[SDK] fix: Improve smart wallet signature verification (#6040)

Author: joaquim-verges

.changeset/kind-beers-fold.md

@@ -0,0 +1,5 @@
+---
+"thirdweb": patch
+---
+
+Always use 712 signature verification if the smart account is already deployed

apps/playground-web/src/components/account-abstraction/sponsored-tx-zksync.tsx

@@ -1,5 +1,4 @@
 "use client";
-
 import { useState } from "react";
 import { getContract } from "thirdweb";
 import { zkSyncSepolia } from "thirdweb/chains";
@@ -15,6 +14,12 @@ import { shortenHex } from "thirdweb/utils";
 import { THIRDWEB_CLIENT } from "../../lib/client";
 import { WALLETS } from "../../lib/constants";
 
+// const chain = abstractTestnet;
+// const editionDropContract = getContract({
+//   client: THIRDWEB_CLIENT,
+//   address: "0x8A24a7Df38fA5fCCcFD1259e90Fb6996fDdfcADa",
+//   chain,
+// });
 const chain = zkSyncSepolia;
 const editionDropContract = getContract({
   client: THIRDWEB_CLIENT,
@@ -83,6 +88,7 @@ export function SponsoredTxZksyncPreview() {
                   metadata: nft?.metadata,
                 }}
                 onError={(error) => {
+                  console.error("error", error);
                   alert(`Error: ${error.message}`);
                 }}
                 onClick={() => {

packages/thirdweb/src/auth/verify-hash.ts

@@ -10,6 +10,7 @@ import { isValidSignature } from "../extensions/erc1271/__generated__/isValidSig
 import { eth_call } from "../rpc/actions/eth_call.js";
 import { getRpcClient } from "../rpc/rpc.js";
 import { isZkSyncChain } from "../utils/any-evm/zksync/isZkSyncChain.js";
+import { isContractDeployed } from "../utils/bytecode/is-contract-deployed.js";
 import { fromBytes } from "../utils/encoding/from-bytes.js";
 import { type Hex, hexToBool, isHex } from "../utils/encoding/hex.js";
 import { serializeErc6492Signature } from "./serialize-erc6492-signature.js";
@@ -75,6 +76,33 @@ export async function verifyHash({
     );
   })();
 
+  const isDeployed = await isContractDeployed(
+    getContract({
+      address,
+      client,
+      chain,
+    }),
+  );
+
+  if (isDeployed) {
+    const validEip1271 = await verifyEip1271Signature({
+      hash,
+      signature: signatureHex,
+      contract: getContract({
+        chain,
+        address,
+        client,
+      }),
+    }).catch((err) => {
+      console.error("Error verifying EIP-1271 signature", err);
+      return false;
+    });
+    if (validEip1271) {
+      return true;
+    }
+  }
+
+  // contract not deployed, use erc6492 validator to verify signature
   const wrappedSignature: Hex = await (async () => {
     // If no factory is provided, we have to assume its already deployed or is an EOA
     // TODO: Figure out how to automatically tell if our default factory was used
@@ -95,6 +123,7 @@ export async function verifyHash({
     to?: string;
     data: Hex;
   };
+
   const zkSyncChain = await isZkSyncChain(chain);
   const abi = ox__Abi.from(ox__WrappedSignature.universalSignatureValidatorAbi);
   if (zkSyncChain) {

packages/thirdweb/src/wallets/smart/lib/signing.ts

@@ -268,7 +268,7 @@ async function checkFor712Factory({
 }
 
 /**
- * Deployes a smart account via a dummy transaction.
+ * Deployes a smart account via a dummy transaction. If the account is already deployed, this will do nothing.
  *
  * @param args - Arguments for the deployment.
  * @param args.smartAccount - The smart account to deploy.