Awesome
Signature Validator library
As signatures can be daunting at times, this is a library aiming to implement universal signature verification, supporting:
- Standard message verification (
eth_sign
) - EIP-712 Typed data verification (
eth_signTypedData_v*
) - ERC-1271 Smart contract on-chain verification (
isValidSignature
) - ERC-6492: Signature verification for pre-deploy counterfactual contracts
Usage
Simple eth_sign
verification
import ethers from 'ethers';
import { verifyMessage } from '@ambire/signature-validator';
const provider = new ethers.providers.JsonRpcProvider('https://polygon-rpc.com')
async function run() {
// Replace `ethers.verifyMessage(message, signature) === signer` with this:
const isValidSig = await verifyMessage({
signer: '0xaC39b311DCEb2A4b2f5d8461c1cdaF756F4F7Ae9',
message: 'My funds are SAFU with Ambire Wallet',
signature: '0x9863d84f3119ac01d9e3bf9294e6c0c3572a07780fc7c49e8dc913806f4b1dbd4cc075462dc84422a9b981b2556f9c9197d76da7ba3603e53e9300869c574d821c',
// this is needed so that smart contract signatures can be verified; this property can also be a viem PublicClient
provider,
})
console.log('is the sig valid: ', isValidSig)
}
run().catch(e => console.error(e))
For more examples, you can check the /tests folder
viem support
The provider
property can also be a viem
PublicClient
, as shown in the tests (testConfig.js
).
Porting the library to other languages (eg Golang, Rust)
Porting can be done very easily because the library is now essentially just a single eth_call
, thanks to the univeresal signature verifier being implemented in Solidity here.
Debugging utility / user interface
To test signatures in an easier manner, you can use the signature-validator UI here: https://sigtool.ambire.com/
Security
A formal audit was done on the ERC-6492 reference implementation used here, and all remarks were resolved. You can find the audit here. This repo uses a simplified variant of that reference implementation that the audit also applies to (except all of the issues related to prepare
which is not used here).
Furthermore, you can self-audit the library quite easily as it's only ~80 lines of code (index.js).
Testing
npm i --development
npm test