-
-
Notifications
You must be signed in to change notification settings - Fork 835
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: Mismatch between processing of typed data when signing and verifying #2306
Comments
Linking: wevm/wagmi#3983 |
My proposed fix is to remove the toLowerCase line, since that modifies the actual signed data. Changing the verification logic would break support for signatures generated by various external tooling. This processing could be provided as a utility function that can be optionally included, and thus selectively plugged into both the verify and sign process. |
I can't seem to reproduce this with mixed casing on the address. FWIW, the |
Hello @njelich. Please provide a minimal reproduction using StackBlitz, TypeScript Playground (for type issues), or a separate minimal GitHub repository. Minimal reproductions are required as they save us a lot of time reproducing your config/environment and issue, and allow us to help you faster. Once a minimal reproduction is added, a team member will confirm it works, then re-open the issue. |
The test breaks if the types are changeed from
to
|
Digging deeper, it in general processes any string that looks like hex, so for example hexspeak usernames also get mangled a bit.
|
Thanks for that! Reproduced and fixing now. |
This issue has been locked since it has been closed for more than 14 days. If you found a concrete bug or regression related to it, please open a new bug report with a reproduction against the latest Viem version. If you have any questions or comments you can create a new discussion thread. |
Is there an existing issue for this?
Package Version
^2.9.25
Current Behavior
The verification fails because of additional processing of typed data struct fields that is different between signTypedData and verifyTypedData
Expected Behavior
The verification should pass.
Steps To Reproduce
POC. The address should contain both uppercase and lowercase characters (according to standard formatting).
Running the above code, the signTypedData will pass, but the verification will fail.
However, if the address is modified only in the verifyTypedData call, it now passess. This implies some additional processing happening before signTypedData is called in viem.
Link to Minimal Reproducible Example (StackBlitz, CodeSandbox, GitHub repo etc.)
No response
Anything else?
Likely a Viem issue, due to the following code in viem/actions/wallet/signTypedData.ts:
The PoC provided is for Wagmi, but I believe its clear enough.
The text was updated successfully, but these errors were encountered: