Got a question about signatures. If you’re looking to connect a wallet to an account with a signature, what would you use to prevent replay attacks? 

Farcaster uses the blockHash.
OpenSea uses a random cryptographic nonce. 
Transactions use the nonce of the address.

Which is right for linking accounts?

For anything more than a weekend project I’d probs use the SIWE standard https://login.xyz/

It uses a nonce with an optional expiration timestamp

There should be many open source examples of it

Building @frens | @orangedao | @a16zcrypto CSS

I like baking and building apps on web3 protocols. DevRel @ ENS Labs. gregskril.com

Ty! What about if you have a mobile app and a website and you might have a changing domain/bundle identifier that is hard to verify?

I'm eth newbie..just learning
(working on @farcaster)

terminally.online

Hmmm I’m not sure. I feel like @horsefacts.eth might know the best approach

You can skip the domain check it your implementation. SIWE can help you validate the signed message contents and you can check those contents further.