Implement EIP-191 signature verification for native ETH payments; enhance payment verification logic and error handling in the x402 service.

Author: didierkrux

devcon/src/pages/api/x402/tickets/verify.ts

@@ -14,7 +14,7 @@
  * - Ticket details
  */
 import type { NextApiRequest, NextApiResponse } from 'next'
-import { verifyPayment, verifyPaymentDirect, verifyPaymentNativeEth, getPaymentRecipient, usdToUsdcAmount, encodeSettlementResponseHeader } from 'services/x402'
+import { verifyPayment, verifyPaymentDirect, verifyPaymentNativeEth, getPaymentRecipient, usdToUsdcAmount, encodeSettlementResponseHeader, getPublicClientForChainId } from 'services/x402'
 import { getUsdcConfig } from 'services/relayer'
 import type { SettleResponse } from 'types/x402'
 import { createOrder, confirmOrderPayment } from 'services/pretix'
@@ -52,6 +52,22 @@ interface VerifyRequest {
   symbol?: string
   /** Token contract address. Required for multi-token chains (e.g. USDC vs USDT0 on Arbitrum). Falls back to USDC if omitted. */
   tokenAddress?: string
+  /**
+   * EIP-191 signature proving the caller owns the `payer` wallet.
+   * REQUIRED when `symbol === 'ETH'`. Prevents cross-order tx reuse attacks
+   * on the native ETH path (USDC/USDT0 are already bound via EIP-3009).
+   */
+  ethPayerSignature?: string
+}
+
+/** Build the ETH-only message that the payer signs before their /verify call. */
+function buildEthPayerMessage(paymentReference: string, payer: string, chainId: number): string {
+  return (
+    'Devcon ticket payment (ETH)\n' +
+    `Payment reference: ${paymentReference}\n` +
+    `Payer: ${payer}\n` +
+    `Chain: ${chainId}`
+  )
 }
 
 interface VerifySuccessResponse {
@@ -197,6 +213,55 @@ export default async function handler(
       })
     }
 
+    // For native ETH, require a signature over paymentReference+payer+chainId to
+    // cryptographically prove the caller owns the `payer` wallet. USDC/USDT0 are
+    // already bound via EIP-3009 at prepare-authorization time so no extra
+    // signature is needed for those paths.
+    if (body.symbol === 'ETH') {
+      if (!body.ethPayerSignature || typeof body.ethPayerSignature !== 'string') {
+        return res.status(400).json({
+          success: false,
+          error: 'ethPayerSignature is required for native ETH payments',
+        })
+      }
+      if (body.chainId == null) {
+        return res.status(400).json({
+          success: false,
+          error: 'chainId is required for native ETH payments',
+        })
+      }
+      const message = buildEthPayerMessage(body.paymentReference, body.payer, body.chainId)
+      // Use verifyMessage which handles BOTH EOA (ECDSA recovery) and smart
+      // wallet (ERC-1271 isValidSignature) signatures. For contracts it calls
+      // isValidSignature on the payer address and checks the 0x1626ba7e magic value.
+      const client = getPublicClientForChainId(body.chainId)
+      if (!client) {
+        return res.status(400).json({
+          success: false,
+          error: `Unsupported chainId for signature verification: ${body.chainId}`,
+        })
+      }
+      let sigValid = false
+      try {
+        sigValid = await client.verifyMessage({
+          address: body.payer as `0x${string}`,
+          message,
+          signature: body.ethPayerSignature as `0x${string}`,
+        })
+      } catch (e) {
+        return res.status(400).json({
+          success: false,
+          error: `ethPayerSignature verification failed: ${(e as Error).message}`,
+        })
+      }
+      if (!sigValid) {
+        return res.status(403).json({
+          success: false,
+          error: 'ethPayerSignature does not match the payer address',
+        })
+      }
+    }
+
     // Verify payment on-chain
     const expectedAmount = usdToUsdcAmount(pendingOrder.totalUsd)
     const paymentProof: X402PaymentProof = {
@@ -211,12 +276,16 @@ export default async function handler(
     console.log('[Verify] Attempting primary verification via x402 service', body.chainId != null ? `(chain ${body.chainId})` : '')
     let verification = await verifyPayment(paymentProof)
 
-    // Only try native ETH when client indicates ETH payment; otherwise we'd wrongly run it for USDC and fail (from/to mismatch)
+    // Only try native ETH when client indicates ETH payment; otherwise we'd wrongly run it for USDC and fail (from/to mismatch).
+    // Error prefix match (not exact) because verifyPayment may append diagnostic detail to the message.
     if (
       !verification.verified &&
       body.symbol === 'ETH' &&
       body.chainId != null &&
-      (verification.error === 'No matching transfer found in transaction' || verification.error === 'Invalid payment reference')
+      (
+        verification.error?.startsWith('No matching transfer found in transaction') ||
+        verification.error === 'Invalid payment reference'
+      )
     ) {
       const expectedAmountWei = pendingOrder.expectedEthAmountWeiByChain?.[String(body.chainId)]
       if (!expectedAmountWei) {

devcon/src/pages/tickets/store/checkout.tsx

@@ -264,6 +264,12 @@ function CheckoutContent() {
   // Gasless state
   const [authorizationData, setAuthorizationData] = useState<any>(null)
   const [isExecutingGasless, setIsExecutingGasless] = useState(false)
+  // True during the verifyPayment poll (between tx broadcast and order confirmation).
+  // Used to lock token/network selection until verification resolves.
+  const [isVerifying, setIsVerifying] = useState(false)
+  // EIP-191 signature binding payer wallet to the payment reference.
+  // Only populated for the native ETH path (USDC/USDT0 are bound via EIP-3009).
+  const [ethPayerSignature, setEthPayerSignature] = useState<string | null>(null)
 
   // Payment options (multi-chain)
   const [paymentOptions, setPaymentOptions] = useState<PaymentOption[]>([])
@@ -669,7 +675,8 @@ function CheckoutContent() {
     isWritePending ||
     isTxLoading ||
     isSendTxPending ||
-    isSendTxReceiptLoading
+    isSendTxReceiptLoading ||
+    isVerifying
 
   // Invalidate stale payment when user navigates away from payment section
   // (e.g. goes back to edit add-ons, contact details, etc.)
@@ -1227,6 +1234,32 @@ function CheckoutContent() {
         setPurchaseError('Invalid transaction request')
         return
       }
+      if (!walletClient) {
+        setPurchaseError('Wallet not connected')
+        return
+      }
+
+      // Sign a payer-proof message BEFORE sending the tx. Binds the wallet to
+      // this specific paymentReference+chain so the /verify endpoint can
+      // cryptographically confirm the caller owns the payer address (and is
+      // not replaying someone else's on-chain tx for a different order).
+      const chainIdForSig = Number(paymentDetails.chainId)
+      const payerMessage =
+        'Devcon ticket payment (ETH)\n' +
+        `Payment reference: ${paymentDetails.paymentReference}\n` +
+        `Payer: ${address}\n` +
+        `Chain: ${chainIdForSig}`
+      setPaymentStatus('Sign payer proof in wallet...')
+      let sig: string
+      try {
+        sig = await walletClient.signMessage({ account: address, message: payerMessage })
+      } catch (e) {
+        setPurchaseError(humanizeWalletError(e))
+        setPaymentStatus(null)
+        return
+      }
+      setEthPayerSignature(sig)
+
       setPaymentStatus('Confirm in wallet...')
       try {
         await sendTransactionAsync({
@@ -1247,6 +1280,7 @@ function CheckoutContent() {
     const maxAttempts = 5
     const retryDelay = 8000
 
+    setIsVerifying(true)
     setPaymentStatus(attempt > 1
       ? `Waiting for on-chain confirmation... (${attempt}/${maxAttempts})`
       : 'Verifying payment...')
@@ -1263,6 +1297,9 @@ function CheckoutContent() {
           chainId: paymentDetails.chainId,
           symbol: paymentDetails.tokenSymbol,
           tokenAddress: paymentDetails.tokenAddress,
+          ...(paymentDetails.tokenSymbol === 'ETH' && ethPayerSignature && {
+            ethPayerSignature,
+          }),
         }),
       })
 
@@ -1293,6 +1330,7 @@ function CheckoutContent() {
 
       setPurchaseError(data.error || 'Payment verification failed')
       setPaymentStatus(null)
+      setIsVerifying(false)
     } catch {
       // Network error — auto-retry
       if (attempt < maxAttempts) {
@@ -1301,6 +1339,7 @@ function CheckoutContent() {
       }
       setPurchaseError('Failed to verify payment')
       setPaymentStatus(null)
+      setIsVerifying(false)
     }
   }
 
@@ -2143,6 +2182,7 @@ function CheckoutContent() {
                                             className={`${css['asset-chip']} ${
                                               tokenFilter === sym ? css['asset-chip--active'] : ''
                                             }`}
+                                            disabled={isProcessing}
                                             onClick={() => {
                                               setTokenFilter(sym)
                                               // Auto-select the best network for this asset
@@ -2180,7 +2220,7 @@ function CheckoutContent() {
                                             type="button"
                                             className={css['network-refresh']}
                                             onClick={() => fetchPaymentOptions()}
-                                            disabled={paymentOptionsLoading}
+                                            disabled={paymentOptionsLoading || isProcessing}
                                           >
                                             Refresh balances
                                           </button>
@@ -2204,8 +2244,8 @@ function CheckoutContent() {
                                                 className={`${css['network-row']} ${
                                                   isSelected ? css['network-row--selected'] : ''
                                                 } ${!canPay ? css['network-row--insufficient'] : ''}`}
-                                                disabled={!canPay}
-                                                onClick={() => canPay && selectPaymentOption(opt)}
+                                                disabled={!canPay || isProcessing}
+                                                onClick={() => canPay && !isProcessing && selectPaymentOption(opt)}
                                               >
                                                 <span className={css['network-row-icon']}>
                                                   {NETWORK_LOGOS[chainIdNum] && (

devcon/src/services/x402.ts

@@ -62,7 +62,7 @@ const publicClient = createPublicClient({
   transport: getTransport(chain.id),
 })
 
-function getPublicClientForChainId(chainId: number) {
+export function getPublicClientForChainId(chainId: number) {
   const c = CHAIN_ID_TO_CHAIN[chainId]
   if (!c) return null
   return createPublicClient({ chain: c, transport: getTransport(chainId) })
@@ -294,7 +294,30 @@ export async function verifyPayment(proof: X402PaymentProof): Promise<X402Paymen
       }
     }
 
-    return { verified: false, error: 'No matching transfer found in transaction' }
+    // Build a descriptive error explaining what was expected vs. what we found.
+    // Helps users understand failures on smart-wallet flows where the outer
+    // tx never actually delivers funds to our merchant (e.g., Coinbase Smart
+    // Wallet + its own paymaster bypasses our relayer).
+    const transfersFromPayer = transferLogs
+      .map((log) => ({
+        from: `0x${log.topics[1]?.slice(26)}`.toLowerCase(),
+        to: `0x${log.topics[2]?.slice(26)}`.toLowerCase(),
+        value: BigInt(log.data).toString(),
+      }))
+      .filter((t) => t.from === payer.toLowerCase())
+    const transfersToRecipient = transferLogs
+      .map((log) => ({
+        from: `0x${log.topics[1]?.slice(26)}`.toLowerCase(),
+        to: `0x${log.topics[2]?.slice(26)}`.toLowerCase(),
+        value: BigInt(log.data).toString(),
+      }))
+      .filter((t) => t.to === recipient.toLowerCase())
+    const summary = [
+      `expected: from=${payer.toLowerCase()} to=${recipient.toLowerCase()} value>=${proof.expectedAmount}`,
+      `from payer (${transfersFromPayer.length}): ${JSON.stringify(transfersFromPayer)}`,
+      `to recipient (${transfersToRecipient.length}): ${JSON.stringify(transfersToRecipient)}`,
+    ].join(' | ')
+    return { verified: false, error: `No matching transfer found in transaction. ${summary}` }
   } catch (error) {
     console.error('Error verifying payment:', error)
     return { verified: false, error: `Verification error: ${(error as Error).message}` }
@@ -400,6 +423,59 @@ export async function verifyPaymentDirect(
   }
 }
 
+/**
+ * Walk a `debug_traceTransaction` call tree looking for an internal ETH
+ * transfer from `fromAddr` to `toAddr` with value >= `minValue`.
+ * Supports ERC-4337 bundler flows where the outer tx.from is a bundler EOA
+ * and the real ETH movement happens in an internal call from the smart wallet.
+ *
+ * Requires the RPC provider to support `debug_traceTransaction` with the
+ * `callTracer`. Alchemy, QuickNode, and Infura (paid tier) all support this.
+ */
+type CallTraceNode = {
+  from?: string
+  to?: string
+  value?: string
+  type?: string
+  calls?: CallTraceNode[]
+}
+
+async function findInternalEthTransfer(
+  client: ReturnType<typeof getPublicClientForChainId>,
+  txHash: string,
+  fromAddrLower: string,
+  toAddrLower: string,
+  minValue: bigint,
+): Promise<{ found: boolean; valueWei?: bigint; error?: string }> {
+  if (!client) return { found: false, error: 'No RPC client' }
+  try {
+    // Cast to any to bypass viem's strict typed RPC schema; debug_traceTransaction
+    // is a non-standard but widely supported method (Alchemy, QuickNode, Infura).
+    const trace = (await (client as any).request({
+      method: 'debug_traceTransaction',
+      params: [txHash, { tracer: 'callTracer' }],
+    })) as CallTraceNode
+
+    const stack: CallTraceNode[] = [trace]
+    const zero = BigInt(0)
+    while (stack.length > 0) {
+      const node = stack.pop()!
+      const nodeValue = node.value ? BigInt(node.value) : zero
+      if (
+        nodeValue >= minValue &&
+        node.from?.toLowerCase() === fromAddrLower &&
+        node.to?.toLowerCase() === toAddrLower
+      ) {
+        return { found: true, valueWei: nodeValue }
+      }
+      if (node.calls) stack.push(...node.calls)
+    }
+    return { found: false }
+  } catch (e) {
+    return { found: false, error: (e as Error).message }
+  }
+}
+
 /**
  * Verify a native ETH payment (value transfer) on-chain
  */
@@ -454,12 +530,34 @@ export async function verifyPaymentNativeEth(
     }
 
     const recipientLower = expectedRecipient.toLowerCase()
+    const payerLower = payer.toLowerCase()
     const toMatch = tx.to && tx.to.toLowerCase() === recipientLower
-    if (!toMatch || tx.from?.toLowerCase() !== payer.toLowerCase()) {
-      return { verified: false, error: 'Transaction from/to does not match payment' }
-    }
-    if (tx.value < BigInt(expectedAmountWei)) {
-      return { verified: false, error: 'Transaction value is less than required amount' }
+    const fromMatch = tx.from?.toLowerCase() === payerLower
+
+    // Happy path: EOA sends ETH directly — tx.from/tx.to/tx.value all match.
+    if (toMatch && fromMatch) {
+      if (tx.value < BigInt(expectedAmountWei)) {
+        return { verified: false, error: 'Transaction value is less than required amount' }
+      }
+    } else {
+      // Smart wallet / ERC-4337 bundler path: the outer tx is sent by a
+      // bundler/EntryPoint, and the actual ETH transfer happens in an
+      // internal call from the smart wallet (payer) to the recipient.
+      // We inspect the tx trace to find a matching internal transfer.
+      console.log('[x402] Native ETH direct match failed; trying trace-based detection for smart-wallet / 4337 flow')
+      const traceMatch = await findInternalEthTransfer(
+        client,
+        txHash,
+        payerLower,
+        recipientLower,
+        BigInt(expectedAmountWei),
+      )
+      if (!traceMatch.found) {
+        const reason = `tx.from=${tx.from} (expected payer=${payer}), tx.to=${tx.to} (expected recipient=${expectedRecipient}); no matching internal transfer found`
+        console.warn('[x402] Native ETH mismatch:', reason, traceMatch.error ?? '')
+        return { verified: false, error: `Transaction from/to does not match payment: ${reason}` }
+      }
+      console.log('[x402] Native ETH verified via trace; internal transfer value =', traceMatch.valueWei?.toString())
     }
 
     const gasCostWei = receipt.gasUsed != null && receipt.effectiveGasPrice != null