feat(safesignatures): implement contract signature verification

bitbeckers · bitbeckers · commit 5219c965e9bd · 2025-02-04T00:14:21.000+01:00
To support filecoin we need to bypass the SafeSDK to verify Safe
signatures. The SafeSignatureVerifier class was updated to support
different strategies based on chain ID. A SignatureVerifierFactory was
implemented to either execute a contract call or use the Safe SDK
depending on the provided chain ID.
diff --git a/package.json b/package.json
@@ -30,7 +30,7 @@
     "@graphql-yoga/plugin-response-cache": "^3.5.0",
     "@hypercerts-org/contracts": "2.0.0-alpha.12",
     "@hypercerts-org/marketplace-sdk": "0.3.37",
-    "@hypercerts-org/sdk": "2.5.0-beta.3",
+    "@hypercerts-org/sdk": "2.5.0-beta.6",
     "@ipld/car": "^5.2.5",
     "@openzeppelin/merkle-tree": "^1.0.5",
     "@safe-global/api-kit": "^2.5.4",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/lib/safe/signature-verification/SafeSignatureVerifier.ts b/src/lib/safe/signature-verification/SafeSignatureVerifier.ts
@@ -1,9 +1,9 @@
-import Safe from "@safe-global/protocol-kit";
 import { getAddress, hashTypedData, type HashTypedDataParameters } from "viem";
 
 import { EvmClientFactory } from "../../../client/evmClient.js";
 
 import { RpcStrategyFactory } from "../safe-rpc-urls.js";
+import { SignatureVerifierStrategyFactory } from "./SignatureVerifierStrategy.js";
 
 export default abstract class SafeSignatureVerifier {
   protected chainId: number;
@@ -35,13 +35,10 @@ export default abstract class SafeSignatureVerifier {
 
   abstract buildTypedData(): Omit<HashTypedDataParameters, "domain">;
 
-  async verify(signature: string): Promise<boolean> {
-    const safe = await Safe.default.init({
-      provider: this.rpcUrl,
-      safeAddress: this.safeAddress,
-    });
-
-    const protocolKit = await safe.connect({});
-    return protocolKit.isValidSignature(this.hashTypedData(), signature);
+  async verify(signature: `0x${string}`): Promise<boolean> {
+    return SignatureVerifierStrategyFactory.getStrategy(
+      this.chainId,
+      this.hashTypedData(),
+    ).verify(signature, this.rpcUrl, this.safeAddress);
   }
 }
diff --git a/src/lib/safe/signature-verification/SignatureVerifierStrategy.ts b/src/lib/safe/signature-verification/SignatureVerifierStrategy.ts
@@ -0,0 +1,83 @@
+import Safe from "@safe-global/protocol-kit";
+import { ethers } from "ethers";
+
+const EIP1271_MAGIC_VALUE =
+  "0x1626ba7e00000000000000000000000000000000000000000000000000000000";
+
+export interface SignatureVerifierStrategy {
+  verify(
+    signature: `0x${string}`,
+    rpcUrl: string,
+    safeAddress: `0x${string}`,
+  ): Promise<boolean>;
+}
+
+export class SignatureVerifierStrategyFactory {
+  static getStrategy(
+    chainId: number,
+    hashTypedData: `0x${string}`,
+  ): SignatureVerifierStrategy {
+    switch (chainId) {
+      case 314:
+      case 314159:
+        return new ContractSignatureVerifierStrategy(hashTypedData);
+      default:
+        return new SafeSignatureVerifierStrategy(hashTypedData);
+    }
+  }
+}
+
+export class SafeSignatureVerifierStrategy
+  implements SignatureVerifierStrategy
+{
+  private hashTypedData: `0x${string}`;
+  constructor(hashTypedData: `0x${string}`) {
+    this.hashTypedData = hashTypedData;
+  }
+
+  async verify(
+    signature: `0x${string}`,
+    rpcUrl: string,
+    safeAddress: `0x${string}`,
+  ): Promise<boolean> {
+    const safe = await Safe.default.init({
+      provider: rpcUrl,
+      safeAddress: safeAddress,
+    });
+
+    const protocolKit = await safe.connect({});
+    return protocolKit.isValidSignature(this.hashTypedData, signature);
+  }
+}
+
+export class ContractSignatureVerifierStrategy
+  implements SignatureVerifierStrategy
+{
+  private hashTypedData: `0x${string}`;
+  constructor(hashTypedData: `0x${string}`) {
+    this.hashTypedData = hashTypedData;
+  }
+
+  async verify(
+    signature: `0x${string}`,
+    rpcUrl: string,
+    safeAddress: `0x${string}`,
+  ): Promise<boolean> {
+    const provider = new ethers.JsonRpcProvider(rpcUrl);
+    const iface = new ethers.Interface([
+      "function isValidSignature(bytes32 hash, bytes signature) view returns (bytes4)",
+    ]);
+    const calldata = iface.encodeFunctionData("isValidSignature", [
+      this.hashTypedData,
+      signature,
+    ]);
+
+    try {
+      const result = await provider.call({ to: safeAddress, data: calldata });
+      return result === EIP1271_MAGIC_VALUE;
+    } catch (error) {
+      console.error("Error:", error);
+      return false;
+    }
+  }
+}
