quetool
commented
3 months ago Thanks @SamORichards! I'll be taking a look ASAP
Closed SamORichards closed 3 months ago
quetool
commented
3 months ago Thanks @SamORichards! I'll be taking a look ASAP
arein
commented
3 months ago @SamORichards are you suggesting we made a breaking change and didn't document it? Or maybe a breaking change that doesn't need to be one? Are you using our AppKit or WalletKit?
Do you have a suggestion on how to fix the issue maybe that helps us understand a bit better where you're coming from :)
SamORichards
commented
3 months ago Hi there, sorry for the lack of detail in the first message. I was still a bit confused myself on what sequence of changes was causing the issues between WalletConnect and SIWE (specifically SIWE-py is the version I am using on my backend server). The issue came down to the EIP-55 address validation in the siwe message body, with EIP-55 being the correct address capitalization. Here is the method I wrote that I use instead of AuthSignature.formatMessage (very rough as I just finished debugging) which works with siwe 2.0 so can be verified by the backend.
import 'package:web3modal_flutter/web3modal_flutter.dart';
String createMessage(String address, String domain, String statement,
String uri, String version, String chainId, String nonce) {
// Address must be EIP55 compliant, if using web3dart, use the hexEip55 method.
DateTime now = DateTime.now();
int millisecondsSinceEpoch = now.millisecondsSinceEpoch;
String iso8601 = DateTime.fromMillisecondsSinceEpoch(millisecondsSinceEpoch)
.toIso8601String();
// Remove microseconds from the ISO 8601 string
int indexOfDot = iso8601.indexOf('.');
String iso8601WithoutMicroseconds =
iso8601.substring(0, indexOfDot + 4) + 'Z';
// Remove 'eip155:' prefix if present and ensure chainId is numeric
String numericChainId = chainId.replaceFirst('eip155:', '');
String correctedAddress = address.replaceFirst("$chainId:", '');
EthereumAddress ethAddress = EthereumAddress.fromHex(correctedAddress);
String checksumAddress = ethAddress.hexEip55;
// Ensure address starts with '0x' and is 40 hexadecimal digits
print(correctedAddress.length);
print(correctedAddress);
assert(correctedAddress.startsWith('0x') && correctedAddress.length == 42);
// Ensure nonce is alphanumeric and has 8 characters
assert(nonce.length >= 8);
// final message
final message =
"$domain wants you to sign in with your Ethereum account:\n$checksumAddress\n\n$statement\n\nURI: $uri\nVersion: $version\nChain ID: $numericChainId\nNonce: $nonce\nIssued At: $iso8601WithoutMicroseconds";
return message;
}Thank you very much, @SamORichards! I'll address this ASAP. This is all I need
EthereumAddress ethAddress = EthereumAddress.fromHex(correctedAddress);
String checksumAddress = ethAddress.hexEip55;In the meantime, you should be able to format your message as simply as this:
EthereumAddress ethAddress = EthereumAddress.fromHex(correctedAddress);
String checksumAddress = ethAddress.hexEip55;
final iss = 'did:pkh:eip155:1:$checksumAddress';
final message = _web3Wallet!.formatAuthMessage(
iss: iss,
cacaoPayload: cacaoRequestPayload,
);Hello @SamORichards ! This was fixed in latest beta! Could you check? https://pub.dev/packages/walletconnect_flutter_v2/versions/2.3.1-beta02/changelog
Is your feature request related to a problem? Please describe. The SIWE 2.0 release made some changes I believe need to be implemented. That being the enforcement of EIP-55 validation EIP-155.
https://github.com/spruceid/siwe/releases/tag/v2.0.3-beta
Describe the solution you'd like Correctly format the address in AuthSignature.formatMessage
Describe alternatives you've considered Manually fixing the message string on the server, but, this then appears to have caused issues with the signature.