Implement or review Web2 wallet-based auth (SIWE/EIP-712) with nonce+expiry+anti-replay, ERC-1271 support, rate limiting, and safe logging. Use when touching login/session/authz endpoints or any signature verification off-chain.
Installation
Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.
Implement or review Web2 wallet-based auth (SIWE/EIP-712) with nonce+expiry+anti-replay, ERC-1271 support, rate limiting, and safe logging. Use when touching login/session/authz endpoints or any signature verification off-chain.
Web2 Wallet Auth (SIWE/EIP-712 + ERC-1271)
When to use
Any change to: login routes, session issuance, signature verification, nonce storage, auth middleware, or endpoints that accept wallet identities.
Any addition of privileged Web2 roles (admin/ops/keeper) or routes that accept IDs from the client.
Goal (Definition of Done)
✅ Login is replay-safe (nonce + expiry + one-time use).
✅ Verification supports both:
EOA signatures (ECDSA)
Smart wallets (ERC-1271 via eth_call isValidSignature)
✅ Domain + chainId are validated.
✅ AuthZ prevents IDOR (deny by default; ownership checks).