Web3 Now: Signed Data

Squeebo
2 min readJul 1, 2022

--

Before we begin: sorry for my hiatus, I’ve been cooking up some new tech to secure your tokens, and I’m pouring everything into that! Comin’ in hot!

The Web3 atmosphere evolves in leaps and bounds… and cartwheels and every other acrobatic maneuver. That’s why today’s topic, Signed Data, is so challenging to piece together.

My first experience with Signed Data occurred with the Sneaky Vampire Syndicate (SVS) launch; they used this technique to queue their minters into batches and reduce gas wars. But because the mint was over, I could only get my hands on the smart contract — my research would be a lot easier if I had the website code available too!

As a result, it took me about a month and 10 different articles to piece it all together, so today’s goal is to bake this wonderful mechanism into 4 solid snippets that you can use for your degen purposes.

How does Signed Data benefit your project? First, it takes data offline so that you’re not paying to get it on-chain or through an oracle like Chainlink. This is what SVS did for their premint access list. Second, Signed Data can be created “just in time” which allows you to be much more dynamic. Unlike Merkle Tree, you can change the access list in real time.

Step 1: Create a Signer (wallet/account)

We need a wallet and its private key to provide a signature for the data we’re sending. This is a critical point, because we need to be sure the data has not been tampered with.

Create an account (and PK) to sign and validate our data

Step 2a: Base Contract

This is just a simple “base class” that provides valuable functions for validating the data and signature. Notice that the hash is created from 3 things:

  1. the contract address
  2. the user’s address
  3. the raw data (shown in the next example)

This ensures that the data is only valid for this contract and user.

Signed.sol provides core methods for validating the data + signature

Step 2b: Design the data and verify it

Signed Data can have a custom format, but we must follow that format exactly, otherwise the validation will fail. A struct makes it easy to organize and package the data. In this example, the data has an ID, quantity, and an expiration time.

Note that the ID is used as a nonce — this prevents replay attacks.
And the expiration time ensures that a transaction cannot be executed after a specific time/age.

SignedData2B.sol shows how to use methods from Signed.sol

Step 3: Load the signer and generate a signature

For this example, I’m providing my HardHat / Truffle unit test. This code can be copy-pasted into an Express.js backend or Vercel APIs. BUT you must not expose the private key to the browser.

I hope this removes the challenge of using Signed Data in your next smart contract. Please leave a comment if this helped, or if you need extra detail on any aspect. I’ll publish a github repo in a few days to make things even easier.

-Squeebo

--

--

Squeebo

👨‍👧‍👦Father 👨‍💻Geek 💪USMC 🥃Scotchie 👨‍🔬Solidity mad scientist :: Discord: Squeebo#0001 :: https://t.co/ydqstnZb6O