New Sign and Verify Messages Guide #2011
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
@youssefea is attempting to deploy a commit to the Coinbase Team on Vercel. A member of the Team first needs to authorize it. |
🟡 Heimdall Review Status
|
|
|
||
| Blockchain-based apps use wallet signatures for two main categories: | ||
|
|
||
| 1. **Signatures for offchain verification**: Used for authenticating users in dApps (e.g., Sign-In with Ethereum) to avoid spoofing. The signature is not used for any onchain action. |
There was a problem hiding this comment.
"dApp" -> "app"
We avoid common web3 jargon (including the word web3 which we always convert to onchain). Even if its onchain its still an app
|
|
||
| - Your project can use Wagmi/Viem | ||
| - You're signing an offchain message | ||
| - Your smart wallet can be deployed or undeployed (methods are ERC-6492 compatible) |
There was a problem hiding this comment.
capitalize Smart Wallet
| if (!signature || !account.address || !client) return; | ||
|
|
||
| client | ||
| .verifyMessage({ |
There was a problem hiding this comment.
It may be worth adding a note after the code block or a comment in the code block calling out that wagmi's publicClient.verifyMessage handles verification of both EOA signatures and smart contract wallet signatures and that this is not always the case when using other frameworks.
There was a problem hiding this comment.
added after code block and renamed that section and added details that this is Sign in with ethereum as well as referecing the eip involved (https://eips.ethereum.org/EIPS/eip-4361)
|
|
||
| ### Signing a Simple Message | ||
|
|
||
| The following example demonstrates how to implement basic message signing using a Smart Wallet: |
There was a problem hiding this comment.
Call out that the simple message is a SIWE message since this is a common use case
| - For non-Viem implementations, see alternative approaches below | ||
|
|
||
| :::info | ||
| There is an example implementation of Permit2 using Wagmi in the [wagmi-scw repository](https://github.com/wilsoncusack/wagmi-scw/blob/main/src/components/Permit2.tsx). |
There was a problem hiding this comment.
Nice use of existing working example 👍
|
|
||
| ### Server-side Verification | ||
|
|
||
| You can handle server-side verification using NextJS edge functions such as shown [here](https://github.com/youssefea/ethden2025-sign-tx-csw/blob/main/src/app/api/verify/route.ts): |
There was a problem hiding this comment.
Curious, why have the link to the github and have the code block below? When I see the link my assumption is I have to navigate to it to get the information but then its also below.
There was a problem hiding this comment.
Oh I see they're different. Is the code block below necessary? It isn't explicitly necessary to store the signature in a DB right?
I think it would make more sense to show the linked code block in the block below (and call out that its using viem instead of wagmi since its server side)
There was a problem hiding this comment.
Sorry, this was a mistake. I wanted to show the same code, no database storage. I fixed it.
What changed? Why?
The current guides for signing and verifying messages in the Smart Wallet documentation are not sufficient to answer developers questions about the common issues they are facing.
Based on the existing code which describes components for Signing Simple and Typed Messages (Onchain and Offchain), a new guide has been written and reviewed.
Notes to reviewers
How has it been tested?
Locally