Standards

ERC1271

ERC1271 is the standard for validating signatures from smart contracts through isValidSignature.

ERC1271 lets a contract wallet or multisig prove that a signature is valid.

ERC1271 Explained in Detail

ERC1271 defines isValidSignature(bytes32 hash, bytes signature). A contract returns a magic value when it accepts the signature for the hash.

This matters because smart wallets, multisigs, DAOs, and account abstraction accounts do not always authorize actions with a simple EOA signature.

Smart contract example

bytes4 constant MAGIC_VALUE = 0x1626ba7e;

Valid ERC1271 checks must compare against the exact magic value, not just a truthy result.

ERC1271 in Auditing

Signature code often protects orders, permits, withdrawals, votes, and account operations. If ERC1271 validation is treated like raw ecrecover, contract signers can be rejected or accepted incorrectly.

Auditors verify signer state, replay protection, domain separation, and failure handling.

Red flags in code

  • The caller accepts any nonzero return value.

  • Reverts are treated as valid signatures.

  • Signed data omits nonce, deadline, chain, or contract domain.

  • Validation ignores revoked owners or changed multisig state.

  • Raw signatures are tracked instead of digest or nonce.

How to test or review it

  • Test valid and invalid contract signatures.

  • Require the exact ERC1271 magic value.

  • Replay the same signature and expect failure when the action is one-time.

  • Test changed owner, revoked module, and expired signature states.

  • Use staticcall patterns carefully and handle failed calls as invalid.

Sources