Skip to content

Legion#107

Open
Dargon789 wants to merge 12 commits into
mainfrom
Legion
Open

Legion#107
Dargon789 wants to merge 12 commits into
mainfrom
Legion

Conversation

@Dargon789

Copy link
Copy Markdown
Owner

No description provided.

GIOANNANIA and others added 12 commits November 20, 2025 13:13
Introduces Multicall3 simulation methods in Simulator.sol, enabling simulation of orchestrator calls with pre-execution calls via Multicall3. Adds IMulticall3 interface, updates related tests to cover multicall simulation flows, and includes minor formatting and interface signature changes for consistency.
* feat: add multicall to simulator (ithacaxyz#402)

* feat: add multicall to simulator

* chore: add gas test

* chore: review fixes

* chore: fmt contracts and update gas snapshots

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

---------

Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
…n permissions (#32)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)

Co-Authored-By: GarmashAlex <noreply@github.com>
Co-Authored-By: sukrucildirr <noreply@github.com>
Co-Authored-By: Forostovec <noreply@github.com>

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <action@github.com>

* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)

Co-Authored-By: GarmashAlex <noreply@github.com>
Co-Authored-By: sukrucildirr <noreply@github.com>
Co-Authored-By: Forostovec <noreply@github.com>

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <action@github.com>

* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)



* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)





🤖 Generated with [Claude Code](https://claude.ai/code)



* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------



* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml



* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------



* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3



* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)




* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096



* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)




* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)




* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

---------



* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------



* Update ci.yaml



* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Delete .circleci directory (#27)



* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)



* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Legion (#51)

* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)

Co-Authored-By: GarmashAlex <noreply@github.com>
Co-Authored-By: sukrucildirr <noreply@github.com>
Co-Authored-By: Forostovec <noreply@github.com>

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <action@github.com>

* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* save local changes before merge

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Add Multicall3 simulation support to Simulator

Introduces Multicall3 simulation methods in Simulator.sol, enabling simulation of orchestrator calls with pre-execution calls via Multicall3. Adds IMulticall3 interface, updates related tests to cover multicall simulation flows, and includes minor formatting and interface signature changes for consistency.

* feat: add multicall to simulator (ithacaxyz#402)  (#24)

* feat: add multicall to simulator (ithacaxyz#402)

* feat: add multicall to simulator

* chore: add gas test

* chore: review fixes

* chore: fmt contracts and update gas snapshots

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

---------

Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com>

* Fix commit user email formatting in CI workflow

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "feat: add multicall to simulator (ithacaxyz#402)  (#24)" (#26)

This reverts commit 1aef318.

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* # Default ignored files

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#32)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

* Legion (#38)

* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)

Co-Authored-By: GarmashAlex <noreply@github.com>
Co-Authored-By: sukrucildirr <noreply@github.com>
Co-Authored-By: Forostovec <noreply@github.com>

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <action@github.com>

* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: John Doe <jdoe@email.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: John Doe <jdoe@email.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com>
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* chore: use `auto-assign-pr.yml` org action

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* # Default ignored files

* .snapshot_worktree

* Refactor function signatures and formatting for consistency

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

* clear && forge fmt && forge snapshot

clear && forge fmt && forge snapshot --isolate --match-contract Benchmark --via-ir && git add snapshots

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
@vercel

vercel Bot commented May 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
legion Ready Ready Preview, Comment May 6, 2026 3:13pm

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @Dargon789, your pull request is larger than the review limit of 150000 diff characters

@snyk-io

snyk-io Bot commented May 6, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces multi-chain deployment support, merkle signature verification in IthacaAccount.sol, and updates to the escrow refund logic. The review identifies a critical bug in signature flag parsing, a security risk regarding a committed private key in .env.example, concerns about the intent behind the escrow logic changes, and recommendations for ensuring build reproducibility in foundry.toml.

I am having trouble creating individual review comments. Click here to see my feedback.

src/IthacaAccount.sol (551-554)

critical

The logic for reading the prehash and merkle flags from the signature appears to be incorrect. The offsets n + 1 and n + 2 point to bytes within the keyHash, not the flags that follow it. The prehash flag is at offset n + 32 and the merkle flag is at n + 33 relative to the start of the signature data.

This will cause signature validation to behave incorrectly.

You can use LibBytes.loadBytes1 to correctly read the single-byte flags.

            // Do the prehash if the flag is non-zero.
            if (uint8(LibBytes.loadBytes1(signature, n + 32)) != 0) {
                digest = EfficientHashLib.sha2(digest); // `sha256(abi.encode(digest))`.
            }
            merkle = uint8(LibBytes.loadBytes1(signature, n + 33)) != 0;

.env.example (8)

high

Committing a default private key, even a well-known test key, is a security risk. A developer might accidentally use this key in a production-like environment or commit a .env file based on this example without changing it. It's safer to leave the value blank or use a placeholder like YOUR_PRIVATE_KEY to force the user to provide their own key.

PRIVATE_KEY=

src/Escrow.sol (135-140)

high

This change introduces a significant alteration to the escrow logic by allowing the recipient to trigger a full refund for both parties at any time (msg.sender == _escrow.recipient). Previously, refunds were only possible after the refundTimestamp. This change could undermine the purpose of the escrow, which is typically to lock funds until a condition is met or a timeout occurs. If a depositor expects funds to be locked, this early refund capability by the recipient could lead to unexpected behavior and potential loss of trust in the escrow's guarantee. Please verify if this behavior is intended. If so, the contract's documentation should be updated to clearly state this early refund mechanism.

foundry.toml (9-18)

medium

This profile has a couple of changes that might affect build reproducibility and deterministic deployments:

  • solc_version is not pinned: For reproducible builds, it's a best practice to specify the Solidity compiler version. The solc_version key was removed. Without it, different environments might use different compilers. Please consider adding solc_version = "0.8.23" (or your target version).
  • Bytecode metadata is now included: The removal of bytecode_hash = "none" and cbor_metadata = false means that contract bytecode will now include metadata. This makes CREATE2 deployments non-deterministic with respect to metadata changes (e.g., file paths). If deterministic bytecode is desired, please consider adding these settings back.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants