feat(auth): support ERC-6492 signatures for predeployed smart accounts#3683
Draft
joshuakrueger-dfx wants to merge 1 commit intoDFXswiss:developfrom
Draft
feat(auth): support ERC-6492 signatures for predeployed smart accounts#3683joshuakrueger-dfx wants to merge 1 commit intoDFXswiss:developfrom
joshuakrueger-dfx wants to merge 1 commit intoDFXswiss:developfrom
Conversation
joshuakrueger-dfx
requested review from
TaprootFreak and
davidleomay
as code owners
joshuakrueger-dfx
force-pushed
the
feature/wdk-erc6492-auth
branch
from
e09754a to
5b8e84f
Compare
Enables wallets such as Tether's WDK (@tetherto/wdk-wallet-evm-erc-4337) to sign in to DFX before their Safe-style smart account has been deployed on-chain. The existing EVM auth path verifies ECDSA EOA sigs (fast) and ERC-1271 sigs from already-deployed contracts; counterfactual smart accounts fail. - EvmClient.verifyErc6492Signature: delegates to viem's PublicClient.verifyMessage, which transparently dispatches to ERC-6492 (counterfactual) / ERC-1271 (deployed) / ecrecover. Same viem + getEvmChainConfig setup the existing Pimlico services already use for AA concerns. - EvmUtil.hasErc6492MagicSuffix: cheap detector to gate the smart-account path and avoid an unnecessary RPC roundtrip on plain EOA sigs. - CryptoService.verifyEthereumBased: ECDSA local fast-path → on miss, if 6492 magic suffix detected OR address is a deployed contract → universal validator → else false. The same cryptoService.verifySignature is the only sig-check used by authService.signIn / signUp / challenge, so all wallet-registration paths are covered without touching auth.service or the user/wallet domain. Tests: - evm.util.spec.ts: 6 new cases for hasErc6492MagicSuffix - crypto.service.evm.spec.ts: 7 cases covering the full verifyEthereumBased flow with Test.createTestingModule + createMock<T> from @golevelup/ts-jest
joshuakrueger-dfx
force-pushed
the
feature/wdk-erc6492-auth
branch
from
5b8e84f to
00e9b8b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enables wallets such as Tether's WDK (
@tetherto/wdk-wallet-evm-erc-4337) to sign in to DFX before their Safe-style smart account has been deployed on-chain. Currently the EVM auth path verifies ECDSA EOA sigs (fast) and ERC-1271 sigs from already-deployed contracts; counterfactual smart accounts fail. This PR adds ERC-6492 universal verification.What changed
erc6492-validator.const.ts— audited Ambire deploylessUniversalSigValidatorbytecode + ERC-6492 magic suffixEvmClient.verifyErc6492Signature()— singleeth_callcovers ERC-6492 (counterfactual) + ERC-1271 (deployed) + ecrecover; returnsfalseon any error, never throwsEvmUtil.hasErc6492MagicSuffix()— cheap detector to gate the smart-account pathCryptoService.verifyEthereumBased()— flow becomes:false(no extra RPC for plain garbage sigs)The same
cryptoService.verifySignatureis the only sig-check used byauthService.signIn / signUp / challenge, so all wallet-registration paths are covered without touchingauth.serviceor the user/wallet domain.Behaviour matrix
Test plan
tsc --noEmit -p tsconfig.jsoncleaneslintclean across all touched fileserc6492-validator.const.spec.ts(9) — bytecode/suffix integrityevm-client-erc6492.spec.ts(5) — calldata encoding, return handling, RPC error handling (mocked provider)evm.util.spec.ts(15, +6 new) — magic suffix detector edge casescrypto.service.spec.ts(19) — existing routing tests stay greencrypto.service.evm.spec.ts(7) — fullverifyEthereumBasedflow with mocked registry/EvmClientdescribeIfApiKeypattern frompaymaster/__tests__/pimlico-bundler.integration.spec.tsOut of scope (verified, not needed for this PR)
cryptoService.verifySignature, automatically coveredswap.service.ts/sell.service.ts/realunit.service.ts. WDK is self-custodial: user signs their own UserOps, DFX only validates sign-in + receive address (both covered here)References