Skip to content

Ithaca account#86

Merged
Dargon789 merged 19 commits into
Dargon789-Refactor-deployment-scripts-and-update-configsfrom
IthacaAccount
Apr 30, 2026
Merged

Ithaca account#86
Dargon789 merged 19 commits into
Dargon789-Refactor-deployment-scripts-and-update-configsfrom
IthacaAccount

Conversation

@Dargon789

@Dargon789 Dargon789 commented Apr 20, 2026

Copy link
Copy Markdown
Owner

Summary by Sourcery

Add Merkle tree–based signature support to IthacaAccount and update tests and benchmarks for the extended wrapped-signature format.

New Features:

  • Support verifying Merkle tree–based signatures that authorize digests via a signed Merkle root in IthacaAccount.
  • Add a benchmark for ERC20 transfers via the Porto orchestrator using passkey-based signatures.

Enhancements:

  • Extend the wrapped-signature format with an additional flag to distinguish Merkle-based signatures while preserving existing behaviors.
  • Simplify EIP-712 domain usage in tests by only relying on the verifying contract field.
  • Bump the IthacaAccount EIP-712 version string from 0.5.10 to 0.5.11.

Tests:

  • Add fuzz tests covering valid, invalid, and tampered Merkle signature verification paths.
  • Update helper signing utilities and orchestrator/simulation tests to use the new wrapped-signature layout.

Chores:

  • Add IDE project configuration files under the .idea directory.

Dargon789 and others added 12 commits April 11, 2026 19:49
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* deploy execute_config.sh

* Update forge-std

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

* Update LayerZero-v2

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* chore: use `auto-assign-pr.yml` org action

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Revert "Delete .idea directory (#35)" (#55)

This reverts commit 512c204.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

* Update LayerZero-v2

---------

Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* deploy execute_config.sh

* Update forge-std

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

* Update LayerZero-v2

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
…n permissions (#66)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions (#67)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions (#68)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* chore: use `auto-assign-pr.yml` org action

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Revert "Delete .idea directory (#35)" (#55)

This reverts commit 512c204.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
Signed-off-by: Dargon789 <null>
This reverts commit 0cb7a77.
@gemini-code-assist
Code Review
This pull request cleans up the repository by removing various IDE-specific configuration files located in the .idea directory. Additionally, it removes the testERC20TransferViaPortoOrchestratorWithPasskey function from the BenchmarkTest contract in test/Benchmark.t.sol. I have no feedback to provide.
@sourcery-ai

sourcery-ai Bot commented Apr 20, 2026

Copy link
Copy Markdown

Reviewer's Guide

Adds Merkle tree–based signature support to IthacaAccount (including a merkle flag in wrapped signatures), updates tests and benchmarks to the new signature encoding, and introduces fuzz tests for Merkle signatures, along with minor EIP-712 domain and version updates plus some IDE config files.

Sequence diagram for merkle-based wrapped signature verification

sequenceDiagram
    actor ExternalCaller
    participant IthacaAccount
    participant MerkleProofLib

    ExternalCaller->>IthacaAccount: unwrapAndValidateSignature(digest, wrappedSig)
    alt signature_length == 65
        IthacaAccount-->>ExternalCaller: isValid = (ECDSA.recoverCalldata == this), keyHash = 0
    else wrapped_signature
        IthacaAccount->>IthacaAccount: parse keyHash, prehashFlag, merkleFlag from wrappedSig
        alt prehashFlag != 0
            IthacaAccount->>IthacaAccount: digest = EfficientHashLib.sha2(digest)
        end
        alt merkleFlag != 0
            IthacaAccount->>IthacaAccount: _verifyMerkleSig(digest, merkleSigPayload)
            IthacaAccount->>MerkleProofLib: verifyCalldata(proof, root, digest)
            alt MerkleProofLib returns true
                IthacaAccount->>IthacaAccount: unwrapAndValidateSignature(root, rootSig)
                IthacaAccount-->>ExternalCaller: isValid, keyHash (from rootSig validation)
            else MerkleProofLib returns false
                IthacaAccount-->>ExternalCaller: isValid = false, keyHash = 0
            end
        else merkleFlag == 0
            IthacaAccount->>IthacaAccount: getKey(keyHash) and validate
            IthacaAccount-->>ExternalCaller: isValid, keyHash
        end
    end
Loading

Class diagram for updated IthacaAccount merkle-aware signature validation

classDiagram
    class IthacaAccount {
        +unwrapAndValidateSignature(bytes32 digest, bytes signature) bool isValid, bytes32 keyHash
        -_verifyMerkleSig(bytes32 digest, bytes signature) bool isValid, bytes32 keyHash
        +eip712DomainDetails() string name, string version
    }

    class MerkleProofLib {
        +verifyCalldata(bytes32[] proof, bytes32 root, bytes32 leaf) bool
    }

    class LibBytes {
        +loadCalldata(bytes data, uint256 index) bytes32
        +truncatedCalldata(bytes data, uint256 newLength) bytes
    }

    class EfficientHashLib {
        +sha2(bytes32 digest) bytes32
    }

    class ECDSA {
        +recoverCalldata(bytes32 digest, bytes signature) address
    }

    IthacaAccount ..> MerkleProofLib : uses
    IthacaAccount ..> LibBytes : uses
    IthacaAccount ..> EfficientHashLib : uses
    IthacaAccount ..> ECDSA : uses
Loading

File-Level Changes

Change Details Files
Add Merkle-based wrapped signature verification path in IthacaAccount and extend wrapped signature encoding
  • Introduce _verifyMerkleSig that decodes proof/root/rootSig from calldata using inline assembly and verifies Merkle proofs via MerkleProofLib.verifyCalldata
  • Extend unwrapAndValidateSignature to handle an extra merkle flag byte, branch into Merkle verification path, and adjust offset math for keyHash/prehash extraction
  • Update wrapped signature format documentation to include prehash and merkle flags and bump EIP-712 version string from 0.5.10 to 0.5.11
src/IthacaAccount.sol
Update test helpers and tests to the new wrapped signature format and add fuzz coverage for Merkle signatures
  • Update _p256Sig, _secp256k1Sig, _multiSig, and various synthetic signatures in tests to append an extra merkle flag byte (currently 0) after the prehash flag
  • Add testMerkleSignature fuzz test that builds random Merkle trees, checks successful verification, and asserts failures for invalid digest, tampered proof, and wrong root using the new merkle flag path
  • Simplify eip712Domain destructuring in Account tests to ignore unused name/version fields and keep only verifyingContract
test/Base.t.sol
test/Account.t.sol
test/Orchestrator.t.sol
test/SimulateExecute.t.sol
Add benchmark case for passkey-based ERC20 transfer via Orchestrator
  • Create testERC20TransferViaPortoOrchestratorWithPasskey which configures a passkey on a DelegatedEOA, sets permissions and spend limits, signs an Intent with the passkey, and benchmarks Orchestrator execution
  • Aligns benchmark setup with existing ERC20 transfer benchmarks including gas metering pauses and balance assertions
test/Benchmark.t.sol
Add IDE project configuration files
  • Check in IntelliJ/IDEA project metadata including module file, VCS, markdown, code style, and cache configuration
  • Configure IDE-specific .gitignore within .idea
.idea/.gitignore
.idea/account.iml
.idea/caches/deviceStreaming.xml
.idea/codeStyles/Project.xml
.idea/codeStyles/codeStyleConfig.xml
.idea/copilot.data.migration.ask2agent.xml
.idea/markdown.xml
.idea/modules.xml
.idea/vcs.xml

Possibly linked issues


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@snyk-io

snyk-io Bot commented Apr 20, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 3 issues, and left some high level feedback:

  • The recursive use of unwrapAndValidateSignature from _verifyMerkleSig can lead to unbounded recursion if an attacker sets the merkle flag in rootSig; consider explicitly rejecting or ignoring merkle-enabled wrapped signatures when verifying the root to avoid potential DoS or deep nesting.
  • The manual calldata decoding in _verifyMerkleSig relies on the exact abi.encode(bytes32[] proof, bytes32 root, bytes rootSig) layout; adding a brief comment documenting the expected calldata layout (offsets and lengths) or factoring the decoding into a small helper would make this less brittle and easier to maintain.
  • The .idea directory and related IDE configuration files appear to have been committed; these should generally be removed from version control and added to .gitignore to avoid noise and local-environment-specific artifacts in the repo.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The recursive use of `unwrapAndValidateSignature` from `_verifyMerkleSig` can lead to unbounded recursion if an attacker sets the merkle flag in `rootSig`; consider explicitly rejecting or ignoring merkle-enabled wrapped signatures when verifying the root to avoid potential DoS or deep nesting.
- The manual calldata decoding in `_verifyMerkleSig` relies on the exact `abi.encode(bytes32[] proof, bytes32 root, bytes rootSig)` layout; adding a brief comment documenting the expected calldata layout (offsets and lengths) or factoring the decoding into a small helper would make this less brittle and easier to maintain.
- The `.idea` directory and related IDE configuration files appear to have been committed; these should generally be removed from version control and added to `.gitignore` to avoid noise and local-environment-specific artifacts in the repo.

## Individual Comments

### Comment 1
<location path="src/IthacaAccount.sol" line_range="525" />
<code_context>
     /// @dev Returns if the signature is valid, along with its `keyHash`.
     /// The `signature` is a wrapped signature, given by
-    /// `abi.encodePacked(bytes(innerSignature), bytes32(keyHash), bool(prehash))`.
+    /// `abi.encode(bytes(innerSignature), bytes32(keyHash), bool(prehash), bool(merkle))`.
     function unwrapAndValidateSignature(bytes32 digest, bytes calldata signature)
         public
</code_context>
<issue_to_address>
**issue (bug_risk):** Signature encoding comment likely mismatches the actual layout used by the parsing logic.

The parser still assumes a fixed 0x22-byte trailer (`32 bytes keyHash + 1 prehash + 1 merkle`) and slices with `signature.length - 0x22` using `LibBytes.loadCalldata`. That only matches a tightly packed layout (e.g. `abi.encodePacked(inner, keyHash, prehash, merkle)`), not `abi.encode` with 32-byte–padded bools that won’t sit in the last 2 bytes. Either update the extraction indices to match `abi.encode`, or keep the packed layout and update the docstring so callers don’t encode signatures incorrectly.
</issue_to_address>

### Comment 2
<location path="src/IthacaAccount.sol" line_range="542-549" />
<code_context>
+        bool merkle;
         unchecked {
-            uint256 n = signature.length - 0x21;
+            uint256 n = signature.length - 0x22;
             keyHash = LibBytes.loadCalldata(signature, n);
             signature = LibBytes.truncatedCalldata(signature, n);
             // Do the prehash if last byte is non-zero.
             if (uint256(LibBytes.loadCalldata(signature, n + 1)) & 0xff != 0) {
                 digest = EfficientHashLib.sha2(digest); // `sha256(abi.encode(digest))`.
             }
+            merkle = uint256(LibBytes.loadCalldata(signature, n + 2)) & 0xff != 0;
+        }
+
</code_context>
<issue_to_address>
**suggestion (bug_risk):** No explicit length checks before subtracting 0x22 can underflow for malformed or short signatures.

This implicitly assumes `signature.length >= 0x22`. If `signature.length < 0x22` (malformed or adversarial input), `n` underflows in the `unchecked` block, becomes a huge value, and `LibBytes.loadCalldata`/`truncatedCalldata` then use nonsensical offsets. Consider adding a minimal length check before entering the `unchecked` block (revert or return `false`) to harden this against bad calldata without affecting the normal path.

Suggested implementation:

```
        // Minimal length check to avoid underflow when computing `n = signature.length - 0x22`.
        // If `signature.length < 0x22`, `n` would underflow inside the `unchecked` block.
        if (signature.length < 0x22) {
            revert("IthacaAccount: invalid merkle signature length");
        }

        bool merkle;
        unchecked {

```

If your codebase prefers custom errors or reusable validation functions, you may want to:
1. Replace the string revert with a custom error, e.g. `error InvalidSignatureLength();` declared at the top of the file, and use `revert InvalidSignatureLength();` here.
2. Ensure any callers/tests that rely on this function are updated to expect a revert on malformed/short signatures instead of undefined behavior.
</issue_to_address>

### Comment 3
<location path="src/IthacaAccount.sol" line_range="493-502" />
<code_context>
+    function _verifyMerkleSig(bytes32 digest, bytes calldata signature)
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Assembly decoding of the Merkle signature does not guard against inconsistent or truncated ABI-encoding.

This assembly decoding assumes a correctly formed `abi.encode(bytes32[] proof, bytes32 root, bytes rootSig)` payload, but never checks that `proofOffset` and `rootSigOffset` stay within `signature.offset + signature.length`. With a short or malformed `signature`, the derived `proof.length` / `rootSig.length` can become garbage and cause `MerkleProofLib.verifyCalldata` / `unwrapAndValidateSignature` to read arbitrary calldata. Please add a cheap length precondition and bounds checks on the computed offsets before using the decoded lengths.
</issue_to_address>

Fix all in Cursor


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread src/IthacaAccount.sol
Comment thread src/IthacaAccount.sol
Comment thread src/IthacaAccount.sol

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces Merkle tree-based signature verification to the IthacaAccount contract, allowing for more flexible authorization structures. The implementation includes a new internal verification function using assembly and updates the signature format to include a Merkle flag, with corresponding updates to the test suite and benchmarks. Feedback focuses on critical safety improvements in the signature parsing logic, specifically addressing potential underflows and out-of-bounds reads caused by missing length checks and the improper sequencing of calldata truncation. Additionally, several IDE-specific cache files were committed and should be removed to maintain repository hygiene.

Comment thread .idea/caches/deviceStreaming.xml
Comment thread src/IthacaAccount.sol
Comment thread src/IthacaAccount.sol
Comment thread src/IthacaAccount.sol
@Dargon789 Dargon789 linked an issue Apr 20, 2026 that may be closed by this pull request
Dargon789 and others added 4 commits April 20, 2026 01:46
* Update issue templates

* Update .github/ISSUE_TEMPLATE/feature_request.md

Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update .github/ISSUE_TEMPLATE/bug_report.md

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update .github/ISSUE_TEMPLATE/bug_report.md

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update .github/ISSUE_TEMPLATE/custom.md

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)

Co-Authored-By: GarmashAlex <noreply@github.com>
Co-Authored-By: sukrucildirr <noreply@github.com>
Co-Authored-By: Forostovec <noreply@github.com>

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <action@github.com>

* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* save local changes before merge

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Add Multicall3 simulation support to Simulator

Introduces Multicall3 simulation methods in Simulator.sol, enabling simulation of orchestrator calls with pre-execution calls via Multicall3. Adds IMulticall3 interface, updates related tests to cover multicall simulation flows, and includes minor formatting and interface signature changes for consistency.

* feat: add multicall to simulator (ithacaxyz#402)  (#24)

* feat: add multicall to simulator (ithacaxyz#402)

* feat: add multicall to simulator

* chore: add gas test

* chore: review fixes

* chore: fmt contracts and update gas snapshots

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

---------

Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com>

* Fix commit user email formatting in CI workflow

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "feat: add multicall to simulator (ithacaxyz#402)  (#24)" (#26)

This reverts commit 1aef318.

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* # Default ignored files

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#32)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

* Legion (#38)

* feat: add ERC20 transfer benchmark for Porto with passkey

Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>

* feat: allow early refunds by recipient in escrow

* feat: add callSansTo support to ERC7821 execute

* chore: improvements and fixes to ERC7821Ithaca

* chore: add address(0) replacement to new compute digest

* fix: sanitize upper bits before checking replacement + tests

* feat: do not add replay safe wrapper if sig is eoa

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* chore: use `auto-assign-pr.yml` org action

* fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379

Combines the following fixes:
- PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker
- PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.)
- PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max)

Co-Authored-By: GarmashAlex <noreply@github.com>
Co-Authored-By: sukrucildirr <noreply@github.com>
Co-Authored-By: Forostovec <noreply@github.com>

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: subaccount design using spend function

* test: complete subaccount flow with unit test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* feat: fix and simplify multichain design (ithacaxyz#327)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .

* feat: remove intent struct (ithacaxyz#365)

* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <action@github.com>

* feat: native merkle sig verification in Account

* chore: fmt

* chore: unify merkle sig flow for orchestrator multi chain intents

* chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#10)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15)

https://github.com/Dargon789/account/security/code-scanning/3
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#16)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete CNAME

* Update Brutalizer.sol

* Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Refactor deployment scripts and update configs

Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments.

* Fix commit user email format in CI workflow (#18)

30a2096

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yaml (#21)

reback use test 
CI and automation chores (ithacaxyz#394)
 7dd8a5d

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Master (#22)

* Merge branch 'master' (#8)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Revert "fix vm block accoount (#11)" (#13)

Reverts #11

Summary by Sourcery
CI:

Update the Forge test command in the CI workflow to enable reruns and increase verbosity.
This reverts commit 942017f.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Refactor function signatures and formatting for consistency

Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made.

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* # Default ignored files

* .snapshot_worktree

* Delete .idea directory (#35)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Update check-bytecode-changes.js

* pre-commit

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

* chore: bump contract versions due to bytecode changes

contracts update

* v0.5.11

* chore: unify merkle sig flow for orchestrator multi chain intents

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Refactor function signatures and formatting for consistency

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>

* Add .idea configs and tweak .env comments

Add IntelliJ IDEA project files under .idea and lib/.idea (modules, caches, iml, vcs, and a .gitignore) and update the lib/forge-std gitlink (submodule) reference. Also adjust .env.example by removing spaces before inline comments on RPC URLs (UPGRADE_TEST_RPC_URL, RPC_1, RPC_11155111) to standardize formatting.

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

* Update LayerZero-v2

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: howy <132113803+howydev@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: o-az <omaraziz.dev@proton.me>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: John Doe <jdoe@email.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero submodule & remove exec bits

Normalize file permissions and advance submodule: change file modes from executable (100755) to non-executable (100644) for deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js. Update lib/LayerZero-v2 submodule commit from 88428755be6caa71cb1d2926141d73c8989296b5 to ab9b083410b9359285a5756807e1b6145d4711a7.

* Update LayerZero-v2

* Update LayerZero-v2

---------

Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
@Dargon789 Dargon789 enabled auto-merge (squash) April 20, 2026 03:58
@Dargon789 Dargon789 disabled auto-merge April 20, 2026 04:06
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero submodule & remove exec bits

Normalize file permissions and advance submodule: change file modes from executable (100755) to non-executable (100644) for deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js. Update lib/LayerZero-v2 submodule commit from 88428755be6caa71cb1d2926141d73c8989296b5 to ab9b083410b9359285a5756807e1b6145d4711a7.

* Update LayerZero-v2

* Update LayerZero-v2

* clear && forge fmt && forge snapshot

clear && forge fmt && forge snapshot --isolate --match-contract Benchmark --via-ir && git add snapshots

---------

Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
@Dargon789 Dargon789 merged commit 36bd206 into Dargon789-Refactor-deployment-scripts-and-update-configs Apr 30, 2026
10 of 17 checks passed
Repository owner deleted a comment from vercel Bot Apr 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Flow diagram for GitHub issue template selection

2 participants