BUG: Latest `aa-sdk` version cannot generate valid EIP712 signatures due to latest signature methodology change in `light-account` repo.

Question

BUG: Latest `aa-sdk` version cannot generate valid EIP712 signatures due to latest signature methodology change in `light-account` repo.

codebuster22 opened this issue 7 months ago · comments

encrypted8532 | mihir commented 7 months ago

[REQUIRED] Environment

Browser version:
AA SDK version:
Package:

"@alchemy/aa-accounts": "^1.2.0",
"@alchemy/aa-alchemy": "^1.2.0",
"@alchemy/aa-core": "^1.2.0",

[REQUIRED] Describe the problem

Recently, light-account was updated and new factories were deployed introducing a breaking change. (LightAccount Deploy Commit)
When the light-account was deployed, they were deployed with a change in smart account signatures breaking the current logic of generating signatures using all aa-sdk. (Signature method change commit).

What the Signature method change commit included was a change in methodology to verify signatures which isn't yet implemented in aa-sdk.

Old Signature Verification logic:

Accept digest and signature using isValidSignature method.
Use ECDSA or EIP1271 to verify signature against the digest.

The latest version of aa-sdk generates signature based on the above logic (Old Signature Verification Logic).

New Signature Verification logic:

Accept digest and signature using isValidSignature method.
encode message data based on EIP712 with an added type LightAccountMessage(bytes message) represented by a hash LA_MSG_TYPEHASH.
Hash the encoded message data and store it in messageHash.
Now verify signature using ECDSA or EIP1271 against the messageHash.

The current aa-sdk method signTypedData doesn't generate signatures based on above logic resulting in all isValidSignature call to return 0xffffffff (Invalid Signature).

How to reproduce:

Try to sign a Typed Data using smart account method signTypedData

Current Workaround:

Using old Smart Account factory which didn't include breaking changes. Past deployments can be found here.

encrypted8532 | mihir · Answer 1 · Wed Nov 22 2023 02:22:09 GMT+0800 (China Standard Time)

Note: I'm working a PR to fixing it.

Michael Moldoveanu · Answer 2 · Wed Nov 22 2023 07:14:39 GMT+0800 (China Standard Time)

Thanks for reporting and good catch! totally overlooked this on our end.

If it's helpful, I've been working on a new account impl that has to deal with the same thing here: https://github.com/alchemyplatform/aa-sdk/pull/248/files#diff-fd399725d38fbabb06e3a5e11c980b3f03c51374c3b3f6af4f1b85e1e063f547R57-R113

Since you're already working on a PR I'll let ya handle it so we don't duplicate work, but the above PR could be used as a reference for how LightSmartContractAccount should be updated to support signing 1271 messages while still signing UOs correctly

encrypted8532 | mihir · Answer 3 · Wed Nov 22 2023 17:53:07 GMT+0800 (China Standard Time)

@moldy530
Thanks. I'll keep updating my progress and keep eye on your PR.

Ajay Vasisht · Answer 4 · Wed Dec 20 2023 03:50:17 GMT+0800 (China Standard Time)

hey @codebuster22 did you ever submit that PR?

Michael Moldoveanu · Answer 5 · Wed Feb 28 2024 05:09:17 GMT+0800 (China Standard Time)

this has been resolved