Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: light account 1271 signing #963

Merged
merged 5 commits into from
Sep 16, 2024
Merged

fix: light account 1271 signing #963

merged 5 commits into from
Sep 16, 2024

Conversation

adamegyed
Copy link
Collaborator

@adamegyed adamegyed commented Sep 13, 2024
edited by pr-codex bot
Loading

The EIP-712 Domain has been incorrect for both versions of LightAccount. This PR fixes it, and updates the tests to actually verify the signatures rather than just string-matching on the output.

Pull Request Checklist

PR-Codex overview

The focus of this PR is to update the signWith1271Wrapper function in the base.ts file and add support for version-based signing methods.

Detailed summary

  • Updated signWith1271Wrapper function in base.ts to accept a version parameter.
  • Modified signing methods based on the provided version.
  • Added support for signing with different versions in createLightAccountBase function.
  • Updated client setup and message verification in test files.

The following files were skipped due to too many changes: account-kit/smart-contracts/src/light-account/clients/client.test.ts

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@vercel Vercel
Copy link

vercel bot commented Sep 13, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
aa-sdk-site ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 16, 2024 9:26pm
aa-sdk-ui-demo ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 16, 2024 9:26pm

Zer0dot
Zer0dot previously approved these changes Sep 13, 2024
View reviewed changes
Copy link
Collaborator

@Zer0dot Zer0dot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this. Small question, there are unchanged files which have failing assertions-- is that relevant?

Regardless, think it's worth pushing this change, it's a pretty big feature.

account-kit/smart-contracts/src/light-account/clients/client.test.ts
message,
});

// We must use a public client, rather than an account client, to verify the message, because AA-SDK incorrectly attaches the account address as a "from" field to all actions taken by that client, including the `eth_call` used internally by viem's signature verifier logic. Per EIP-684, contract creation reverts on non-zero nonce, and the `eth_call`'s from field implicitly increases the nonce of the account contract, causing the contract creation to revert.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a known thing that we're working on fixing?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TBD from the clients team. We've raised this as an issue in the past, but I'm not sure what the plan for this is.

@adamegyed
Copy link
Collaborator Author

there are unchanged files which have failing assertions

Looks like there were a few other places in the codebase just string-matching on signatures. Currently working on updating these, ideally we can fix all of the test cases.

Zer0dot
Zer0dot previously approved these changes Sep 13, 2024
View reviewed changes
@adamegyed adamegyed changed the title feat: fix light account 1271 signing fix: light account 1271 signing Sep 16, 2024
dphilipson
dphilipson previously approved these changes Sep 16, 2024
View reviewed changes
aa-sdk/ethers/src/__tests__/provider-adapter.test.ts Outdated Show resolved Hide resolved
aa-sdk/ethers/src/__tests__/provider-adapter.test.ts
).toBe(
"0x007ecc361d63ab82d89faeecfb79d40127f376c1ef3d545aeec3578eadce9d0c405a4d1ae6177bdebdc8413065014f735ee98da9643cc0e25c07a7423b694f8ae71b"
);
await publicClient.verifyMessage({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wrote this comment before realizing that the codebase is already doing things the way you did everywhere, so no need to change. But since I already wrote the comment, you get it anyways as a free FYI.

Nit: it's more idiomatic to write this assertion as

await expect(publicClient.verifyMessage({ ... })).resolves.toBe(true)

That way gives a clearer error message in the case where the assertion fails.

Likewise throughout.

@adamegyed adamegyed dismissed stale reviews from dphilipson and Zer0dot via 8bd39a6 September 16, 2024 21:20
@adamegyed adamegyed merged commit c58d4ab into main Sep 16, 2024
6 checks passed
@adamegyed adamegyed deleted the adam/fix-light-account-signing branch September 16, 2024 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dphilipson dphilipson dphilipson approved these changes

@Zer0dot Zer0dot Zer0dot left review comments

@moldy530 moldy530 Awaiting requested review from moldy530 moldy530 is a code owner

@rthomare rthomare Awaiting requested review from rthomare rthomare is a code owner

@dancoombs dancoombs Awaiting requested review from dancoombs dancoombs is a code owner

@mokok123 mokok123 Awaiting requested review from mokok123 mokok123 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adamegyed @dphilipson @Zer0dot