Remove fallback to P256 in WebAuthn signer (#6337)

ernestognw · web-flow · commit 3c063fc49450 · 2026-02-10T14:09:59.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@
 - `ERC721` and `ERC1155`: Prevent setting an operator for `address(0)`. In the case of `ERC721` this type of operator allowance could lead to obfuscated mint permission. ([#6171](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/6171))
 - `RLP`: The `encode(bytes32)` function now encodes `bytes32` as a fixed size item and not as a scalar in `encode(uint256)`. Users must replace calls to `encode(bytes32)` with `encode(uint256(bytes32))` to preserve the same behavior. ([#6167](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/6167))
 - `ERC4337Utils`: The `parseValidationData` now returns a `ValidationRange` as the last return tuple value indicating whether the `validationData` is compared against a timestamp or block number. Developers must update their code to handle this new return value (e.g. `(aggregator, validAfter, validUntil) -> (aggregator, validAfter, validUntil, range)`).
+- `SignerWebAuthn`: The `_rawSignatureValidation` function now returns `false` when the signature is not a valid WebAuthn authentication assertion. P256 fallback is removed. Developers can add it back by overriding the function.
 
 ## 5.5.0 (2025-10-31)
 
diff --git a/contracts/utils/cryptography/signers/SignerWebAuthn.sol b/contracts/utils/cryptography/signers/SignerWebAuthn.sol
@@ -32,20 +32,15 @@ abstract contract SignerWebAuthn is SignerP256 {
     /**
      * @dev Validates a raw signature using the WebAuthn authentication assertion.
      *
-     * In case the signature can't be validated, it falls back to the
-     * {SignerP256-_rawSignatureValidation} method for raw P256 signature validation by passing
-     * the raw `r` and `s` values from the signature.
+     * Returns `false` if the signature is not a valid WebAuthn authentication assertion.
      */
     function _rawSignatureValidation(
         bytes32 hash,
         bytes calldata signature
     ) internal view virtual override returns (bool) {
         (bool decodeSuccess, WebAuthn.WebAuthnAuth calldata auth) = WebAuthn.tryDecodeAuth(signature);
-        if (decodeSuccess) {
-            (bytes32 qx, bytes32 qy) = signer();
-            return WebAuthn.verify(abi.encodePacked(hash), auth, qx, qy);
-        } else {
-            return super._rawSignatureValidation(hash, signature);
-        }
+        if (!decodeSuccess) return false;
+        (bytes32 qx, bytes32 qy) = signer();
+        return WebAuthn.verify(abi.encodePacked(hash), auth, qx, qy);
     }
 }
diff --git a/test/account/AccountWebAuthn.test.js b/test/account/AccountWebAuthn.test.js
@@ -72,17 +72,4 @@ describe('AccountWebAuthn', function () {
     shouldBehaveLikeERC1271({ erc7739: true });
     shouldBehaveLikeERC7821();
   });
-
-  describe('as regular P256 validator', function () {
-    beforeEach(async function () {
-      this.signer = p256Signer;
-      this.mock = this.p256Mock;
-      this.domain.verifyingContract = this.mock.address;
-    });
-
-    shouldBehaveLikeAccountCore();
-    shouldBehaveLikeAccountHolder();
-    shouldBehaveLikeERC1271({ erc7739: true });
-    shouldBehaveLikeERC7821();
-  });
 });
