Adds EIP-1271 Signature Validation Fallback (#4156)

gregfromstl · gregfromstl · commit f0d6e343eea2 · 2024-08-17T23:43:45.000Z
This PR EIP-1271 fallback for smart contract validation since not all chains support the deployless call used in 6792 flow.

&lt;!-- start pr-codex --&gt;

---

## PR-Codex overview
The focus of this PR is to fix smart contract wallet signature validation on older chains.

### Detailed summary
- Updated the prompt text for signing in on the wallet UI
- Added a fallback to EIP1271 validation for chains not supporting eth_call simulation
- Introduced a new function `verifyEip1271Signature` for EIP1271 signature validation

&gt; ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`

&lt;!-- end pr-codex --&gt;
diff --git a/.changeset/stale-jobs-own.md b/.changeset/stale-jobs-own.md
@@ -0,0 +1,5 @@
+---
+"thirdweb": patch
+---
+
+Fix smart contract wallet signature validation on older chains
diff --git a/packages/thirdweb/src/auth/verify-hash.ts b/packages/thirdweb/src/auth/verify-hash.ts
@@ -8,6 +8,8 @@ import {
 } from "viem";
 import type { Chain } from "../chains/types.js";
 import type { ThirdwebClient } from "../client/client.js";
+import { type ThirdwebContract, getContract } from "../contract/contract.js";
+import { isValidSignature } from "../extensions/erc1271/__generated__/isValidSignature/read/isValidSignature.js";
 import { eth_call } from "../rpc/actions/eth_call.js";
 import { getRpcClient } from "../rpc/rpc.js";
 import { fromBytes } from "../utils/encoding/from-bytes.js";
@@ -110,8 +112,39 @@ export async function verifyHash({
     const hexResult = isHex(result) ? toBytes(result) : result;
     return equalBytes(hexResult, toBytes("0x1"));
   } catch (error) {
+    // Some chains do not support the eth_call simulation and will fail, so we fall back to regular EIP1271 validation
+    const validEip1271 = await verifyEip1271Signature({
+      hash,
+      signature: signatureHex,
+      contract: getContract({
+        chain,
+        address,
+        client,
+      }),
+    }).catch(() => false);
+    if (validEip1271) {
+      return true;
+    }
     // TODO: Improve overall RPC error handling so we can tell if this was an actual verification failure or some other error
     // Verification failed somehow
     return false;
   }
 }
+
+const EIP_1271_MAGIC_VALUE = "0x1626ba7e";
+async function verifyEip1271Signature({
+  hash,
+  signature,
+  contract,
+}: {
+  hash: Hex;
+  signature: Hex;
+  contract: ThirdwebContract;
+}): Promise<boolean> {
+  const result = await isValidSignature({
+    hash,
+    signature,
+    contract,
+  });
+  return result === EIP_1271_MAGIC_VALUE;
+}
diff --git a/packages/thirdweb/src/react/web/ui/ConnectWallet/locale/en.ts b/packages/thirdweb/src/react/web/ui/ConnectWallet/locale/en.ts
@@ -95,7 +95,7 @@ const connectLocaleEn: ConnectLocale = {
     },
     signingScreen: {
       title: "Signing In",
-      prompt: "Sign the signature request in your wallet",
+      prompt: "Signing the signature request in your wallet",
       promptForSafe:
         "Sign signature request in your wallet & approve transaction in Safe",
       approveTransactionInSafe: "Approve transaction in Safe",

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"thirdweb": patch
 +---
++
 +Fix smart contract wallet signature validation on older chains