In web3GrantEthereum, the expiration time check for SIWE messages is gated on NotBefore != nil:
if parsedMessage.NotBefore != nil && parsedMessage.ExpirationTime != nil && !parsedMessage.ExpirationTime.IsZero() && now.After(*parsedMessage.ExpirationTime) {Per EIP-4361, not-before and expiration-time are independent optional fields. A SIWE message can specify an expirationTime without a notBefore. When that happens, the entire expiration check is skipped and the expired message is accepted.
The Solana handler checks them independently and doesn't have this issue:
if !parsedMessage.ExpirationTime.IsZero() && now.After(parsedMessage.ExpirationTime) {The MaximumValidityDuration fallback doesn't help here because it's a broader window based on IssuedAt, not the per-message ExpirationTime. A message that sets a 5-minute expiration would still be accepted for the full MaximumValidityDuration window.
Removing parsedMessage.NotBefore != nil && from the condition fixes it.
In
web3GrantEthereum, the expiration time check for SIWE messages is gated onNotBefore != nil:Per EIP-4361,
not-beforeandexpiration-timeare independent optional fields. A SIWE message can specify anexpirationTimewithout anotBefore. When that happens, the entire expiration check is skipped and the expired message is accepted.The Solana handler checks them independently and doesn't have this issue:
The
MaximumValidityDurationfallback doesn't help here because it's a broader window based onIssuedAt, not the per-messageExpirationTime. A message that sets a 5-minute expiration would still be accepted for the fullMaximumValidityDurationwindow.Removing
parsedMessage.NotBefore != nil &&from the condition fixes it.