Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Problem verifying personal_sign signatures produced by ledger (v5)
See original GitHub issueInitially thought this was a MetaMask issue but looks like it’s a bug in ethers v5, ref
Describe the bug
When verifying a personal_sign signature from a Ledger hardware wallet ethers@5 will return the incorrect address.
To Reproduce
- produce a
personal_signsignature with metamask in the browser console using a ledger device:
> ethereum.sendAsync({
jsonrpc: '2.0', id: 1,
method: 'personal_sign',
params: ['0x6d7367', '0x73120171D5f26C93F7472b0f4F4C94C300264Bcb']
}, (a, x) => console.log(x.result))
0xfcd04509a330684eff11f6f4a872a592c33024f6d16022011f35323cb77147dd18f5600f22179721691ce4f3a2d7ee90adf6309bf86fb4bfb0740a330f8f539b01
- Try to recover the signature using
@ethersproject/walletin a node console:
> require('@ethersproject/wallet).verifyMessage('msg', '0xfcd04509a330684eff11f6f4a872a592c33024f6d16022011f35323cb77147dd18f5600f22179721691ce4f3a2d7ee90adf6309bf86fb4bfb0740a330f8f539b01')
'0x1d741B84405D5D6cb4F05b5A74ac5588F2149B90'
- Try to recover the same signature with
ethers@4in a node console:
> require('ethers').utils.verifyMessage('msg', '0xfcd04509a330684eff11f6f4a872a592c33024f6d16022011f35323cb77147dd18f5600f22179721691ce4f3a2d7ee90adf6309bf86fb4bfb0740a330f8f539b01')
'0x73120171D5f26C93F7472b0f4F4C94C300264Bcb'
Expected behavior
When recovering the signature the same address as used in MetaMask should be returned using the ethers@5 library.
- Hardware Wallet: Ledger Nano S Firmware version 1.6.0
- MetaMask Version used to produce signature: 7.7.9
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:5 (3 by maintainers)
Top Results From Across the Web
How to verify the authenticity of Ledger Live?
This article will explain how to verify the authenticity of a Ledger Live installation package using Ledger Live Download Signatures on Windows ...
Read more >Cannot verifiy a signature produced by Ledger in Solidity ...
The main function verify returns signer address depending on message and signature values. This works good for all signatures, but for a ...
Read more >Signing Data - MetaMask Docs
Signing Data. Since MetaMask makes cryptographic keys available to each user, websites can use these signatures for a variety of uses.
Read more >getsigner web3 - You.com | The AI Search Engine You Control
Problem in verifying the signature in smart contract which was signed by eth.personal.sign() in web3. Asked Oct 12, 2021 • 0 votes 0...
Read more >Ethereum Signatures: Dig Deep into It - Morioh
Both Smart Contracts and Ethereum clients have the ability to verify ECDSA signatures. ECDSA verification in Smart Contracts allows tamper proof ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Confirmed to be working with
5.0.5. Thanks @ricmoo 🙏I’ll look into this shortly.