JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 6081
  • Score
    100M100P100Q123309F
  • License MIT

Signature validation library aiming to verify all different signature types for Ethereum and other EVM chains, including smart contract signatures (EIP 1271) and typed data (EIP 712)

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@ambire/signature-validator) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    Signature Validator library

    As signatures can be daunting at times, this is a library aiming to implement universal signature verification, supporting:

    • Standard message verification (eth_sign)
    • EIP-712 Typed data verification (eth_signTypedData_v*)
    • ERC-1271 Smart contract on-chain verification (isValidSignature)
    • ERC-6492: Signature verification for pre-deploy counterfactual contracts

    Usage

    Simple eth_sign verification

    import ethers from 'ethers';
import { verifyMessage } from '@ambire/signature-validator';

const provider = new ethers.providers.JsonRpcProvider('https://polygon-rpc.com')

async function run() {
    // Replace `ethers.verifyMessage(message, signature) === signer` with this:
    const isValidSig = await verifyMessage({
        signer: '0xaC39b311DCEb2A4b2f5d8461c1cdaF756F4F7Ae9',
        message: 'My funds are SAFU with Ambire Wallet',
        signature: '0x9863d84f3119ac01d9e3bf9294e6c0c3572a07780fc7c49e8dc913806f4b1dbd4cc075462dc84422a9b981b2556f9c9197d76da7ba3603e53e9300869c574d821c',
        // this is needed so that smart contract signatures can be verified; this property can also be a viem PublicClient
        provider,
    })
    console.log('is the sig valid: ', isValidSig)
}
run().catch(e => console.error(e))

    For more examples, you can check the /tests folder

    viem support

    The provider property can also be a viem PublicClient, as shown in the tests (testConfig.js).

    On-chain usage

    For on-chain usage, we've deployed a singleton here: https://etherscan.io/address/0x7dd271fa79df3a5feb99f73bebfa4395b2e4f4be#code

    And it can be deployed at the same address on every othe EVM network thanks to EIP-2470. If you wish to deploy it yourself, just use the singleton factory (use the target network's explorer) and use the bytecode resulted from compiling UniversalSigValidator from EIP-6492 with Solidity 0.8.28 and salt 0x0.

    Please note that onchain use cases are rare, but they do exist. For example, if you have a DEX that stores the user's orders in the form of signed messages that can be applied on-chain by anyone at any time, you may reason that sometimes an account that isn't deployed yet might want to submit such an order.

    Porting the library to other languages (eg Golang, Rust)

    Porting can be done very easily because the library is now essentially just a single eth_call, thanks to the univeresal signature verifier being implemented in Solidity here.

    Debugging utility / user interface

    To test signatures in an easier manner, you can use the signature-validator UI here: https://sigtool.ambire.com/

    Security

    A formal audit was done on the ERC-6492 reference implementation used here, and all remarks were resolved. You can find the audit here. This repo uses a simplified variant of that reference implementation that the audit also applies to (except all of the issues related to prepare which is not used here).

    Furthermore, you can self-audit the library quite easily as it's only ~80 lines of code (index.js).

    Testing

    npm i --development
npm test