SIWE doesn't work with ERC-4337 (and pre-deployed contracts in general)

[derekchiang]

Right now, SIWE uses ERC-1271 to validate signatures from contract accounts, but it only works if the contract is already deployed. If the contract is pre-deployed (aka "counterfactually deployed"), SIWE won't work.

Pre-deployed contract accounts are becoming increasingly common due to the popularity of ERC-4337, which doesn't deploy the contract account until the first transaction. That was the motivation behind EIP-6492. cc @Ivshti

TLDR: SIWE should implement EIP-6492. Even though the EIP is not yet accepted, implementing 6492 won't break compatibility with existing wallets, and it will ensure that SIWE works with ERC-4337 which is becoming increasingly popular.

[Ivshti]

here's how to implement ERC-6492: AmbireTech/signature-validator#3

or the signature-validator library can be used directly

Alternatively, if you don't wanna use the library, you have to rewrite this method

siwe/packages/siwe/lib/utils.ts

Lines 16 to 32 in 903faa9

	export const checkContractWalletSignature = async (
	message: SiweMessage,
	signature: string,
	provider?: providers.Provider | Signer
	): Promise<boolean> => {
	if (!provider) {
	return false;
	}
	const walletContract = new Contract(message.address, EIP1271_ABI, provider);
	const hashMessage = utils.hashMessage(message.prepareMessage());
	const res = await walletContract.isValidSignature(
	hashMessage,
	signature
	);
	return res == EIP1271_MAGICVALUE;
	};

to do this: https://github.com/AmbireTech/signature-validator/pull/3/files#diff-e727e4bdf3657fd1d798edcd6b099d6e092f8573cba266154583a746bba0f346R36-R49

variables are 100% equivalent but the names are different
SIWE hashMessage -> ambire finalDigest
SIWE message.address -> ambire signer
signature is signature in both places

if you don't feel comfortable with copy pasting the magic contract, you can compile it from source by doing solc contracts/DeploylessUniversalSigValidator.sol --bin in the signature-validator repo

[obstropolos]

Taking a look at this and also very excited for AA and Sign-In with Ethereum. We'll take a look at what compatibility would look like here - and thank you for the example @Ivshti !

[jd1900]

Not news on this?

[Ivshti]

here's something that may help integrating ERC-6492: #153 (comment)

[wminshew]

is there any kind of timeline/roadmap available on when SIWE will support eips 4337/6492?

[Ivshti]

hey @obstropolos, any update?

[0xTranqui]

just started working on a 6492 sign-in implementation and also find myself in this thread. really want to use SIWE but current lack of support means I need to fall back to use ambire tech or viems verifying libraries, which are great, but techincally dont match the SIWE spec. would love to see this

[jxom]

FWIW, 6492 is built into Viem's SIWE implementation. Would highly recommend using it. :D