New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: revised LightAccount v2 1271 sigs #614
Conversation
Updates the `signMessage` and `signTypedData` implementations for `LightAccount` v2. The updated version no longer attempts to use nested typed data to display the original message to the user, as doing so creates a security risk in which valid signing requests can be disguished in a way that concels their original contents. Instead, the new `LightAccount` v2 uses the same signing mechanism as v1.1.0, except that it also prepends an enum indicating if the owner is an EOA or smart contract account, as a way to both save gas and to provide more accurate gas estimates.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but do we need to remove the files for 1271? no big opinion. wdyt? @moldy530
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🐐
@@ -242,7 +231,7 @@ export async function createLightAccountBase({ | |||
case "v1.1.0": | |||
return signWith1271WrapperV1(hashMessage(message)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be await
ed too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return x
and return await x
do the same thing (unless in a try-block), so the linter would probably complain at me.
@@ -242,7 +231,7 @@ export async function createLightAccountBase({ | |||
case "v1.1.0": | |||
return signWith1271WrapperV1(hashMessage(message)); | |||
case "v2.0.0": | |||
const signature = await signMessageV2({ message }); | |||
const signature = await signWith1271WrapperV1(hashMessage(message)); |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
yea we should delete them and ideally open a pr with viem to have them export them |
Yeah, no need to include functions we're not using, we can always get them back from version control if we need them again. |
Updates the
signMessage
andsignTypedData
implementations forLightAccount
v2. The updated version no longer attempts to use nested typed data to display the original message to the user, as doing so creates a security risk in which valid signing requests can be disguished in a way that concels their original contents.Instead, the new
LightAccount
v2 uses the same signing mechanism as v1.1.0, except that it also prepends an enum indicating if the owner is an EOA or smart contract account, as a way to both save gas and to provide more accurate gas estimates.PR-Codex overview
This PR refactors the
createLightAccountBase
function inbase.ts
to remove usage ofgetErc1271SigningFunctions
and directly callsignWith1271WrapperV1
.Detailed summary
getErc1271SigningFunctions
import and direct calls tosignWith1271WrapperV1
.hashDomain.ts
andhashTypedData.ts
.