Skip to content

fix: check SIWE ExpirationTime independently of NotBefore#2454

Open
oniani1 wants to merge 1 commit intosupabase:masterfrom
oniani1:fix/siwe-expiration-check
Open

fix: check SIWE ExpirationTime independently of NotBefore#2454
oniani1 wants to merge 1 commit intosupabase:masterfrom
oniani1:fix/siwe-expiration-check

Conversation

@oniani1
Copy link
Copy Markdown

@oniani1 oniani1 commented Mar 28, 2026

Fixes #2453

In web3GrantEthereum, the expiration check for SIWE messages is gated on NotBefore != nil:

if parsedMessage.NotBefore != nil && parsedMessage.ExpirationTime != nil && ...

Per EIP-4361, not-before and expiration-time are independent optional fields. When a SIWE message includes an expirationTime but omits notBefore, the entire expiration check is skipped and the expired message is accepted.

The Solana handler already checks them independently and doesn't have this problem.

The MaximumValidityDuration fallback is a separate, broader window based on IssuedAt -- it doesn't respect the per-message ExpirationTime. So a message that sets a short expiration would still be accepted for the full MaximumValidityDuration.

The fix removes parsedMessage.NotBefore != nil && from the expiration check condition, matching the pattern used in the Solana handler.

@oniani1 oniani1 requested a review from a team as a code owner March 28, 2026 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SIWE ExpirationTime check skipped when NotBefore is absent

1 participant

@oniani1