Implement or review Web2 wallet-based auth (SIWE/EIP-712) with nonce+expiry+anti-replay, ERC-1271 support, rate limiting, and safe logging. Use when touching login/session/authz endpoints or any signature verification off-chain.
설치
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Implement or review Web2 wallet-based auth (SIWE/EIP-712) with nonce+expiry+anti-replay, ERC-1271 support, rate limiting, and safe logging. Use when touching login/session/authz endpoints or any signature verification off-chain.
Web2 Wallet Auth (SIWE/EIP-712 + ERC-1271)
When to use
Any change to: login routes, session issuance, signature verification, nonce storage, auth middleware, or endpoints that accept wallet identities.
Any addition of privileged Web2 roles (admin/ops/keeper) or routes that accept IDs from the client.
Goal (Definition of Done)
✅ Login is replay-safe (nonce + expiry + one-time use).
✅ Verification supports both:
EOA signatures (ECDSA)
Smart wallets (ERC-1271 via eth_call isValidSignature)
✅ Domain + chainId are validated.
✅ AuthZ prevents IDOR (deny by default; ownership checks).