Skip to content

Legion#42

Merged
Dargon789 merged 91 commits into
mainfrom
legion
Mar 14, 2026
Merged

Legion#42
Dargon789 merged 91 commits into
mainfrom
legion

Conversation

@Dargon789

Copy link
Copy Markdown
Owner

No description provided.

github-actions Bot and others added 30 commits August 5, 2025 22:58
Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
…thacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)

Co-Authored-By: GarmashAlex <noreply@github.com>
Co-Authored-By: sukrucildirr <noreply@github.com>
Co-Authored-By: Forostovec <noreply@github.com>

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .
* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <action@github.com>
Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @Dargon789, your pull request is larger than the review limit of 150000 diff characters

@snyk-io

snyk-io Bot commented Mar 14, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@vercel

This comment was marked as resolved.

@gemini-code-assist

Copy link
Copy Markdown

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a comprehensive refactoring of the project's deployment infrastructure and core contract logic, primarily focusing on gas efficiency and maintainability. The deployment system has been modernized to leverage Foundry's vm.readFork* and stdToml for configuration, alongside a new JSON-based registry for deployed addresses. A significant internal change involves optimizing Intent processing within the Orchestrator and Simulator by moving to direct calldata parsing, which is expected to yield gas savings. Additionally, the project now integrates Changesets for better version management, and the Escrow contract has been enhanced with more flexible refund mechanisms.

Highlights

  • Deployment System Refactoring: The deployment and configuration system has been significantly refactored to leverage Foundry's vm.readFork* cheatcodes and stdToml for enhanced flexibility and readability, replacing the older forge-std/Config.sol approach.
  • Centralized Deployment Registry: Introduced JSON registry files (deploy/registry/deployment_*.json) to store deployed contract addresses, decoupling deployment state from the main config.toml and providing a clear record of deployments.
  • Gas Optimization and Intent Handling: The Orchestrator and Simulator contracts underwent major changes to parse Intent data directly from calldata using a new IntentHelpers library, aiming for significant gas savings and more efficient processing by avoiding Solidity's ABI encoding/decoding overhead.
  • Changesets Integration: Adopted Changesets for streamlined versioning and publishing, indicated by the addition of .changeset configuration files, which will help manage releases more effectively.
  • Enhanced Escrow Refund Logic: The Escrow contract's refund mechanism was updated to allow early refunds by either the recipient or depositor, providing greater flexibility and control over escrowed funds.
  • Custom EIP-7702 Implementation: A new ERC7821Ithaca.sol library was introduced to provide a custom EIP-7702 implementation, replacing the generic solady/accounts/ERC7821.sol and allowing for tailored execution modes.
Changelog
  • .changeset/README.md
    • Added a README file for the Changesets tool.
  • .changeset/config.json
    • Added configuration for Changesets, defining changelog generation and access settings.
  • .env.example
    • Updated RPC endpoints, added verification API keys, and removed deprecated upgrade test variables.
  • .gitmodules
    • Added a new submodule for lib/devtools.
  • CHANGELOG.md
    • Removed deprecated changelog entries and updated a minor typo.
  • deploy/ConfigureLayerZeroSettler.s.sol
    • Refactored to use vm.readFork* for configuration and removed forge-std/Config.sol dependency.
    • Removed l0SettlerSigner from LayerZeroChainConfig struct.
    • Updated loadChainConfig to read from fork variables and handle missing LayerZero settler addresses gracefully.
    • Modified resolveDVNAddresses to read from fork variables.
    • Introduced createForks function to explicitly create forks for configured chains.
    • Removed _selectFork helper function, replacing calls with direct vm.selectFork using forkIds.
    • Simplified configureChain by removing endpoint and L0SettlerSigner updates, and added a check to skip unconfigured destinations.
    • Removed LayerZeroChainConfig parameter from setExecutorConfig as it's no longer needed.
  • deploy/DeployMain.s.sol
    • Refactored deployment logic to use stdToml for configuration parsing and introduced JSON registry files for deployed addresses.
    • Removed Config and Variable imports, replacing them with stdToml.
    • Updated ChainConfig struct by adding pauseAuthority and removing l0SettlerSigner, oldOrchestrators, expMinterAddress, and expMintAmount.
    • Removed expToken and exp2Token from DeployedContracts struct.
    • Modified run functions to use vm.readForkChainIds() and introduced initializeDeployment for setup.
    • Updated loadChainConfigFromFork to read configuration directly from fork variables using vm.readFork* functions.
    • Modified getAllContracts to no longer conditionally add ExpToken for testnets.
    • Refactored loadDeployedContracts to read from JSON registry files instead of config.
    • Removed tryGetAddress helper function.
    • Updated logLoadedConfigurations to reflect changes in ChainConfig.
    • Refactored saveDeployedContract to write to JSON registry files and introduced writeToRegistry and getRegistryFilename helpers.
    • Added tryReadAddress helper function for parsing addresses from JSON.
    • Modified deployment functions (deployOrchestrator, deployIthacaAccount, deployAccountProxy, deploySimulator, deploySimpleFunder, deployEscrow, deploySimpleSettler, deployLayerZeroSettler) to check if contracts are already deployed and to use the new ChainConfig structure and saveDeployedContract.
  • deploy/FundSigners.s.sol
    • Refactored to use stdToml for configuration and removed the setOrchestrators function call.
    • Removed Config import and added stdToml import.
    • Updated ISimpleFunder interface by removing setOrchestrators and orchestrators functions.
    • Removed supportedOrchestrators from ChainFundingConfig struct.
    • Modified run functions to use vm.readForkChainIds() and introduced loadConfig.
    • Removed setOrchestratorsInSimpleFunder function.
    • Updated getChainFundingConfig to create forks and read configuration from fork variables using vm.readFork* functions.
  • deploy/README.md
    • Updated documentation to reflect the new configuration structure, registry files, and removed ExpToken deployment details.
    • Adjusted configuration structure example to use [profile.deployment] and [forks.*] sections.
    • Removed automatic address writing to config.toml and introduced registry files section.
    • Updated available contracts list by removing ExpToken.
    • Removed sections related to ExpToken deployment and supporting bash scripts.
  • deploy/config.toml
    • Updated configuration structure to use [forks.*] and [profile.deployment] sections, and removed exp_minter_address and exp_mint_amount.
  • deploy/registry/deployment_11155420_0x0000000000000000000000000000000000000000000000000000000000000001.json
    • Added a JSON registry file for deployed contracts on Optimism Sepolia.
  • deploy/registry/deployment_84532_0x0000000000000000000000000000000000000000000000000000000000000001.json
    • Added a JSON registry file for deployed contracts on Base Sepolia.
  • foundry.toml
    • Updated to extend deploy/config.toml and adjusted filesystem permissions for the new registry directory.
  • gas-snapshots/.gas-snapshot-main
    • Added a new gas snapshot file, capturing gas usage benchmarks for various operations.
  • lib/LayerZero-v2
    • Updated the LayerZero-v2 submodule commit.
  • lib/forge-std
    • Updated the forge-std submodule commit.
  • src/Escrow.sol
    • Modified refund logic to allow early refunds by the recipient or depositor if block.timestamp is past the refundTimestamp or if the caller is the respective party.
  • src/GuardedExecutor.sol
    • Removed direct import of ERC7821 from Solady, now importing ERC7821Ithaca.
    • Updated an error message from SuperAdminCanSpendAnything() to SuperAdminCanExecuteEverything().
    • Corrected typos in doc comments from overriden to overridden.
  • src/IthacaAccount.sol
    • Bumped the contract version to 0.5.11.
    • Adjusted conditional checks for orchestrator calls to improve readability.
    • Formatted getKeys function signature for better readability.
  • src/MultiSigSigner.sol
    • Corrected a typo in a doc comment from Calcualated to Calculated.
    • Clarified a signature validation detail in a doc comment from signaturs to signatures.
  • src/Orchestrator.sol
    • Integrated IntentHelpers library for efficient calldata parsing of Intent structs.
    • Removed isMultichain, encodedPreCalls, encodedFundTransfers, funder, funderSignature, settler, settlerContext, paymentAmount, paymentRecipient, paymentSignature, and supportedAccountImplementation fields from the Intent struct, now handled dynamically via IntentHelpers.
    • Updated INTENT_TYPEHASH and SIGNED_CALL_TYPEHASH to reflect the simplified Intent struct.
    • Added MERKLE_VERIFICATION constant for nonce prefixing.
    • Changed execute function visibility from public to external.
    • Removed nonReentrant modifier from execute(bytes[] calldata) function.
    • Refactored simulateExecute to accept a single bytes calldata encodedIntent parameter, embedding isStateOverride and combinedGasOverride within it.
    • Removed _extractIntent function, as intent data is now accessed directly via IntentHelpers.
    • Updated _execute function to use IntentHelpers for accessing intent fields and removed direct Intent calldata i parameter.
    • Modified selfCallPayVerifyCall537021665 to use IntentHelpers for parsing intent data and handling fund data and pre-calls.
    • Removed _verifyMerkleSig function, as merkle verification is now integrated into the main _verify flow based on nonce prefix.
    • Updated _fund function signature to accept bytes[] calldata encodedFundTransfers.
    • Modified _pay function signature to accept individual payment-related parameters instead of the full Intent struct.
    • Updated _computeDigest functions for both SignedCall and Intent to align with the new struct definitions and calldata parsing approach.
    • Bumped the contract version to 0.5.6.
  • src/SimpleFunder.sol
    • Bumped the contract version to 0.1.9.
    • Updated the approve call in _approve to use a 20-byte all-ones sentinel instead of type(uint256).max for consistency with ERC20 standards.
  • src/Simulator.sol
    • Inherited IntentHelpers for direct calldata parsing of Intent structs.
    • Updated _updatePaymentAmounts to modify bytes memory u directly using assembly based on IntentHelpers offsets.
    • Modified _callOrchestratorCalldata and _callOrchestratorMemory to use abi.encodePacked for simulateExecute calls, embedding simulation flags directly into the encoded intent.
    • Updated simulateCombinedGas and simulateV1Logs to accept bytes calldata calldataIntent and use IntentHelpers for internal data access.
  • src/interfaces/ICommon.sol
    • Removed the Intent struct definition, centralizing its handling in IntentHelpers.
  • src/interfaces/IIthacaAccount.sol
    • Updated the pay function signature to include eoa, payer, paymentToken, paymentRecipient, and paymentSignature parameters.
  • src/interfaces/IOrchestrator.sol
    • Updated the simulateExecute function signature to accept a single bytes calldata encodedIntent parameter.
  • src/libraries/ERC7821Ithaca.sol
    • Added a new library providing a custom EIP-7702 implementation with various execution modes, including single batch, batch of batches, and common to address batching.
  • src/libraries/IntentHelpers.sol
    • Added a new library to assist with parsing Intent data directly from calldata, defining offsets for various fields and providing helper functions to extract them efficiently.
  • test/Base.t.sol
    • Updated imports to use ERC7821Ithaca instead of ERC7821 from Solady.
    • Added _ERC7821_BATCH_SANS_TO_EXECUTION_MODE constant.
  • test/Benchmark.t.sol
    • Updated testERC20Transfer_IthacaAccount to testERC20Transfer_IthacaAccount1.
    • Modified _createIntents to use the new Intent struct and encodeIntent helper.
    • Added testERC20TransferViaPortoOrchestratorWithPasskey for benchmarking passkey-based transfers.
    • Updated testERC20Transfer_IthacaAccountWithSpendLimits to use the new Intent struct and encodeIntent helper.
  • test/Escrow.t.sol
    • Added new test cases for early refund functionality, allowing recipients or depositors to refund before the refundTimestamp.
  • test/GuardedExecutor.t.sol
    • Updated test functions to use the new Intent struct and encodeIntent helper for oc.execute calls.
    • Adjusted nonce handling in testSetAndRemoveSpendLimitRevertsForSuperAdmin and testSetAndRemoveSpendLimit.
  • test/Orchestrator.t.sol
    • Updated test functions to use the new Intent struct and encodeIntent helper for oc.execute calls.
    • Modified _TestFullFlowTemps struct to use the new Intent struct.
    • Adjusted multi-chain intent signature encoding to include additional bytes for compatibility.
    • Removed isMultichain flag from Intent initialization in multi-chain tests, as it's now inferred from nonce.
  • test/SimulateExecute.t.sol
    • Updated test functions to use the new Intent struct and encodeIntent helper for simulator.simulateV1Logs and oc.simulateExecute calls.
  • test/SubAccounts.t.sol
    • Added a new test suite for sub-account functionality with DApp integration, covering parent-child spend permissions and fund transfers.
  • test/utils/interfaces/IPimlicoPaymaster.sol
    • Corrected typos in doc comments from singature to signature.
  • test/utils/mocks/MockOrchestrator.sol
    • Exposed internal _hashTypedData and _hashTypedDataSansChainId functions for testing purposes.
  • test/utils/mocks/MockPayerWithSignature.sol
    • Updated the pay function signature and logic to align with IIthacaAccount changes, including new parameters and nonce handling.
  • test/utils/mocks/MockPayerWithState.sol
    • Updated the pay function signature and logic to align with IIthacaAccount changes, including new parameters and nonce handling.
Ignored Files
  • Ignored by pattern: .github/workflows/** (5)
    • .github/workflows/auto-assign.yaml
    • .github/workflows/ci.yaml
    • .github/workflows/claude-code.yml
    • .github/workflows/manual-deployment.yml
    • .github/workflows/version-check.yaml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a significant refactoring of the deployment and configuration system, migrating from forge-std/Config to a more robust approach using Foundry's fork-based configuration and JSON registry files. This is a commendable improvement for maintainability and idempotency. The Orchestrator contract has also been heavily optimized for gas by using direct calldata access, which is an advanced and effective technique. However, this refactoring has introduced a critical security vulnerability by removing the settler address from the signed EIP-712 digest, allowing it to be tampered with by a malicious relayer. Additionally, a logic change in the payment flow could break multichain intents. I've also included a high-severity comment on a security best practice in the .env.example file and a medium-severity comment on improving the maintainability of the deployment script.

I am having trouble creating individual review comments. Click here to see my feedback.

src/Orchestrator.sol (494-504)

critical

The settlerData, which contains the settler address and settlerContext, is no longer part of the EIP-712 signed digest. The previous INTENT_TYPEHASH included the settler address, ensuring its integrity. By moving it out of the signed data, a malicious relayer can now tamper with it, potentially redirecting the settlement message to a malicious contract. This could lead to theft of funds or other exploits in the cross-chain settlement process.

To fix this, the settler address and settlerContext (or a hash of it) must be included in the signed EIP-712 digest.

.env.example (8)

high

The PRIVATE_KEY is set to a default, well-known test key. While this is an example file, it's a security best practice to leave private key fields empty to prevent accidental commitment of real private keys. Developers might copy the file and forget to change it, leading to security risks if the repository is public or the key is used on a testnet with real value.

PRIVATE_KEY=

src/Orchestrator.sol (345-351)

high

The check for the payer's balance is now performed for all intents, including multichain intents. The previous implementation correctly skipped this check for multichain intents, as their funding can happen later inside the gas-limited selfCallPayVerifyCall537021665. This premature balance check will cause valid multichain intents to fail if the payer does not have the funds at this point but expects to be funded during execution. This appears to be a regression.

        uint256 nonce = _getNonce();
        // Early skip the entire pay-verify-call workflow if the payer lacks tokens,
        // so that less gas is wasted when the Intent fails.
        // For multi chain mode, we skip this check, as the funding happens inside the self call.
        if (nonce >> 240 != MERKLE_VERIFICATION && TokenTransferLib.balanceOf(_getPaymentToken(), payer) < _getPaymentAmount()) {
            err = PaymentError.selector;

            if (flags == _SIMULATION_MODE_FLAG) {
                revert PaymentError();
            }
        }

deploy/DeployMain.s.sol (459-530)

medium

The writeToRegistry function manually constructs a JSON string using a series of string.concat calls. This approach is verbose, hard to maintain, and prone to formatting errors (like missing or extra commas).

Consider using Foundry's stdJson library to build the JSON object in a more structured and safer way. This would make the code cleaner, more robust, and easier to modify when new contracts are added.

@Dargon789 Dargon789 merged commit eca1cf8 into main Mar 14, 2026
10 of 15 checks passed
Dargon789 added a commit that referenced this pull request Mar 15, 2026
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)



* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)





🤖 Generated with [Claude Code](https://claude.ai/code)



* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------



* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml



* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------



* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3



* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)




* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096



* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)




* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)




* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

---------



* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------



* Update ci.yaml



* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Delete .circleci directory (#27)



* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)



* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
Dargon789 added a commit that referenced this pull request Mar 15, 2026
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)



* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)





🤖 Generated with [Claude Code](https://claude.ai/code)



* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------



* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml



* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------



* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3



* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)




* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096



* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)




* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)




* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d



* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv


* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv


* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"


* Update ci.yaml



* Create CNAME

---------



* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------



* Update ci.yaml



* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Delete .circleci directory (#27)



* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)



* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Sequence diagram for merkle-based signature verification in IthacaAccount Sequence diagram for wrapped and Merkle signature validation

6 participants