thirdweb 5.32.2 → 5.33.0

package/src/auth/constants.ts

@@ -0,0 +1,30 @@
+export const ERC_6492_MAGIC_VALUE =
+  "0x6492649264926492649264926492649264926492649264926492649264926492" as const;
+
+// returns either 0x1 (valid) or 0x0 (invalid)
+export const universalSignatureValidatorAbi = [
+  {
+    inputs: [
+      {
+        internalType: "address",
+        name: "_signer",
+        type: "address",
+      },
+      {
+        internalType: "bytes32",
+        name: "_hash",
+        type: "bytes32",
+      },
+      {
+        internalType: "bytes",
+        name: "_signature",
+        type: "bytes",
+      },
+    ],
+    stateMutability: "nonpayable",
+    type: "constructor",
+  },
+] as const;
+
+export const universalSignatureValidatorByteCode =
+  "0x60806040523480156200001157600080fd5b50604051620007003803806200070083398101604081905262000034916200056f565b6000620000438484846200004f565b9050806000526001601ff35b600080846001600160a01b0316803b806020016040519081016040528181526000908060200190933c90507f6492649264926492649264926492649264926492649264926492649264926492620000a68462000451565b036200021f57600060608085806020019051810190620000c79190620005ce565b8651929550909350915060000362000192576000836001600160a01b031683604051620000f5919062000643565b6000604051808303816000865af19150503d806000811462000134576040519150601f19603f3d011682016040523d82523d6000602084013e62000139565b606091505b5050905080620001905760405162461bcd60e51b815260206004820152601e60248201527f5369676e617475726556616c696461746f723a206465706c6f796d656e74000060448201526064015b60405180910390fd5b505b604051630b135d3f60e11b808252906001600160a01b038a1690631626ba7e90620001c4908b90869060040162000661565b602060405180830381865afa158015620001e2573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906200020891906200069d565b6001600160e01b031916149450505050506200044a565b805115620002b157604051630b135d3f60e11b808252906001600160a01b03871690631626ba7e9062000259908890889060040162000661565b602060405180830381865afa15801562000277573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906200029d91906200069d565b6001600160e01b031916149150506200044a565b8251604114620003195760405162461bcd60e51b815260206004820152603a6024820152600080516020620006e083398151915260448201527f3a20696e76616c6964207369676e6174757265206c656e677468000000000000606482015260840162000187565b620003236200046b565b506020830151604080850151855186939260009185919081106200034b576200034b620006c9565b016020015160f81c9050601b81148015906200036b57508060ff16601c14155b15620003cf5760405162461bcd60e51b815260206004820152603b6024820152600080516020620006e083398151915260448201527f3a20696e76616c6964207369676e617475726520762076616c75650000000000606482015260840162000187565b6040805160008152602081018083528a905260ff83169181019190915260608101849052608081018390526001600160a01b038a169060019060a0016020604051602081039080840390855afa1580156200042e573d6000803e3d6000fd5b505050602060405103516001600160a01b031614955050505050505b9392505050565b60006020825110156200046357600080fd5b508051015190565b60405180606001604052806003906020820280368337509192915050565b6001600160a01b03811681146200049f57600080fd5b50565b634e487b7160e01b600052604160045260246000fd5b60005b83811015620004d5578181015183820152602001620004bb565b50506000910152565b600082601f830112620004f057600080fd5b81516001600160401b03808211156200050d576200050d620004a2565b604051601f8301601f19908116603f01168101908282118183101715620005385762000538620004a2565b816040528381528660208588010111156200055257600080fd5b62000565846020830160208901620004b8565b9695505050505050565b6000806000606084860312156200058557600080fd5b8351620005928162000489565b6020850151604086015191945092506001600160401b03811115620005b657600080fd5b620005c486828701620004de565b9150509250925092565b600080600060608486031215620005e457600080fd5b8351620005f18162000489565b60208501519093506001600160401b03808211156200060f57600080fd5b6200061d87838801620004de565b935060408601519150808211156200063457600080fd5b50620005c486828701620004de565b6000825162000657818460208701620004b8565b9190910192915050565b828152604060208201526000825180604084015262000688816060850160208701620004b8565b601f01601f1916919091016060019392505050565b600060208284031215620006b057600080fd5b81516001600160e01b0319811681146200044a57600080fd5b634e487b7160e01b600052603260045260246000fdfe5369676e617475726556616c696461746f72237265636f7665725369676e6572";

package/src/auth/core/verify-jwt.ts

@@ -1,6 +1,6 @@
 import { deccodeJWT } from "../../utils/jwt/decode-jwt.js";
 import type { JWTPayload } from "../../utils/jwt/types.js";
-import { verifyEOASignature } from "../verifySignature.js";
+import { verifyEOASignature } from "../verify-signature.js";
 import type { AuthOptions } from "./types.js";
 
 export type VerifyJWTParams = {

package/src/auth/core/verify-login-payload.ts

@@ -1,5 +1,5 @@
 import { getCachedChain } from "../../chains/utils.js";
-import { verifySignature } from "../verifySignature.js";
+import { verifySignature } from "../verify-signature.js";
 import { DEFAULT_LOGIN_STATEMENT, DEFAULT_LOGIN_VERSION } from "./constants.js";
 import { createLoginMessage } from "./create-login-message.js";
 import type { AuthOptions, LoginPayload } from "./types.js";

package/src/auth/is-erc6492-signature.test.ts

@@ -0,0 +1,26 @@
+import { describe, expect, it } from "vitest";
+import { ANVIL_PKEY_A } from "../../test/src/test-wallets.js";
+import { signMessage } from "../utils/signatures/sign-message.js";
+import { isErc6492Signature } from "./is-erc6492-signature.js";
+import { serializeErc6492Signature } from "./serialize-erc6492-signature.js";
+
+describe("default", () => {
+  const signature = signMessage({
+    message: "hello world",
+    privateKey: ANVIL_PKEY_A,
+  });
+
+  it("should return false for a standard signature", async () => {
+    expect(isErc6492Signature(signature)).toBe(false);
+  });
+
+  it("should return true for an ERC-6492 signature", () => {
+    const signatureWithMagicValue = serializeErc6492Signature({
+      address: "0xcafebabecafebabecafebabecafebabecafebabe",
+      data: "0xdeadbeef",
+      signature,
+    });
+
+    expect(isErc6492Signature(signatureWithMagicValue)).toBe(true);
+  });
+});

package/src/auth/is-erc6492-signature.ts

@@ -0,0 +1,23 @@
+import { sliceHex } from "viem";
+import type { Hex } from "../utils/encoding/hex.js";
+import { ERC_6492_MAGIC_VALUE } from "./constants.js";
+
+/**
+ * @description Determines if a signature is compatible with [ERC6492](https://eips.ethereum.org/EIPS/eip-6492)
+ *
+ * @param {Hex} signature The signature to check for ERC6492 compatibility
+ *
+ * @returns {boolean} True if the signature is compatible with ERC6492, false otherwise
+ *
+ * @example
+ * ```ts
+ * import { isErc6492Signature } from 'thirdweb/auth';
+ *
+ * const isErc6492 = isErc6492Signature('0x1234567890123456789012345678901234567890');
+ * ```
+ *
+ * @auth
+ */
+export function isErc6492Signature(signature: Hex): boolean {
+  return sliceHex(signature, -32) === ERC_6492_MAGIC_VALUE;
+}

package/src/auth/parse-erc6492-signature.test.ts

@@ -0,0 +1,30 @@
+import { describe } from "node:test";
+import { expect, it } from "vitest";
+import { ANVIL_PKEY_A } from "../../test/src/test-wallets.js";
+import { signMessage } from "../utils/signatures/sign-message.js";
+import { parseErc6492Signature } from "./parse-erc6492-signature.js";
+
+describe("parseErc6492Signature", () => {
+  const signature = signMessage({
+    message: "hello world",
+    privateKey: ANVIL_PKEY_A,
+  });
+
+  it("should return original signature for non-ERC-6492 signature", () => {
+    expect(parseErc6492Signature(signature)).toEqual({ signature });
+  });
+
+  it("should return object with address, data, and signature for ERC-6492 signature", () => {
+    expect(
+      parseErc6492Signature(
+        "0x000000000000000000000000cafebabecafebabecafebabecafebabecafebabe000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000004deadbeef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000041a461f509887bd19e312c0c58467ce8ff8e300d3c1a90b608a760c5b80318eaf15fe57c96f9175d6cd4daad4663763baa7e78836e067d0163e9a2ccf2ff753f5b1b000000000000000000000000000000000000000000000000000000000000006492649264926492649264926492649264926492649264926492649264926492",
+      ),
+    ).toMatchInlineSnapshot(`
+        {
+          "address": "0xCafEBAbECAFEbAbEcaFEbabECAfebAbEcAFEBaBe",
+          "data": "0xdeadbeef",
+          "signature": "0xa461f509887bd19e312c0c58467ce8ff8e300d3c1a90b608a760c5b80318eaf15fe57c96f9175d6cd4daad4663763baa7e78836e067d0163e9a2ccf2ff753f5b1b",
+        }
+      `);
+  });
+});

package/src/auth/parse-erc6492-signature.ts

@@ -0,0 +1,38 @@
+import { decodeAbiParameters, isErc6492Signature } from "viem";
+import type { Hex } from "../utils/encoding/hex.js";
+import type { OneOf } from "../utils/type-utils.js";
+import type { Erc6492Signature } from "./types.js";
+
+export type ParseErc6492SignatureReturnType = OneOf<
+  Erc6492Signature | { signature: Hex }
+>;
+
+/**
+ * @description Parses a serialized ({@link Hex}) [ERC-6492](https://eips.ethereum.org/EIPS/eip-6492) signature.
+ * If the signature is not in ERC-6492 format, the original signature is returned.
+ *
+ * @param {Hex} signature The signature to parse
+ *
+ * @returns {@link ParseErc6492SignatureReturnType} The parsed (or original) signature
+ *
+ * @example
+ * ```ts
+ * import { parseErc6492Signature } from 'thirdweb/auth';
+ *
+ * const parsedSignature = parseErc6492Signature('0x1234567890123456789012345678901234567890');
+ * ```
+ * @auth
+ */
+export function parseErc6492Signature(
+  signature: Hex,
+): ParseErc6492SignatureReturnType {
+  if (!isErc6492Signature(signature)) {
+    return { signature };
+  }
+
+  const [address, data, originalSignature] = decodeAbiParameters(
+    [{ type: "address" }, { type: "bytes" }, { type: "bytes" }],
+    signature,
+  );
+  return { address: address, data, signature: originalSignature };
+}

package/src/auth/serialize-erc6492-signature.test.ts

@@ -0,0 +1,23 @@
+import { describe, expect, it } from "vitest";
+import { ANVIL_PKEY_A } from "../../test/src/test-wallets.js";
+import { signMessage } from "../utils/signatures/sign-message.js";
+import { serializeErc6492Signature } from "./serialize-erc6492-signature.js";
+
+describe("serializeErc6492Signature", () => {
+  const signature = signMessage({
+    message: "hello world",
+    privateKey: ANVIL_PKEY_A,
+  });
+
+  it("should serialize a signature", () => {
+    expect(
+      serializeErc6492Signature({
+        address: "0xcafebabecafebabecafebabecafebabecafebabe",
+        data: "0xdeadbeef",
+        signature,
+      }),
+    ).toMatchInlineSnapshot(
+      `"0x000000000000000000000000cafebabecafebabecafebabecafebabecafebabe000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000004deadbeef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000041a461f509887bd19e312c0c58467ce8ff8e300d3c1a90b608a760c5b80318eaf15fe57c96f9175d6cd4daad4663763baa7e78836e067d0163e9a2ccf2ff753f5b1b000000000000000000000000000000000000000000000000000000000000006492649264926492649264926492649264926492649264926492649264926492"`,
+    );
+  });
+});

package/src/auth/serialize-erc6492-signature.ts

@@ -0,0 +1,42 @@
+import { encodeAbiParameters } from "../utils/abi/encodeAbiParameters.js";
+import { concatHex } from "../utils/encoding/helpers/concat-hex.js";
+import type { Hex } from "../utils/encoding/hex.js";
+import { ERC_6492_MAGIC_VALUE } from "./constants.js";
+import type { Erc6492Signature } from "./types.js";
+
+/**
+ * @description Serializes a signature for use with [ERC-6492](https://eips.ethereum.org/EIPS/eip-6492). The signature must be generated by a signer for an [ERC-4337](https://eips.ethereum.org/EIPS/eip-4337) Account Factory account with counterfactual deployment addresses.
+ *
+ * @param {@link Erc6492Signature} signature  The signature object to serialize into Hex format
+ * @param {string} signature.address The ERC-4337 Account Factory address
+ * @param {Hex} signature.data Account deployment calldata (if not deployed) for counterfactual verification
+ * @param {Hex} signature.signature The original signature
+ *
+ * @returns {Hex} The serialized signature
+ *
+ * @example
+ * ```ts
+ * import { serializeErc6492Signature } from 'thirdweb/auth';
+ *
+ * const serializedSignature = serializeErc6492Signature({
+ *  address: '0x...',
+ *  data: '0x...',
+ *  signature: '0x...',
+ * });
+ * // 0x000000000000000000000000cafebabecafebabecafebabecafebabecafebabe000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000004deadbeef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000041a461f509887bd19e312c0c58467ce8ff8e300d3c1a90b608a760c5b80318eaf15fe57c96f9175d6cd4daad4663763baa7e78836e067d0163e9a2ccf2ff753f5b1b000000000000000000000000000000000000000000000000000000000000006492649264926492649264926492649264926492649264926492649264926492
+ * ```
+ * @auth
+ */
+export function serializeErc6492Signature({
+  address,
+  data,
+  signature,
+}: Erc6492Signature): Hex {
+  return concatHex([
+    encodeAbiParameters(
+      [{ type: "address" }, { type: "bytes" }, { type: "bytes" }],
+      [address, data, signature],
+    ),
+    ERC_6492_MAGIC_VALUE,
+  ]);
+}

package/src/auth/types.ts

@@ -0,0 +1,7 @@
+import type { Hex } from "../utils/encoding/hex.js";
+
+export type Erc6492Signature = {
+  address: string;
+  data: Hex;
+  signature: Hex;
+};

package/src/auth/verify-signature.test.ts

@@ -0,0 +1,97 @@
+import { describe, expect, it, test } from "vitest";
+import { FORKED_ETHEREUM_CHAIN } from "../../test/src/chains.js";
+import { TEST_CLIENT } from "../../test/src/test-clients.js";
+import { TEST_ACCOUNT_A } from "../../test/src/test-wallets.js";
+import { mainnet } from "../chains/chain-definitions/ethereum.js";
+import { sepolia } from "../chains/chain-definitions/sepolia.js";
+import { verifyEOASignature, verifySignature } from "./verify-signature.js";
+
+describe("verifyEOASignature", () => {
+  test("should return true for a valid signature", async () => {
+    const message = "Hello world!";
+
+    const signature = await TEST_ACCOUNT_A.signMessage({ message });
+
+    const result = await verifyEOASignature({
+      address: TEST_ACCOUNT_A.address,
+      message,
+      signature,
+    });
+    expect(result).toBe(true);
+  });
+
+  test("should return false for an invalid signature", async () => {
+    const options = {
+      message: "Hello, world!",
+      signature: "invalid",
+      address: "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B",
+    };
+
+    const result = await verifyEOASignature(options);
+    expect(result).toBe(false);
+  });
+
+  test("should return false for a different address", async () => {
+    const message = "Hello, world!";
+    const signature = await TEST_ACCOUNT_A.signMessage({ message });
+
+    const result = await verifyEOASignature({
+      address: "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B",
+      message,
+      signature,
+    });
+    expect(result).toBe(false);
+  });
+
+  test("should return false for a different message", async () => {
+    const message = "Hello, world!";
+    const signature = await TEST_ACCOUNT_A.signMessage({ message });
+
+    const result = await verifyEOASignature({
+      address: TEST_ACCOUNT_A.address,
+      message: "Hello, world",
+      signature,
+    });
+    expect(result).toBe(false);
+  });
+});
+
+describe("verifyContractWalletSignature", async () => {
+  it("should verify a valid signature", async () => {
+    expect(
+      await verifySignature({
+        address: "0x087517aA5153361d5b51B3a062D895443A28458b",
+        message: "Hakuna matata",
+        signature:
+          "0xbc667c1a98b1e5a347944dc6c62d2f8b9669aa05927b8dc39f500ce94fa75ce967a4903869d85eaeea40aaf29642c5152da56bad3bbe5026fb6b9249e234fa7d1b",
+        client: TEST_CLIENT,
+        chain: sepolia,
+      }),
+    ).toBe(true);
+  });
+
+  test("should fail with an invalid signature", async () => {
+    expect(
+      await verifySignature({
+        address: "0x087517aA5153361d5b51B3a062D895443A28458b",
+        message: "Hakuna matata",
+        signature: "0xthirdweb",
+        chain: FORKED_ETHEREUM_CHAIN,
+        client: TEST_CLIENT,
+      }),
+    ).toBe(false);
+  });
+
+  test("coinbase smart wallet verification", async () => {
+    expect(
+      await verifySignature({
+        address: "0x0b1e353DDcec71a94AC76ad6b7e75618E3A9CA81",
+        message: "Hakuna matata",
+        signature:
+          "0x0000000000000000000000000ba5ed0c6aa8c49038f819e587e2633c4a9f428a0000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000e43ffba36f000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000406e033e8bd44ba8d7fe309535da2dcf38bbf6aa0144937adf2b4851e506a8afe10e8d53896201a64512e72414c2aa3b626b18b2a9931d5dd09d57e147662af7530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000012000000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000000000000000000000000000000001dadf7562d6e80ba80295ba01e7a749623df8e204ca7109bcda8fbfee67497a1f084be7126e8f59a3b4ffd09dd14804b203bc29c82d6f0e987396f3b825b2549c0000000000000000000000000000000000000000000000000000000000000025f198086b2db17256731bc456673b96bcef23f51d1fbacdd7c4379ef65465572f1900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a7b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a226c66723934623767656d7249515936623061523253456d417445356a337162716d335a454765625f563338222c226f726967696e223a2268747470733a2f2f6b6579732e636f696e626173652e636f6d222c2263726f73734f726967696e223a66616c73657d000000000000000000000000000000000000000000006492649264926492649264926492649264926492649264926492649264926492",
+        client: TEST_CLIENT,
+        chain: mainnet, // The CBSW factory was deployed more recently than our fork, it's only an eth_call so live mainnet is okay
+      }),
+    ).toBe(true);
+  });
+});

package/src/auth/verify-signature.ts

@@ -0,0 +1,245 @@
+import { equalBytes } from "@noble/curves/abstract/utils";
+import {
+  type Signature,
+  encodeDeployData,
+  recoverAddress,
+  serializeSignature,
+} from "viem";
+import type { Chain } from "../chains/types.js";
+import type { ThirdwebClient } from "../client/client.js";
+import { getContract } from "../contract/contract.js";
+import { eth_call } from "../rpc/actions/eth_call.js";
+import { getRpcClient } from "../rpc/rpc.js";
+import { fromBytes } from "../utils/encoding/from-bytes.js";
+import { type Hex, isHex } from "../utils/encoding/hex.js";
+import { toBytes } from "../utils/encoding/to-bytes.js";
+import { hashMessage } from "../utils/hashing/hashMessage.js";
+import type { Prettify } from "../utils/type-utils.js";
+import { DEFAULT_ACCOUNT_FACTORY } from "../wallets/smart/lib/constants.js";
+import {
+  universalSignatureValidatorAbi,
+  universalSignatureValidatorByteCode,
+} from "./constants.js";
+import { isErc6492Signature } from "./is-erc6492-signature.js";
+import { serializeErc6492Signature } from "./serialize-erc6492-signature.js";
+
+export type VerifyEOASignatureParams = {
+  message: string;
+  signature: string | Uint8Array | Signature;
+  address: string;
+};
+
+/**
+ * Verifies the signature of a message using an Ethereum account's EOA (Externally Owned Account).
+ * @param options - The options for verifying the signature.
+ * @returns A boolean indicating whether the signature is valid.
+ * @throws An error if the signature is invalid.
+ * @example
+ * ```ts
+ * import { verifyEOASignature } from 'thirdweb/auth';
+ *
+ * const isValid = await verifyEOASignature({
+ *  message: '0x1234567890123456789012345678901234567890',
+ *  signature: '0x1234567890123456789012345678901234567890',
+ *  address: '0x1234567890123456789012345678901234567890',
+ * });
+ * ```
+ * @auth
+ */
+export async function verifyEOASignature(options: VerifyEOASignatureParams) {
+  const messageHash = hashMessage(options.message);
+
+  if (!isHex(options.signature)) {
+    return false;
+  }
+
+  const recoveredAddress = await recoverAddress({
+    hash: messageHash,
+    signature: options.signature,
+  });
+
+  if (recoveredAddress.toLowerCase() === options.address.toLowerCase()) {
+    return true;
+  }
+  return false;
+}
+
+export type VerifyContractWalletSignatureParams = Prettify<
+  VerifyEOASignatureParams & {
+    chain: Chain;
+    client: ThirdwebClient;
+    accountFactory?: {
+      address: string;
+      verificationCalldata: Hex;
+    };
+  }
+>;
+
+/**
+ * @description Verifies a contract wallet signature using [ERC-6942](https://eips.ethereum.org/EIPS/eip-6942) Signature Validation for Predeploy Contracts.
+ * This function will validate signatures for both deployed and undeployed smart accounts of all signature types.
+ *
+ * @param {@link VerifyContractWalletSignatureParams} options - The parameters for verifying the signature.
+ * @param {string} options.address The address of the contract wallet to verify the signature for. This can be an undeployed coutnerfactual address.
+ * @param {string} options.message The message that was signed
+ * @param {string} options.signature The signature to verify.
+ * @param {Chain} options.chain The chain to verify the signature on. Make sure this was the chain your signature was generated for, even if your smart account exists on multiple chains.
+ * @param {ThirdwebClient} options.client The Thirdweb client to use for necessary RPC requests.
+ * @param {Object} [options.accountFactory] A custom account factory to use for signature verification. This is only necessary if the account is not yet deployed AND the signature was not pre-wrapped for ERC-6492 validation. Most wallets that do not automatically deploy smart accounts prior to signatures will wrap the signature for you.
+ * @param {string} [options.accountFactory.address] The account factory address from which the smart account was or will be deployed.
+ * @param {Hex} [options.accountFactory.verificationCalldata] The account factory verification calldata for predeploy verification. See [EIP-6942](https://eips.ethereum.org/EIPS/eip-6942) for more information.
+ *
+ * @returns A boolean indicating whether the signature is valid.
+ *
+ * @example
+ * ```ts
+ * import { verifyContractWalletSignature } from 'thirdweb/auth';
+ *
+ * const isValid = await verifyContractWalletSignature({
+ *  message: '0x..',
+ *  signature: '0x..',
+ *  address: '0x...',
+ *  chain: ...,
+ *  client: ...,
+ * });
+ * ```
+ * @auth
+ */
+export async function verifyContractWalletSignature({
+  signature,
+  message,
+  address,
+  chain,
+  client,
+  accountFactory,
+}: VerifyContractWalletSignatureParams) {
+  console.log("verifyContractWalletSignature");
+  const messageHash = hashMessage(message);
+
+  const signatureHex = (() => {
+    if (isHex(signature)) return signature;
+    if (typeof signature === "object" && "r" in signature && "s" in signature)
+      return serializeSignature(signature);
+    if (signature instanceof Uint8Array) return fromBytes(signature, "hex");
+    // We should never hit this but TS doesn't know that
+    throw new Error(
+      `Invalid signature type for signature ${signature}: ${typeof signature}`,
+    );
+  })();
+
+  const accountContract = getContract({
+    address,
+    chain,
+    client,
+  });
+
+  const wrappedSignature = await (async () => {
+    // If this sigature was already wrapped for ERC-6492, carry on
+    if (isErc6492Signature(signatureHex)) return signatureHex;
+
+    // If the contract is already deployed, return the original signature
+    const { isContractDeployed } = await import(
+      "../utils/bytecode/is-contract-deployed.js"
+    );
+    const isDeployed = await isContractDeployed(accountContract);
+    if (!isDeployed) return signatureHex;
+
+    // Otherwise, serialize the signature for ERC-6492 validation
+    return serializeErc6492Signature({
+      address: accountFactory?.address ?? DEFAULT_ACCOUNT_FACTORY,
+      data: accountFactory?.verificationCalldata ?? "0x",
+      signature: signatureHex,
+    });
+  })();
+
+  const verificationData = encodeDeployData({
+    abi: universalSignatureValidatorAbi,
+    args: [address, messageHash, wrappedSignature],
+    bytecode: universalSignatureValidatorByteCode,
+  });
+
+  const rpcRequest = getRpcClient({
+    chain,
+    client,
+  });
+
+  try {
+    const result = await eth_call(rpcRequest, {
+      data: verificationData,
+    });
+
+    const hexResult = isHex(result) ? toBytes(result) : result;
+    return equalBytes(hexResult, toBytes("0x1"));
+  } catch (error) {
+    console.log("error", error);
+    // TODO: Improve overall RPC error handling so we can tell if this was an actual verification failure or some other error
+    // Verification failed somehow
+    return false;
+  }
+}
+
+export type VerifySignatureParams = Prettify<
+  VerifyEOASignatureParams & Partial<VerifyContractWalletSignatureParams>
+>;
+
+/**
+ * Verifies the signature based on the provided options.
+ * Handles smart contract wallet signatures and EOA signatures.
+ * **IMPORTANT: in order to check smart contract signatures, a chain and client must be provided. Or, you can use the `verifyContractWalletSignature` function directly if all signatures will be from smart accounts.**
+ * @see verifyContractWalletSignature
+ * @param options - The options for signature verification.
+ * @returns A boolean indicating whether the signature is valid or not.
+ * @example
+ * ```ts
+ * import { verifySignature } from 'thirdweb/auth';
+ *
+ * const isValid = await verifySignature({
+ *  message: 'Your message to sign',
+ *  signature: '0x91db0222ec371a8c18d3b187a6d2e77789bffca1b96826ef6b8708e0d4a66c80312fc3ae95b8fbc147265abf539bb6f360152be61a0e1411d7f5771a599e769a1c',
+ *  address: '0xda9C7A86AeE76701FC1c23ae548e8E93Ba3e42A5',
+ *  client: thirdwebClient,
+ *  chain: chain
+ * });
+ * ```
+ * @auth
+ */
+let warningTriggered = false;
+export async function verifySignature(options: VerifySignatureParams) {
+  try {
+    const isValidEOASig = await verifyEOASignature(options);
+    if (isValidEOASig) {
+      return true;
+    }
+  } catch {
+    // no-op, we skip to contract signature check
+  }
+  if (isVerifyContractWalletSignatureParams(options)) {
+    try {
+      return await verifyContractWalletSignature(options);
+    } catch {
+      // no-op we skip to return false
+    }
+  } else if (!warningTriggered) {
+    // We only trigger this warning once
+    warningTriggered = true;
+    console.error(`
+      Failed to verify EOA signature and no chain or client provided.
+
+      If you mean to use a smart account, please provide a chain and client.
+      For more information on how to setup a smart account with Auth, see https://portal.thirdweb.com/connect/auth
+    `);
+  }
+  // if we reach here, we have no way to verify the signature
+  return false;
+}
+
+function isVerifyContractWalletSignatureParams(
+  options: VerifySignatureParams,
+): options is VerifyContractWalletSignatureParams {
+  return (
+    "chain" in options &&
+    options.chain !== undefined &&
+    "client" in options &&
+    options.client !== undefined
+  );
+}

package/src/exports/auth.ts

@@ -5,7 +5,15 @@ export {
   type VerifyEOASignatureParams,
   verifyContractWalletSignature,
   type VerifyContractWalletSignatureParams,
-} from "../auth/verifySignature.js";
+} from "../auth/verify-signature.js";
+
+export { isErc6492Signature } from "../auth/is-erc6492-signature.js";
+export { serializeErc6492Signature } from "../auth/serialize-erc6492-signature.js";
+export {
+  parseErc6492Signature,
+  type ParseErc6492SignatureReturnType,
+} from "../auth/parse-erc6492-signature.js";
+export type { Erc6492Signature } from "../auth/types.js";
 
 export { createAuth } from "../auth/auth.js";
 export type {

package/src/react/web/ui/ConnectWallet/Modal/AllWalletsUI.tsx

@@ -10,6 +10,7 @@ import { createWallet } from "../../../../../wallets/create-wallet.js";
 import type { Wallet } from "../../../../../wallets/interfaces/wallet.js";
 import { useCustomTheme } from "../../../../core/design-system/CustomThemeProvider.js";
 import { iconSize, spacing } from "../../../../core/design-system/index.js";
+import { useSetSelectionData } from "../../../providers/wallet-ui-states-provider.js";
 import { sortWallets } from "../../../utils/sortWallets.js";
 import { Spacer } from "../../components/Spacer.js";
 import { Spinner } from "../../components/Spinner.js";
@@ -35,6 +36,7 @@ function AllWalletsUI(props: {
   connectLocale: ConnectLocale;
 }) {
   const { itemsToShow, lastItemRef } = useShowMore<HTMLLIElement>(10, 10);
+  const setSelectionData = useSetSelectionData();
 
   const walletList = useMemo(() => {
     return walletInfos.filter((wallet) => {
@@ -141,6 +143,7 @@ function AllWalletsUI(props: {
                       selectWallet={() => {
                         const wallet = createWallet(walletInfo.id);
                         props.onSelect(wallet);
+                        setSelectionData({});
                       }}
                       client={props.client}
                       recommendedWallets={props.recommendedWallets}

package/src/react/web/ui/ConnectWallet/Modal/ConnectModalContent.tsx

@@ -129,7 +129,6 @@ export const ConnectModalContent = (props: {
       title={props.meta.title || props.connectLocale.defaultModalTitle}
       wallets={props.wallets}
       selectWallet={(newWallet) => {
-        setSelectionData({});
         if (newWallet.onConnectRequested) {
           newWallet
             .onConnectRequested()