Bug
src/app/api/ratings/route.ts uses recoverMessageAddress() for signature verification instead of verifyMessage() as specified in #79.
Impact: Smart contract wallet users (Safe, Argent, etc.) cannot submit ratings. recoverMessageAddress only works for EOA wallets. verifyMessage from viem handles both EOA and EIP-1271 contract wallet signatures.
Fix:
- Replace
recoverMessageAddress() with verifyMessage() from viem
- Compare recovered address vs claimed address using
verifyMessage({ address, message, signature })
Context: Introduced in PR #84.
Checklist:
Labels: bug, agent/T3
Bug
src/app/api/ratings/route.tsusesrecoverMessageAddress()for signature verification instead ofverifyMessage()as specified in #79.Impact: Smart contract wallet users (Safe, Argent, etc.) cannot submit ratings.
recoverMessageAddressonly works for EOA wallets.verifyMessagefrom viem handles both EOA and EIP-1271 contract wallet signatures.Fix:
recoverMessageAddress()withverifyMessage()from viemverifyMessage({ address, message, signature })Context: Introduced in PR #84.
Checklist:
recoverMessageAddresswithverifyMessageinsrc/app/api/ratings/route.tsnpm run lintandnpm run typecheckpassLabels:
bug,agent/T3