siwe icon indicating copy to clipboard operation
siwe copied to clipboard
verified publisher icon spruceid

SIWE Doesn't properly handle Multisig Wallet Signatures

Open DobromirKirovLime opened this issue 6 months ago • 0 comments

Description

When using SIWE with multisig wallets (like Gnosis Safe), the signature verification fails with an invalid raw signature length error. This occurs because multisig signatures are longer than standard EOA signatures (65 bytes)

Current Behavior

  1. When a user signs in with a multisig wallet, the signature length is >132 characters (including '0x' prefix)
  2. The SIWE library attempts to verify
  3. This fails with: TypeError: invalid raw signature length (argument="signature", value="0x...", code=INVALID_ARGUMENT)
  4. However, the verification still succeeds

Expected Behavior

The SIWE library should:

  1. Detect multisig signatures (length > 132 characters)
  2. Handle them appropriately without throwing signature length errors

Steps to Reproduce

  1. Set up a SIWE implementation
  2. Use a multisig wallet (e.g., Gnosis Safe) to sign in
  3. The signature will be longer than a standard EOA signature
  4. Attempt to verify the signature using SIWE's verify() method

Code Example

const siweMessage = new SiweMessage(message);
const fields = await siweMessage.verify(
  { signature }, // multisig signature (>132 chars)
  { provider }
);
// Throws: TypeError: invalid raw signature length

Environment

  • SIWE version: 3.0.0
  • Node.js version: 20.18.2

PS

  • The current behavior is confusing because the verification "succeeds" despite the error

DobromirKirovLime avatar Jun 10 '25 12:06 DobromirKirovLime