WalletConnect / WalletConnectFlutterV2

WalletConnect v2 client made in Dart for Flutter.
https://pub.dev/packages/walletconnect_flutter_v2
Apache License 2.0
116 stars 61 forks source link

SIWE 2.0 EIP-155 #303

Closed SamORichards closed 3 months ago

SamORichards commented 3 months ago

Is your feature request related to a problem? Please describe. The SIWE 2.0 release made some changes I believe need to be implemented. That being the enforcement of EIP-55 validation EIP-155.

https://github.com/spruceid/siwe/releases/tag/v2.0.3-beta

Describe the solution you'd like Correctly format the address in AuthSignature.formatMessage

Describe alternatives you've considered Manually fixing the message string on the server, but, this then appears to have caused issues with the signature.

quetool commented 3 months ago

Thanks @SamORichards! I'll be taking a look ASAP

arein commented 3 months ago

@SamORichards are you suggesting we made a breaking change and didn't document it? Or maybe a breaking change that doesn't need to be one? Are you using our AppKit or WalletKit?

Do you have a suggestion on how to fix the issue maybe that helps us understand a bit better where you're coming from :)

SamORichards commented 3 months ago

Hi there, sorry for the lack of detail in the first message. I was still a bit confused myself on what sequence of changes was causing the issues between WalletConnect and SIWE (specifically SIWE-py is the version I am using on my backend server). The issue came down to the EIP-55 address validation in the siwe message body, with EIP-55 being the correct address capitalization. Here is the method I wrote that I use instead of AuthSignature.formatMessage (very rough as I just finished debugging) which works with siwe 2.0 so can be verified by the backend.

import 'package:web3modal_flutter/web3modal_flutter.dart';

String createMessage(String address, String domain, String statement,
    String uri, String version, String chainId, String nonce) {
  // Address must be EIP55 compliant, if using web3dart, use the hexEip55 method.
  DateTime now = DateTime.now();
  int millisecondsSinceEpoch = now.millisecondsSinceEpoch;
  String iso8601 = DateTime.fromMillisecondsSinceEpoch(millisecondsSinceEpoch)
      .toIso8601String();
  // Remove microseconds from the ISO 8601 string
  int indexOfDot = iso8601.indexOf('.');
  String iso8601WithoutMicroseconds =
      iso8601.substring(0, indexOfDot + 4) + 'Z';

  // Remove 'eip155:' prefix if present and ensure chainId is numeric
  String numericChainId = chainId.replaceFirst('eip155:', '');
  String correctedAddress = address.replaceFirst("$chainId:", '');

  EthereumAddress ethAddress = EthereumAddress.fromHex(correctedAddress);
  String checksumAddress = ethAddress.hexEip55;

  // Ensure address starts with '0x' and is 40 hexadecimal digits
  print(correctedAddress.length);
  print(correctedAddress);
  assert(correctedAddress.startsWith('0x') && correctedAddress.length == 42);

  // Ensure nonce is alphanumeric and has 8 characters
  assert(nonce.length >= 8);

  // final message
  final message =
      "$domain wants you to sign in with your Ethereum account:\n$checksumAddress\n\n$statement\n\nURI: $uri\nVersion: $version\nChain ID: $numericChainId\nNonce: $nonce\nIssued At: $iso8601WithoutMicroseconds";

  return message;
}
quetool commented 3 months ago

Thank you very much, @SamORichards! I'll address this ASAP. This is all I need

EthereumAddress ethAddress = EthereumAddress.fromHex(correctedAddress);
String checksumAddress = ethAddress.hexEip55;
quetool commented 3 months ago

In the meantime, you should be able to format your message as simply as this:

EthereumAddress ethAddress = EthereumAddress.fromHex(correctedAddress);
String checksumAddress = ethAddress.hexEip55;

final iss = 'did:pkh:eip155:1:$checksumAddress';
final message = _web3Wallet!.formatAuthMessage(
  iss: iss,
  cacaoPayload: cacaoRequestPayload,
);
quetool commented 3 months ago

Hello @SamORichards ! This was fixed in latest beta! Could you check? https://pub.dev/packages/walletconnect_flutter_v2/versions/2.3.1-beta02/changelog