Skip to content

fix: serialize full message in embedded wallet 1CA #4588

Merged
tomiir merged 19 commits intomainfrom
fix/siwx-1ca
Jul 1, 2025
Merged

fix: serialize full message in embedded wallet 1CA #4588
tomiir merged 19 commits intomainfrom
fix/siwx-1ca

Conversation

@tomiir
Copy link
Copy Markdown
Collaborator

@tomiir tomiir commented Jun 30, 2025
edited by enesozturk
Loading

Description

This PR addresses an incompatibility with the new 1CA feature that uses createSIWEMessage from viem.

Problem

  • Viem enforces validation on the nonce length for SIWE messages.
  • Our current implementation sends a shorter nonce, which causes validation to fail.

Breakdown

  • DefaultSiwx: The usage of createSIWEMessage exposed an issue where the message was not compliant with the SIWE spec, specifically around nonce formatting.
  • CloudAuthSiwx: We’re generating a new EVM-based SIWE message on Secure Site that doesn’t match the one created on Cloud, resulting in validation failures.

Fix

  • Ensure nonce generation and formatting are consistent and compliant with SIWE spec requirements.
  • Align message generation between Cloud and Secure Site to prevent mismatches and validation errors.

Type of change

  • Chore (non-breaking change that addresses non-functional tasks, maintenance, or code quality improvements)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Associated Issues

For Linear issues: Closes APKT-xxx
For GH issues: closes #...

Showcase (Optional)

If there is a UI change include the screenshots with before and after state.
If new feature is being introduced, include the link to demo recording.

Checklist

  • Code in this PR is covered by automated tests (Unit tests, E2E tests)
  • My changes generate no new warnings
  • I have reviewed my own code
  • I have filled out all required sections
  • I have tested my changes on the preview link
  • Approver of this PR confirms that the changes are tested on the preview link

@vercel
Copy link
Copy Markdown

vercel bot commented Jun 30, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
appkit-basic-html ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 1, 2025 2:52pm
appkit-demo ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 1, 2025 2:52pm
appkit-laboratory ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 1, 2025 2:52pm
10 Skipped Deployments
Name Status Preview Comments Updated (UTC)
appkit-basic-example ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
appkit-basic-sign-client-example ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
appkit-basic-up-example ⬜️ Ignored (Inspect) Visit Preview Jul 1, 2025 2:52pm
appkit-ethers5-bera ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
appkit-nansen-demo ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
appkit-vue-solana ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
appkit-wagmi-cdn-example ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
ethereum-provider-wagmi-example ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
next-wagmi-solana-bitcoin-example ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm
vue-wagmi-example ⬜️ Ignored (Inspect) Jul 1, 2025 2:52pm

cursor[bot]

This comment was marked as outdated.

Sign in to view

0xmkh
0xmkh reviewed Jun 30, 2025
View reviewed changes
Comment thread packages/controllers/src/utils/SIWXUtil.ts Outdated
0xmkh
0xmkh reviewed Jun 30, 2025
View reviewed changes
Comment thread packages/controllers/src/utils/SIWXUtil.ts Outdated
0xmkh
0xmkh reviewed Jun 30, 2025
View reviewed changes
Comment thread packages/wallet/src/W3mFrameSchema.ts Outdated
@svenvoskamp
Copy link
Copy Markdown
Contributor

svenvoskamp commented Jun 30, 2025
edited
Loading

I think this will break a flow in the onAuthProviderConnected where we call SIWXUtil.addEmbeddedWalletSession with all the properties of the siwxMessage

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Jun 30, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 497741c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jun 30, 2025
edited
Loading

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 77.84% 30843 / 39621
🔵 Statements 77.84% 30843 / 39621
🔵 Functions 68.77% 2539 / 3692
🔵 Branches 84.39% 6399 / 7582
File Coverage
File Stmts Branches Functions Lines Uncovered Lines
Changed Files
packages/appkit/src/client/appkit.ts 47.17% 79.38% 84.61% 47.17% 69-125, 128-142, 145-152, 155-171, 174-181, 186-193, 199-200, 225-226, 233-234, 247-270, 278-290, 292, 294-313, 315-329, 354-360, 376, 397-398, 403-404, 419-499, 536-540, 562-563, 586-588, 596-597, 636-637
packages/controllers/src/utils/SIWXUtil.ts 78.83% 72.05% 60.86% 78.83% 41-42, 46-47, 52-53, 59-72, 81-82, 85-86, 89-90, 93-94, 106-107, 142, 164-165, 167-168, 178-180, 188-194, 259, 304-328, 415-426, 307-334
packages/scaffold-ui/src/modal/w3m-modal/index.ts 85.98% 84.12% 100% 85.98% 73-76, 91-92, 114, 118, 145, 190, 208-216, 233-235, 251, 253, 297-298, 307-309, 236
packages/wallet/src/W3mFrameSchema.ts 100% 100% 100% 100%
Generated in workflow #13090 for commit 497741c by the Vitest Coverage Report Action

cursor[bot]

This comment was marked as outdated.

Sign in to view

@tomiir tomiir changed the title wip: Fix/siwx 1ca fix: amend embedded wallet 1CA for SIWX Jun 30, 2025
@tomiir tomiir changed the title fix: amend embedded wallet 1CA for SIWX fix: serialize full message in embedded wallet 1CA Jun 30, 2025
cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jun 30, 2025
edited
Loading

Warnings
⚠️ Changes were made to one or more package.json(s), but not to pnpm-lock.yaml
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️

🔑 Potential High‑entropy string detected in packages/controllers/tests/utils/SIWXUtil.test.ts (line 40): 0x123456789012345678...
⚠️ Testing spec changed

Generated by 🚫 dangerJS against 497741c

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

tomiir
tomiir commented Jul 1, 2025
View reviewed changes
Comment thread packages/scaffold-ui/src/modal/w3m-modal/index.ts
Comment on lines +230 to +237
const sessions = await SIWXUtil.getAllSessions()
const isNextAuthenticated =
caipAddress && SIWXUtil.getSIWX()
? sessions.some(
session =>
session.data.accountAddress === ParseUtil.parseCaipAddress(caipAddress)?.address
)
: true
Copy link
Copy Markdown
Collaborator Author

@tomiir tomiir Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@svenvoskamp could you double check this ? It was going back when it was connected but not authenticated so I added this check.

enesozturk
enesozturk reviewed Jul 1, 2025
View reviewed changes
Comment thread apps/laboratory/tests/cloud-auth-email.spec.ts Outdated
cursor[bot]

This comment was marked as outdated.

Sign in to view

@cursor
Copy link
Copy Markdown

cursor bot commented Jul 1, 2025

🚨 BugBot couldn't run

BugBot is experiencing high demand right now. Try again in a few minutes by commenting "bugbot run" (requestId: serverGenReqId_d4a0d78b-dd1d-458f-8a6d-56fdaa4b9fe2).

@tomiir tomiir merged commit c41ea92 into main Jul 1, 2025
40 of 41 checks passed
@tomiir tomiir deleted the fix/siwx-1ca branch July 1, 2025 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@enesozturk enesozturk enesozturk left review comments

@cursor cursor[bot] cursor[bot] left review comments

@0xmkh 0xmkh 0xmkh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tomiir @svenvoskamp @enesozturk @0xmkh