BUG: Latest `aa-sdk` version cannot generate valid EIP712 signatures due to latest signature methodology change in `light-account` repo.
codebuster22 opened this issue · comments
[REQUIRED] Environment
- Browser version:
- AA SDK version:
- Package:
"@alchemy/aa-accounts": "^1.2.0",
"@alchemy/aa-alchemy": "^1.2.0",
"@alchemy/aa-core": "^1.2.0",
[REQUIRED] Describe the problem
Recently, light-account
was updated and new factories were deployed introducing a breaking change. (LightAccount Deploy Commit)
When the light-account
was deployed, they were deployed with a change in smart account signatures breaking the current logic of generating signatures using all aa-sdk
. (Signature method change commit).
What the Signature method change commit
included was a change in methodology to verify signatures which isn't yet implemented in aa-sdk
.
Old Signature Verification logic:
- Accept
digest
andsignature
usingisValidSignature
method. - Use ECDSA or
EIP1271
to verify signature against thedigest
.
The latest version of aa-sdk
generates signature based on the above logic (Old Signature Verification Logic).
New Signature Verification logic:
- Accept
digest
andsignature
usingisValidSignature
method. - encode message data based on EIP712 with an added type
LightAccountMessage(bytes message)
represented by a hashLA_MSG_TYPEHASH
. - Hash the encoded message data and store it in
messageHash
. - Now verify signature using ECDSA or
EIP1271
against themessageHash
.
The current aa-sdk
method signTypedData
doesn't generate signatures based on above logic resulting in all isValidSignature
call to return 0xffffffff
(Invalid Signature).
How to reproduce:
Try to sign a Typed Data using smart account method signTypedData
Current Workaround:
Using old Smart Account factory which didn't include breaking changes. Past deployments can be found here.
Note: I'm working a PR to fixing it.
Thanks for reporting and good catch! totally overlooked this on our end.
If it's helpful, I've been working on a new account impl that has to deal with the same thing here: https://github.com/alchemyplatform/aa-sdk/pull/248/files#diff-fd399725d38fbabb06e3a5e11c980b3f03c51374c3b3f6af4f1b85e1e063f547R57-R113
Since you're already working on a PR I'll let ya handle it so we don't duplicate work, but the above PR could be used as a reference for how LightSmartContractAccount
should be updated to support signing 1271 messages while still signing UOs correctly
@moldy530
Thanks. I'll keep updating my progress and keep eye on your PR.
hey @codebuster22 did you ever submit that PR?
this has been resolved