Merge pull request #895 from PhilippeR26/fix-verifyMessage

fix: solve wrong response for account.verifyMessage
starknet-io · Jan 23, 2024 · 1c0f7d2 · 1c0f7d2
2 parents 3159e4a + 1abf91f
commit 1c0f7d2
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 17 deletions.
diff --git a/__tests__/account.test.ts b/__tests__/account.test.ts
@@ -399,7 +399,7 @@ describe('deploy and test Wallet', () => {
     expect(toBigInt(response.number as string).toString()).toStrictEqual('57');
   });
 
-  test('sign and verify offchain message fail', async () => {
+  test('sign and verify EIP712 message fail', async () => {
     const signature = await account.signMessage(typedDataExample);
     const [r, s] = stark.formatSignature(signature);
 
@@ -410,12 +410,17 @@ describe('deploy and test Wallet', () => {
 
     if (!signature2) return;
 
-    expect(await account.verifyMessage(typedDataExample, signature2)).toBe(false);
+    const verifMessageResponse: boolean = await account.verifyMessage(typedDataExample, signature2);
+    expect(verifMessageResponse).toBe(false);
+
+    const wrongAccount = new Account(provider, '0x037891', '0x026789', undefined, TEST_TX_VERSION); // non existing account
+    await expect(wrongAccount.verifyMessage(typedDataExample, signature2)).rejects.toThrow();
   });
 
-  test('sign and verify offchain message', async () => {
+  test('sign and verify message', async () => {
     const signature = await account.signMessage(typedDataExample);
-    expect(await account.verifyMessage(typedDataExample, signature)).toBe(true);
+    const verifMessageResponse: boolean = await account.verifyMessage(typedDataExample, signature);
+    expect(verifMessageResponse).toBe(true);
   });
 
   describe('Contract interaction with Account', () => {

diff --git a/src/account/default.ts b/src/account/default.ts
@@ -550,17 +550,30 @@ export class Account extends Provider implements AccountInterface {
 
   public async verifyMessageHash(hash: BigNumberish, signature: Signature): Promise<boolean> {
     try {
-      await this.callContract({
+      const resp = await this.callContract({
         contractAddress: this.address,
         entrypoint: 'isValidSignature',
         calldata: CallData.compile({
           hash: toBigInt(hash).toString(),
           signature: formatSignature(signature),
         }),
       });
+      if (BigInt(resp[0]) === 0n) {
+        // OpenZeppelin 0.8.0 invalid signature
+        return false;
+      }
+      // OpenZeppelin 0.8.0, ArgentX 0.3.0 & Braavos Cairo 0 valid signature
       return true;
-    } catch {
-      return false;
+    } catch (err) {
+      if (
+        ['argent/invalid-signature', 'is invalid, with respect to the public key'].some(
+          (errMessage) => (err as Error).message.includes(errMessage)
+        )
+      ) {
+        // ArgentX 0.3.0 invalid signature, Braavos Cairo 0 invalid signature
+        return false;
+      }
+      throw Error(`Signature verification request is rejected by the network: ${err}`);
     }
   }
 

diff --git a/www/docs/guides/signature.md b/www/docs/guides/signature.md
@@ -174,17 +174,11 @@ const signature2 = await account.signMessage(typedDataValidate) as WeierstrassSi
 On the receiver side, you receive the JSON, the signature, and the account address. To verify the message:
 
 ```typescript
-const compiledAccount = json.parse(fs.readFileSync("./compiledContracts/Account_0_5_1.json").toString("ascii"));
-const contractAccount = new Contract(compiledAccount.abi, accountAddress, provider);
-
-const msgHash5 = typedData.getMessageHash(typedDataValidate, accountAddress);
-// The call of isValidSignature will generate an error if not valid
-let result5: boolean;
+const myAccount = new Account(provider, accountAddress, "0x0123"); // fake private key
 try {
-    await contractAccount.isValidSignature(msgHash5, [signature2.r, signature2.s]);
-    result5 = true;
+    const result = await myAccount.verifyMessage(typedMessage, signature);
+    console.log("Result (boolean) =", result);
 } catch {
-    result5 = false;
+    console.log("verification failed :", result.error);
 }
-console.log("Result5 (boolean) =", result5);
 ```