Validating signatures with contracts
A Contract Account enables arbitrary verification logic that can support multisig and any signature scheme. This is an advantage over an EOA which limits users to only ECDSA.
An EOA can use its private key to sign messages. However, a Contract Account isn't inherently associated to a private key so it cannot sign messages by default.
But let's say your smart contract is assigned an owner that holds an arbitrary private key. The contract can still be programmed to verify that a message was signed by the current owner's private key. This can also be extended for multisig cases as well with many owners.
Example: signing up for an app with a smart contract wallet
Here you are verifying that you own the account you are signing up with. And this is what happens under the hood:
Essentially, the contract has some logic to ensure that the message has been signed by the correct users or entities before approving anything.
A standard to ensure interoperability
In order for this to work with multiple different parties, it's important to follow the recommended standard as outlined in EIP-1271. As the developer this means making sure your smart contracts implement the following interface:
Implementing this standard is the easiest way to ensure your smart contract accounts have the best coverage for validating signatures with the rest of the ecosystem.
Want to create smart contract accounts yourself?
Test out Stackup's quickstart guide!