I'm developing a website that uses personal_sign
to authenticate users. I send the "address" and "signature" to my server to verify the user owns the address. I'm currently adding WalletConnect support, and ran into an issue with Gnosis Safe. When signing with Gnosis Safe, the value of signature
is just "0x" instead of the full signature:
const signature = await connector.signPersonalMessage([
convertUtf8ToHex(message),
address,
]);
Is personal_sign
supported by Gnosis Safe? This technique works with WalletConnect when connecting with Ledger Live or the Metamask mobile app. Is there an alternative way to verify a user owns an address?
Thank you.
Best Answer
If
safeProxyContract.isValidSignature(msgHash, signature)
(See CompatibilityFallbackHandler.sol#L66) returns the EIP1271 magic value, then the message with themsgHash
is signed. If it doesn't, then it isn't signedBut what I couldn't figure out was when to make the call to
isValidSignature()
. Because the WalletConnect modal actually resolves0x
right after the user issues the txn, without waiting for the txn to be confirmed. So there is no way to know the txn hash, nor when/if the sign message txn was mined or notBut GnosisSafe contract emits an event during those txn. So I added a
once
event listener to the contract to listen for that event, and then checkisValidSignature()
Thanks @Richard for helping out!