Revert #778: gate EVM submitters at their EVM address, not the derived Zilliqa address

products/governance-api/lib/routes/message.ts

@@ -2,7 +2,7 @@ import { Router } from "express";
 import BN from "bn.js";
 import spaces from "@snapshot-labs/snapshot-spaces";
 import { verifySignature, pinJson } from "../utils";
-import { verifyEVMSignature, zilliqaAddressFromEVMSignature } from "../utils/verify-evm-signature";
+import { verifyEVMSignature } from "../utils/verify-evm-signature";
 import { Message } from "../models";
 import { blockchain } from "../zilliqa/custom-fetch";
 
@@ -226,16 +226,6 @@ message.post("/message", async (req, res) => {
 
     log.info({ address: body.address, sigType: body.sigType || "schnorr" }, "Signature verified");
 
-    // EVM users sign with their 0x (Keccak) address, but their gZIL/ZRC2 balances and space
-    // membership are keyed by their Zilliqa (SHA256) address. Replace body.address with the
-    // canonical Zilliqa address recovered from the signature so the gZIL gate, the pinned
-    // voter-scoring snapshot, and the members/score checks all resolve against the user's real
-    // Zilliqa identity. Applies to both proposals and votes (same handler).
-    if (body.sigType === "evm") {
-      body.address = zilliqaAddressFromEVMSignature(body.sig.message, body.sig.signature);
-      log.info({ zilAddress: body.address }, "EVM identity normalized to Zilliqa address");
-    }
-
     proposal(res, msg);
     await vote(res, msg, ts, log);
 

products/governance-api/lib/utils/verify-evm-signature.ts

@@ -1,5 +1,4 @@
-import { ethers, hashMessage, SigningKey } from 'ethers';
-import { getAddressFromPublicKey } from '@zilliqa-js/crypto';
+import { ethers } from 'ethers';
 
 /**
  * Verifies an EIP-191 personal_sign signature.
@@ -18,24 +17,3 @@ export function verifyEVMSignature(
   const normalised = address.startsWith('0x') ? address.slice(2) : address;
   return recovered.slice(2).toLowerCase() === normalised.toLowerCase();
 }
-
-/**
- * Derives the signer's canonical Zilliqa address (SHA256-based) from an EIP-191 personal_sign
- * signature, by recovering the public key. This is the address ZilPay shows for the same key —
- * i.e. where the user's gZIL/ZRC2 balances and space membership live. We use it to normalise an
- * EVM (MetaMask) submitter to their Zilliqa identity so the gZIL gate, the pinned voter-scoring
- * snapshot, and the members/score checks all resolve correctly.
- *
- * @param message   - The raw string passed to personal_sign (msg.msg from the request).
- * @param signature - The 0x-prefixed hex signature returned by personal_sign.
- * @returns The checksummed Zilliqa base16 address ("0x…").
- */
-export function zilliqaAddressFromEVMSignature(
-  message: string,
-  signature: string
-): string {
-  const digest = hashMessage(message); // EIP-191 digest, matching personal_sign
-  const uncompressed = SigningKey.recoverPublicKey(digest, signature); // "0x04…"
-  const compressed = SigningKey.computePublicKey(uncompressed, true); // "0x02/03…"
-  return getAddressFromPublicKey(compressed.replace(/^0x/, ''));
-}

products/governance-api/package.json

@@ -8,7 +8,7 @@
     "db:seed": "npx sequelize db:seed:all",
     "db:create": "npx sequelize db:create",
     "start": "node --require ts-node/register index.ts",
-    "test": "node --require ts-node/register lib/zilliqa/custom-fetch.test.ts && node --require ts-node/register lib/utils/verify-evm-signature.test.ts"
+    "test": "node --require ts-node/register lib/zilliqa/custom-fetch.test.ts"
   },
   "author": "Hicaru",
   "license": "MIT",