Verifying signatures and cosigners

Verifying signatures

Argent account signatures can be verified by calling the isValidSignature or is_valid_signature method of the account contract:

const contractAccount = new Contract(abi, accountAddress, provider);
const msgHash = typedData.getMessageHash(data, accountAddress);
await contractAccount.isValidSignature(msgHash, [signature.r, signature.s])

Be aware that most of Argent's accounts will return more that one signature that should all be verified. See below.

Guardians and co-signers

A guardian is a trusted party, added by the user, that acts as a cosigner/co-validator for the user's account when carrying out typical wallet operations or for recovery purposes.

For most of Argent's products e.g Argent Mobile, Web Wallet, Smart Accounts in Argent X etc, the guardian is usually Argent's backend.

In the next section, let's take a look at how you can verify multi-signatures for accounts with an active guardian.

Verifying multi-signatures

From a dApp's end, explicit support has to be provided for verifying multi-signatures, or account owners with guardians will be unable to sign transactions.

The signature is verified by calling the isValidSignature or is_valid_signature() method. If the user has a guardian, the signature returned by the wallet will be longer and include more data.

0: number of signers (i.e. 2 in this example)

1: type of signer 1

2: pubkey 1

3: r1

4: s1

5: type of signer 2 (guardian)

6: pubkey 2 (guardian)

7: r2 (guardian)

8: s2 (guardian)

const contractAccount = new Contract(abi, accountAddress, provider);
const msgHash = typedData.getMessageHash(data, accountAddress);
await contractAccount.isValidSignature(msgHash, [signature1.r, signature1.s, signature2.r, signature2.s])