starknet.js
starknet.js copied to clipboard
starknet-io
account.verifyMessage() is not working with last Braavos account contract
Describe the bug Normally, all account contracts should be conform to SNIP-6 about verification of message. In fact it's not the case : some accounts are not using the right function name, some other are not providing the right response in case of success. And as SNIP-6 isn't defining a standard response in case of non success, everybody is responding his own way.
Here was the situation one month ago :
| account contract | camel case function name | snake case function name | response if success | response if fail |
|---|---|---|---|---|
| Braavos <= 0.0.11 | x | x | 0x01 | Reverted, without specific message |
| ArgentX <= 0.3.0 | x | x | 0x01 | Reverted, with "argent/invalid-signature" message |
| OpenZeppelin <= 0.6.1 | x | "VALID" | 0x00 | |
| OpenZeppelin 0.7.0-0.8.0 | x | x | "VALID" | 0x00 |
To handle all these account contracts, issue #858 and PR #895 have been created and implemented.
As the camel case function name isValidSignature is the only one common to all contracts, it has been used in Starknet.js
Recently, 3 new account contracts have been released :
- Braavos v1.0.0
- ArgentX v0.3.1
- OpenZeppelin v0.9.0
Now the situation is the following :
| account contract | camel case function name | snake case function name | response if success | response if fail |
|---|---|---|---|---|
| Braavos <= 0.0.11 | x | x | 0x01 | Reverted, without specific message |
| Braavos 1.0.0 | x | "VALID" | Reverted, with "INVALID_SIG" message | |
| ArgentX <= 0.3.1 | x | x | 0x01 | Reverted, with "argent/invalid-signature" message |
| OpenZeppelin <= 0.6.1 | x | "VALID" | 0x00 | |
| OpenZeppelin 0.7.0-0.9.0 | x | x | "VALID" | 0x00 |
There is no more 100% of account contracts that handles camel case function name, so the new Braavos contract is throwing an error, complaining that the function name is unknown.
To Reproduce This code will fail :
const signatureBR = await BRaccount.signMessage(typedMessage) as WeierstrassSignatureType;
console.log("BR signature = \n",num.toHex(signatureBR.r),"\n",num.toHex(signatureBR.s));
const resBR = await BRaccount.verifyMessage(typedMessage, signatureBR);
with this error :
Custom Hint Error: Entry point EntryPointSelector(StarkFelt(\"0x0213dfe25e2ca309c4d615a09cfc95fdb2fc7dc73fbcad12c450fe93b1f2ff9e\")) not found in contract.
Expected behavior
Is expected an account.verifyMessage() method that is working with all major account contracts.
Desktop (please complete the following information):
- Browser & version [e.g. chrome, safari, webworker] N/A
- Node version [e.g. 16.0.1] N/A
- Starknet.js version v6.1.4
- Network [devnet, testnet] any
Additional context 2 possibilities identified :
- switch to snake case function name, and loose the compatibility with OZ contract <=0.6.1, that is used in starknet-devnet.
- keep the full compatibility with all contracts ; it will be necessary to verify which case naming is using the current Account instance.
I have something operational with all versions of OpenZeppelin, Argent X & Braavos accounts. I will propose a PR tomorrow.