JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 6081
  • Score
    100M100P100Q123554F
  • License MIT

Signature validation library aiming to verify all different signature types for Ethereum and other EVM chains, including smart contract signatures (EIP 1271) and typed data (EIP 712)

Package Exports

  • @ambire/signature-validator
  • @ambire/signature-validator/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@ambire/signature-validator) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Signature Validator library

As signatures can be daunting at times, this is a library aiming to implement universal signature verification, supporting:

  • Standard message verification (eth_sign)
  • 712 Typed data verification (eth_signTypedData_v*)
  • 1271 Smart contract on-chain verification (isValidSignature)
  • An optional smart contract signature off-chain verification (eg if the smart wallet is counterfactual and not deployed yet)

signature-validator flow

Usage

Simple eth_sign verification

const ethers = require('ethers')
const { verifyMessage } = require('@ambire/signature-validator')

const provider = new ethers.providers.JsonRpcProvider('https://polygon-rpc.com')

async function run() {
    // Replace `ethers.verifyMessage(message, signature) === signer` with this:
    const isValidSig = await verifyMessage({
        signer: '0xaC39b311DCEb2A4b2f5d8461c1cdaF756F4F7Ae9',
        provider,
        message: 'My funds are SAFU with Ambire Wallet',
        signature: '0x9863d84f3119ac01d9e3bf9294e6c0c3572a07780fc7c49e8dc913806f4b1dbd4cc075462dc84422a9b981b2556f9c9197d76da7ba3603e53e9300869c574d821c',
    })
    console.log('is the sig valid: ', isValidSig)
}
run().catch(e => console.error(e))

For more examples, you can check the /tests folder

Security

A formal audit is on the roadmap.

Currently though, you can self-audit the library quite easily as it's only ~80 lines of code (index.js).

Testing

npm i --development
npm test