Skip to main content

Sign arbitrary messages

1. Initialize a blockchain provider

import Web3 from 'web3';
import UniversalProfileContract from '@lukso/lsp-smart-contracts/artifacts/UniversalProfile.json';

const web3 = new Web3(window.ethereum);

2. Get access to the profile address in use

A call to requestAccounts will open an extension popup to authorize an account.

const accountsRequest: string[] = await web3.eth.requestAccounts();
const accounts: string[] = await web3.eth.getAccounts(); //should also return the same addresses

3. Sign message

const message = 'Hello World';
const address = web3.currentProvider.selectedAddress;
const signature = await web3.eth.sign(message, address);

Verify the signature on the Universal Profile

Because the UP is a smart contract, and the messages are usually signed by a controller account (EOA), Universal Profile has the isValidSignature(...) function implemented to check if the signature was signed (EIP-1271) by an EOA that has the SIGN permission over the Universal Profile.

const myUpAddress = '0x......';

const myUniversalProfile = new web3.eth.Contract(

const hashedMessage = web3.utils.keccak256(message);

// if the signature is valid it should return the magic value 0x1626ba7e
const isValidSignature = myUniversalProfile.methods.isValidSignature(

If isValidSignature returns the magic value: 0x1626ba7e, then, the message was signed by an EOA which has a SIGN permission for this Universal Profile.