Conversation
Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
…ated: IthacaAccount
…thacaxyz#379 Combines the following fixes: - PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker - PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.) - PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max) Co-Authored-By: GarmashAlex <noreply@github.com> Co-Authored-By: sukrucildirr <noreply@github.com> Co-Authored-By: Forostovec <noreply@github.com> 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…ated: IthacaAccount
…ated: IthacaAccount
…ated: IthacaAccount
* feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * chore: redundant multichain bool * fix: lint * .
* feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * . * ~50 failing tests down to 5 * down to 1 failing test * fixed failing test * chore: remove console logs and bench * . * Update test/Base.t.sol * Update src/Orchestrator.sol * Update test/utils/mocks/MockPayerWithSignatureOptimized.sol * chore: final cleanup, rebench * Update src/Orchestrator.sol * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator * chore: cleanup * rebase * fix --------- Co-authored-by: GitHub Action <action@github.com>
…ated: Orchestrator,SimpleFunder,Simulator
Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow CI: Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
contracts update
There was a problem hiding this comment.
Sorry @Dargon789, your pull request is larger than the review limit of 150000 diff characters
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
This comment was marked as resolved.
This comment was marked as resolved.
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a comprehensive refactoring of the project's deployment infrastructure and core contract logic, primarily focusing on gas efficiency and maintainability. The deployment system has been modernized to leverage Foundry's Highlights
Changelog
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request introduces a significant refactoring of the deployment and configuration system, migrating from forge-std/Config to a more robust approach using Foundry's fork-based configuration and JSON registry files. This is a commendable improvement for maintainability and idempotency. The Orchestrator contract has also been heavily optimized for gas by using direct calldata access, which is an advanced and effective technique. However, this refactoring has introduced a critical security vulnerability by removing the settler address from the signed EIP-712 digest, allowing it to be tampered with by a malicious relayer. Additionally, a logic change in the payment flow could break multichain intents. I've also included a high-severity comment on a security best practice in the .env.example file and a medium-severity comment on improving the maintainability of the deployment script.
I am having trouble creating individual review comments. Click here to see my feedback.
src/Orchestrator.sol (494-504)
The settlerData, which contains the settler address and settlerContext, is no longer part of the EIP-712 signed digest. The previous INTENT_TYPEHASH included the settler address, ensuring its integrity. By moving it out of the signed data, a malicious relayer can now tamper with it, potentially redirecting the settlement message to a malicious contract. This could lead to theft of funds or other exploits in the cross-chain settlement process.
To fix this, the settler address and settlerContext (or a hash of it) must be included in the signed EIP-712 digest.
.env.example (8)
The PRIVATE_KEY is set to a default, well-known test key. While this is an example file, it's a security best practice to leave private key fields empty to prevent accidental commitment of real private keys. Developers might copy the file and forget to change it, leading to security risks if the repository is public or the key is used on a testnet with real value.
PRIVATE_KEY=
src/Orchestrator.sol (345-351)
The check for the payer's balance is now performed for all intents, including multichain intents. The previous implementation correctly skipped this check for multichain intents, as their funding can happen later inside the gas-limited selfCallPayVerifyCall537021665. This premature balance check will cause valid multichain intents to fail if the payer does not have the funds at this point but expects to be funded during execution. This appears to be a regression.
uint256 nonce = _getNonce();
// Early skip the entire pay-verify-call workflow if the payer lacks tokens,
// so that less gas is wasted when the Intent fails.
// For multi chain mode, we skip this check, as the funding happens inside the self call.
if (nonce >> 240 != MERKLE_VERIFICATION && TokenTransferLib.balanceOf(_getPaymentToken(), payer) < _getPaymentAmount()) {
err = PaymentError.selector;
if (flags == _SIMULATION_MODE_FLAG) {
revert PaymentError();
}
}
deploy/DeployMain.s.sol (459-530)
The writeToRegistry function manually constructs a JSON string using a series of string.concat calls. This approach is verbose, hard to maintain, and prone to formatting errors (like missing or extra commas).
Consider using Foundry's stdJson library to build the JSON object in a more structured and safer way. This would make the code cleaner, more robust, and easier to modify when new contracts are added.
* feat: add ERC20 transfer benchmark for Porto with passkey Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) * feat: allow early refunds by recipient in escrow * feat: add callSansTo support to ERC7821 execute * chore: improvements and fixes to ERC7821Ithaca * chore: add address(0) replacement to new compute digest * fix: sanitize upper bits before checking replacement + tests * feat: do not add replay safe wrapper if sig is eoa * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * chore: use `auto-assign-pr.yml` org action * fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379 Combines the following fixes: - PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker - PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.) - PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max) 🤖 Generated with [Claude Code](https://claude.ai/code) * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: subaccount design using spend function * test: complete subaccount flow with unit test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: fix and simplify multichain design (ithacaxyz#327) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * chore: redundant multichain bool * fix: lint * . * feat: remove intent struct (ithacaxyz#365) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * . * ~50 failing tests down to 5 * down to 1 failing test * fixed failing test * chore: remove console logs and bench * . * Update test/Base.t.sol * Update src/Orchestrator.sol * Update test/utils/mocks/MockPayerWithSignatureOptimized.sol * chore: final cleanup, rebench * Update src/Orchestrator.sol * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator * chore: cleanup * rebase * fix --------- * feat: native merkle sig verification in Account * chore: fmt * chore: unify merkle sig flow for orchestrator multi chain intents * chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator * Add .circleci/config.yml (#1) Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow CI: Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine * Update ci.yaml * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" * Update ci.yaml * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. * Create CNAME (#9) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" * Update ci.yaml * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. --------- * Update ci.yaml (#10) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d * Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15) https://github.com/Dargon789/account/security/code-scanning/3 * Update ci.yaml (#16) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d * Delete CNAME * Update Brutalizer.sol * Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17) * Refactor deployment scripts and update configs Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments. * Fix commit user email format in CI workflow (#18) 30a2096 * Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19) * Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20) * Update ci.yaml (#21) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d * Master (#22) * Merge branch 'master' (#8) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" * Update ci.yaml * Create CNAME --------- * Revert "fix vm block accoount (#11)" (#13) Reverts #11 Summary by Sourcery CI: Update the Forge test command in the CI workflow to enable reruns and increase verbosity. This reverts commit 942017f. --------- * Update ci.yaml * Refactor function signatures and formatting for consistency Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made. * Delete .circleci directory (#27) * # Default ignored files * .snapshot_worktree * Delete .idea directory (#35) * pre-commit * pre-commit * deploy execute_config.sh * Update forge-std * Update check-bytecode-changes.js * pre-commit * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes contracts update * v0.5.11 * chore: unify merkle sig flow for orchestrator multi chain intents * test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412) * Refactor function signatures and formatting for consistency --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: howy <132113803+howydev@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add ERC20 transfer benchmark for Porto with passkey Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) * feat: allow early refunds by recipient in escrow * feat: add callSansTo support to ERC7821 execute * chore: improvements and fixes to ERC7821Ithaca * chore: add address(0) replacement to new compute digest * fix: sanitize upper bits before checking replacement + tests * feat: do not add replay safe wrapper if sig is eoa * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * chore: use `auto-assign-pr.yml` org action * fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379 Combines the following fixes: - PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker - PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.) - PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max) 🤖 Generated with [Claude Code](https://claude.ai/code) * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: subaccount design using spend function * test: complete subaccount flow with unit test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: fix and simplify multichain design (ithacaxyz#327) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * chore: redundant multichain bool * fix: lint * . * feat: remove intent struct (ithacaxyz#365) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * . * ~50 failing tests down to 5 * down to 1 failing test * fixed failing test * chore: remove console logs and bench * . * Update test/Base.t.sol * Update src/Orchestrator.sol * Update test/utils/mocks/MockPayerWithSignatureOptimized.sol * chore: final cleanup, rebench * Update src/Orchestrator.sol * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator * chore: cleanup * rebase * fix --------- * feat: native merkle sig verification in Account * chore: fmt * chore: unify merkle sig flow for orchestrator multi chain intents * chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator * Add .circleci/config.yml (#1) Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow CI: Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine * Update ci.yaml * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" * Update ci.yaml * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. * Create CNAME (#9) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" * Update ci.yaml * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. --------- * Update ci.yaml (#10) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d * Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15) https://github.com/Dargon789/account/security/code-scanning/3 * Update ci.yaml (#16) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d * Delete CNAME * Update Brutalizer.sol * Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17) * Refactor deployment scripts and update configs Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments. * Fix commit user email format in CI workflow (#18) 30a2096 * Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19) * Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20) * Update ci.yaml (#21) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d * Master (#22) * Merge branch 'master' (#8) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" * Update ci.yaml * Create CNAME --------- * Revert "fix vm block accoount (#11)" (#13) Reverts #11 Summary by Sourcery CI: Update the Forge test command in the CI workflow to enable reruns and increase verbosity. This reverts commit 942017f. --------- * Update ci.yaml * Refactor function signatures and formatting for consistency Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made. * Delete .circleci directory (#27) * # Default ignored files * .snapshot_worktree * Delete .idea directory (#35) * pre-commit * pre-commit * deploy execute_config.sh * Update forge-std * Update check-bytecode-changes.js * pre-commit * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes contracts update * v0.5.11 * chore: unify merkle sig flow for orchestrator multi chain intents * test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412) * Refactor function signatures and formatting for consistency --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: howy <132113803+howydev@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
No description provided.