How to validate signatures of smart contract wallets

Use EIP-1271 to sign messages from smart contract accounts

Validating signatures with contracts

A Contract Account enables arbitrary verification logic that can support multisig and any signature scheme. This is an advantage over an EOA which limits users to only ECDSA.

An EOA can use its private key to sign messages. However, a Contract Account isn't inherently associated to a private key so it cannot sign messages by default.

But let's say your smart contract is assigned an owner that holds an arbitrary private key. The contract can still be programmed to verify that a message was signed by the current owner's private key. This can also be extended for multisig cases as well with many owners.

Example: signing up for an app with a smart contract wallet

Let take a look at the example of signing up to an app like OpenSea with a smart contract wallet like Stackup. Below is the following flow that you're likely familiar with.

Signature validation example

Here you are verifying that you own the account you are signing up with. And this is what happens under the hood:

Validating signatures with contracts

Essentially, the contract has some logic to ensure that the message has been signed by the correct users or entities before approving anything.

A standard to ensure interoperability

In order for this to work with multiple different parties, it's important to follow the recommended standard as outlined in EIP-1271. Implementing this standard is the easiest way to ensure your smart contract accounts have the best coverage for validating signatures with the rest of the ecosystem.

Want to create smart contract accounts yourself?

Test out Stackup's quickstart guide!