[bug] signMessage API bugs in Xverse Extension v1.9.4 causing JSON parse crashes #246
Description
Is there an existing issue for this?
- I have searched the existing issues
SATS-CONNECT Version
1.9.4
Current Behavior
Critical signMessage API bugs in Xverse Extension v1.9.4 causing JSON parse crashes
The Xverse browser extension (v1.9.4) has critical bugs in its signMessage and connect APIs that cause the extension popup to crash with JSON parsing errors. These issues prevent any successful authentication integration.
- Extension Version: 1.9.4
- Browser: Chrome & Brave
- Extension ID:
idnnbdplmphpflfnlkomgpfbpcgelopg - Integration Method: Direct
window.BitcoinProviderAPI calls - Related Issue: [Unexpected token] - I can't run my react app with sats-connect #119 (similar JSON parsing errors reported)
Errors Encountered
Error 1: request function not implemented
When calling window.BitcoinProvider.request():
Error: `request` function is not implemented
at Object.request (inpage.js:1:161337)
Error 2: Undefined is not iterable
When calling BitcoinProvider.connect() with parameters:
Error: undefined is not iterable (cannot read property Symbol(Symbol.iterator))
at Ia (popup.js:2251:75602)
at eOC (popup.js:2282:26311)
Timestamp: 2025-12-16T20:31:54.178Z
Error 3: Unexpected end of JSON input
When calling BitcoinProvider.signMessage() with payload object:
SyntaxError: Unexpected end of JSON input
at JSON.parse (<anonymous>)
at mA.parse (popup.js:2251:86429)
Timestamp: 2025-12-16T20:43:42.774Z
Error 4: Invalid JSON token
When calling BitcoinProvider.signMessage() with simple string parameter:
SyntaxError: Unexpected token 's', "sF��_s���"... is not valid JSON
at JSON.parse (<anonymous>)
at t.decodeToken (popup.js:2066:313738)
Timestamp: 2025-12-16T20:45:34.986Z
Attempted API Patterns (All Failed)
-
window.BitcoinProvider.request('getAccounts', null)- Result: "
requestfunction is not implemented" error
- Result: "
-
window.BitcoinProvider.connect()with no params- Result: "undefined is not iterable" crash
-
window.BitcoinProvider.connect(['payment'])with purposes array- Result: Same "undefined is not iterable" crash
-
window.BitcoinProvider.connect({ purposes: [...], message: '...', network: {...} })- Result: Same "undefined is not iterable" crash
-
window.BitcoinProvider.signMessage({ payload: {...}, onFinish: fn, onCancel: fn })- Result: "Unexpected end of JSON input" crash
-
window.BitcoinProvider.signMessage({ address: 'payment', message: '...' }, callback)- Result: No callback invoked, extension popup shows error
-
window.BitcoinProvider.signMessage(messageString)- Result: "Unexpected token 's'" - corrupted JSON parsing
Expected Behavior
Based on sats-connect documentation, we expected:
connect()to return addresses with{ addresses: [{ address, publicKey, purpose }] }signMessage()to accept message string and return{ address, signature }- Extension popup to display signing prompt without crashing
Actual Behavior
- Extension popup opens but immediately crashes with JSON parse errors
- No successful API calls possible
- Internal
JSON.parse()calls failing on malformed data decodeTokenfunction receiving corrupted input
Impact
- Complete blocking issue - Cannot integrate Xverse wallet authentication
- Other Bitcoin wallets (Kaspa, Unisat) work correctly with similar patterns
- Suggests internal extension bug, not integration issue
Diagnostic Evidence
Console logs show extension detected but all API methods fail:
[Xverse] Bitcoin provider detected: true
[Xverse] BitcoinProvider methods: ['connect', 'signTransaction', 'signMultipleTransactions',
'signMessage', 'sendBtcTransaction', 'createInscription',
'createRepeatInscriptions', 'request', 'addListener']
[Xverse] Calling connect()...
// → Extension popup crashesRequest
- Fix JSON parsing in popup.js (lines 2251, 2066, 2282, 2067, 2292)
- Ensure
signMessageaccepts plain string messages without internal token encoding - Fix
connect()to properly serialize purposes array without Symbol.iterator errors - Validate all parameters before JSON.parse() to prevent crashes
- Consider adding null/undefined checks in decodeToken function
Workaround
Currently recommending users:
-
Use Kaspa wallet for Bitcoin authentication (works correctly)
-
Wait for Xverse extension bugfix update
-
[Unexpected token] - I can't run my react app with sats-connect #119 - Similar JSON parsing errors reported by other developers
-
Extension appears to have regressed in v1.9.4 based on multiple crash reports
Error Details
Error: Error code :
Timestamp: 2025-12-16T21:00:03.066Z
App Version: 1.9.4
Code: undefined
Message: Unexpected token '�', "�G�{��kW�q"... is not valid JSON
Stack Trace: SyntaxError: Unexpected token '�', "�G�{��kW�q"... is not valid JSON
at JSON.parse ()
at t.decodeToken (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2066:313738)
at chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2292:346946
at Object.useMemo (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2067:160386)
at t.useMemo (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2067:313759)
at teO (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2292:346866)
at teG (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2292:348106)
at nK (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2067:148528)
at ol (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2067:169454)
at ok (chrome-extension://idnnbdplmphpflfnlkomgpfbpcgelopg/popup.js:2067:180171)
Expected Behavior
Based on sats-connect documentation, expected:
connect()to return addresses with{ addresses: [{ address, publicKey, purpose }] }signMessage()to accept message string and return{ address, signature }- Extension popup to display signing prompt without crashing
Steps To Reproduce
- Extension popup opens but immediately crashes with JSON parse errors
- No successful API calls possible
- Internal
JSON.parse()calls failing on malformed data decodeTokenfunction receiving corrupted input
Link to Minimal Reproducible Example (CodeSandbox, StackBlitz, etc.)
No response
Anything else?
Brave & Chrome, latest