[BUIDL Audition Onchain] BE-003: Wallet Signature Verification

[LaGodxy]

PR: Implement Wallet Verification Endpoint using starknet.js

Overview

This PR implements a new /api/v1/auth/verify-wallet endpoint that provides a secure and reusable way to verify wallet ownership through message signatures. The implementation uses starknet.js for signature verification and follows best practices for security, error handling, and performance monitoring.

Key Features

• Robust Signature Verification: Implements cryptographic verification of wallet signatures using starknet.js
• Multiple Signature Format Support: Handles various wallet signature formats (standard, Argent, multi-sig)
• Comprehensive Error Handling: Provides detailed error codes and messages for different failure scenarios
• Performance Monitoring: Tracks processing time and includes detailed logging
• Reusable Design: Can be used for both performer registration and voting workflows

Technical Implementation

• Added new route handler in src/routes/v1/auth.ts
• Extended type definitions in src/types.ts to support the new endpoint
• Implemented comprehensive test suite in tests/wallet-verification.test.js
• Added Bruno API collection for manual testing

Security Considerations

• Input validation for all request parameters
• Wallet address normalization and format validation
• Proper error handling to prevent information leakage
• Chain-specific verification (mainnet/sepolia)

Testing

• Unit tests cover successful verification, invalid signatures, missing fields, and error cases
• Tests for different signature formats (2, 3, and 5 element arrays)
• Manual testing performed using Bruno API collection

How to Use

The endpoint accepts POST requests with the following payload:

{
  "walletAddress": "0x...",
  "message": "Sign this message to authenticate",
  "signature": ["0x...", "0x..."]
}

Response for successful verification:

{
  "error": false,
  "msg": "Wallet verification successful",
  "data": {
    "walletAddress": "0x...",
    "verified": true,
    "timestamp": "2025-06-06T19:42:27.000Z",
    "processingTimeMs": 123
  }
}

Setup Requirements

• No additional environment variables required
• Uses existing STARKNET_SEPOLIA_RPC_API_URL and STARKNET_MAINNET_RPC_API_URL

Future Improvements

• Add rate limiting to prevent abuse
• Implement caching for recently verified wallets
• Create middleware for protected routes that require wallet verification

Related Issues

Closes #44

[jedstroke]

@LaGodxy, please attend to these reviews

[jedstroke]

@LaGodxy, isn't this test supposed to contain the starknet package, or did you preload it with signatures already?

[jedstroke]

'Cause you're supposed to be testing against signed signatures

[jedstroke]

@LaGodxy What's up?

[LaGodxy]

@jedstroke
I'm sorry I have a lot on my plate I won't be able to attend to this please.

[LaGodxy]

@jedstroke
its done.

[jedstroke]

@LaGodxy, what's up?

[jedstroke]

There's a requested change