applied on-chain by anyone at any time, you may reason that sometimes an account that isn't deployed yet might want to submit such an order. ### Porting the library to other languages (eg Golang, Rust) Porting can be done very easily because the library is now essentially just a single `eth_call`, thanks to the univeresal signature verifier being implemented in Solidity [here](https://github.com/AmbireTech/signature-validator/blob/main/contracts/EIP6492Full.sol). ### Debugging utility / user interface To test signatures in an easier manner, you can use the signature-validator UI here: https://sigtool.ambire.com/ ### Security A formal audit was done on the ERC-6492 reference implementation used here, and all remarks were resolved. You can find the audit [here](./ERC6492-Hunter-Security-Audit-Report-V1.0.pdf). This repo uses a [simplified variant of that reference implementation](./contracts/EIP6492.sol) that the audit also applies to (except all of the issues related to `prepare` which is not used here). Furthermore, you can self-audit the library quite easily as it's only ~80 lines of code (index.js). ### Testing ``` npm i --development npm test ```