x402 icon indicating copy to clipboard operation
x402 copied to clipboard
Published 1 month ago verified publisher icon coinbase

fix: support ERC-6492 signatures from undeployed smart wallets

Open emiliolanzalaco opened this issue 1 month ago • 2 comments

Closes #623

Summary

  • Remove unnecessary smart wallet deployment check that blocked ERC-6492 signatures
  • viem's verifyTypedData already handles ERC-6492 signatures correctly by simulating wallet deployment before signature verification
  • This enables payments from Coinbase Smart Wallet, Privy embedded wallets, and other smart wallets that may not be deployed yet

Problem

The facilitator was rejecting payment signatures from undeployed smart wallets with the error invalid_exact_evm_payload_undeployed_smart_wallet.

However, ERC-6492 defines a standard for signatures from undeployed contracts, and viem's signature verification already supports this standard.

Solution

Remove the bytecode check that was blocking these signatures. The underlying viem verification handles ERC-6492 correctly.

emiliolanzalaco avatar Nov 23 '25 12:11 emiliolanzalaco

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2

cb-heimdall avatar Nov 23 '25 12:11 cb-heimdall

@emiliolanzalaco is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Nov 23 '25 12:11 vercel[bot]

@emiliolanzalaco ERC-6492 signatures will pass verification off-chain, yes. However, when you try to settle a 3009 transfer using an undeployed smart wallet, the settlement will inevitably fail.

When the facilitator settles the payment, it calls transferWithAuthorization on the USDC token contract, which then must validate the signature on-chain.

For smart contract wallets, SignatureChecker.isValidSignatureNow() calls isValidSignature() at the from address. If the wallet isn't deployed, there's no code to call, so the transaction reverts.

Without the check: Verification passes -> user makes request -> settlement reverts on-chain with a vague error: "Invalid signature" With the check: Clear error immediately: "Smart wallet must be deployed before making payments"

However, I agree that the check shouldn't be at the verify step. It be moved to the settlement step instead.

Solutions

  • Use a facilitator that supports sponsored smart wallet deployments as part of settlement (recently added to the CDP Facilitator)
  • Deploy smart wallets first as a one-time operation, then make payments

apmcdermott avatar Nov 24 '25 11:11 apmcdermott

@emiliolanzalaco Related PR that moves the check out of verify and into settle. Verify will still fail for undeployed wallets that aren't 6492 wrapped, since there's no path to success: https://github.com/coinbase/x402/pull/675

apmcdermott avatar Nov 24 '25 12:11 apmcdermott