Ithaca account#92
Conversation
Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
…ated: IthacaAccount
…' into fix-tests-account
Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Reviewer's GuideAdds Merkle tree–based signature support to IthacaAccount, updates the wrapped signature encoding to include a merkle flag, introduces tests for Merkle signatures and a new benchmark for passkey-based ERC20 transfers via the orchestrator, and adjusts existing tests and domain handling accordingly. Sequence diagram for merkle-based signature validation in IthacaAccountsequenceDiagram
participant Caller
participant IthacaAccount
participant MerkleProofLib
participant ECDSA
Caller->>IthacaAccount: unwrapAndValidateSignature(digest, wrappedSignature)
activate IthacaAccount
IthacaAccount->>IthacaAccount: parse keyHash, prehashFlag, merkleFlag
alt prehashFlag is true
IthacaAccount->>IthacaAccount: digest = EfficientHashLib.sha2(digest)
end
alt merkleFlag is true
IthacaAccount->>IthacaAccount: _verifyMerkleSig(digest, innerSignature)
activate IthacaAccount
IthacaAccount->>IthacaAccount: decode proof, root, rootSig from innerSignature
IthacaAccount->>MerkleProofLib: verifyCalldata(proof, root, digest)
activate MerkleProofLib
MerkleProofLib-->>IthacaAccount: isMerkleValid
deactivate MerkleProofLib
alt isMerkleValid
IthacaAccount->>IthacaAccount: unwrapAndValidateSignature(root, rootSig)
note right of IthacaAccount: Recursive validation of root signature
IthacaAccount-->>Caller: (isValid, keyHash)
else isMerkleValid is false
IthacaAccount-->>Caller: (false, 0)
end
deactivate IthacaAccount
else merkleFlag is false
IthacaAccount->>IthacaAccount: getKey(keyHash)
IthacaAccount->>ECDSA: recoverCalldata(digest, innerSignature)
activate ECDSA
ECDSA-->>IthacaAccount: signer
deactivate ECDSA
IthacaAccount-->>Caller: (isValid, keyHash)
end
deactivate IthacaAccount
Updated class diagram for IthacaAccount merkle signature supportclassDiagram
class IthacaAccount {
+unwrapAndValidateSignature(digest bytes32, signature bytes) bool isValid
-_verifyMerkleSig(digest bytes32, signature bytes) bool isValid
+eip712Domain() string name
<<implements>> IIthacaAccount
<<inherits>> EIP712
<<inherits>> GuardedExecutor
}
class IIthacaAccount
class EIP712
class GuardedExecutor
class MerkleProofLib {
+verifyCalldata(proof bytes32[], root bytes32, leaf bytes32) bool
}
class LibBytes {
+loadCalldata(data bytes, index uint256) bytes32
+truncatedCalldata(data bytes, index uint256) bytes
}
class EfficientHashLib {
+sha2(input bytes32) bytes32
}
class ECDSA {
+recoverCalldata(digest bytes32, signature bytes) address
}
IthacaAccount ..> MerkleProofLib : uses
IthacaAccount ..> LibBytes : uses
IthacaAccount ..> EfficientHashLib : uses
IthacaAccount ..> ECDSA : uses
IthacaAccount ..|> IIthacaAccount
IthacaAccount --|> EIP712
IthacaAccount --|> GuardedExecutor
File-Level Changes
Possibly linked issues
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Code Review
This pull request adds Merkle signature verification to the IthacaAccount contract, allowing for batch signature validation, and increments the version to 0.5.11. The changes include the addition of a _verifyMerkleSig function, updates to the signature unwrapping logic to handle a new Merkle flag, and new fuzz tests. The review feedback recommends replacing manual assembly with abi.decode for safer calldata handling, adding a length check to prevent potential underflows during signature parsing, and correcting documentation regarding the signature format. Additionally, the reviewer advised removing IDE-specific configuration files from the repository.
There was a problem hiding this comment.
Hey - I've found 1 issue, and left some high level feedback:
- The ABI decoding in
_verifyMerkleSiglooks incorrect forroot:calldataload(add(signature.offset, 0x20))reads the offset to the root, not the root value; you should first load the root’s offset (like you do forrootSigOffset) and then read the value from that offset. - Because
_verifyMerkleSigcallsunwrapAndValidateSignature(root, rootSig), a merkle-wrappedrootSigcan cause unbounded recursion; consider explicitly rejecting or stripping the merkle flag forrootSigto prevent recursive merkle verification. - The
.ideaproject files added in this PR are editor-specific and probably shouldn’t be committed; it would be better to remove them and add the.ideadirectory to.gitignoreif needed.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The ABI decoding in `_verifyMerkleSig` looks incorrect for `root`: `calldataload(add(signature.offset, 0x20))` reads the offset to the root, not the root value; you should first load the root’s offset (like you do for `rootSigOffset`) and then read the value from that offset.
- Because `_verifyMerkleSig` calls `unwrapAndValidateSignature(root, rootSig)`, a merkle-wrapped `rootSig` can cause unbounded recursion; consider explicitly rejecting or stripping the merkle flag for `rootSig` to prevent recursive merkle verification.
- The `.idea` project files added in this PR are editor-specific and probably shouldn’t be committed; it would be better to remove them and add the `.idea` directory to `.gitignore` if needed.
## Individual Comments
### Comment 1
<location path="src/IthacaAccount.sol" line_range="523-525" />
<code_context>
+ return (false, bytes32(0));
+ }
+
/// @dev Returns if the signature is valid, along with its `keyHash`.
/// The `signature` is a wrapped signature, given by
- /// `abi.encodePacked(bytes(innerSignature), bytes32(keyHash), bool(prehash))`.
+ /// `abi.encode(bytes(innerSignature), bytes32(keyHash), bool(prehash), bool(merkle))`.
function unwrapAndValidateSignature(bytes32 digest, bytes calldata signature)
public
</code_context>
<issue_to_address>
**issue (bug_risk):** The documented wrapped signature encoding does not match the actual packed layout used in the code.
The implementation uses a packed layout `bytes(innerSignature) || bytes32(keyHash) || bytes1(prehash) || bytes1(merkle)`, computing `n = signature.length - 0x22` and reading the last two bytes as flags. This does not match `abi.encode(bytes, bytes32, bool, bool)`, which uses a head with dynamic offsets and places the `bytes` payload later. Leaving the docstring as `abi.encode(...)` will likely cause integrators to construct incompatible signatures. Please either document the packed layout explicitly or change the implementation to use real ABI encoding and decode accordingly.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
clear && forge fmt && forge snapshot --isolate --match-contract Benchmark --via-ir && git add snapshots
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
* Ithaca account (#92) * feat: add ERC20 transfer benchmark for Porto with passkey Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> * chore: use `auto-assign-pr.yml` org action * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * # Default ignored files * .snapshot_worktree * Normalize file modes and update forge-std submodule Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes. * Update LayerZero-v2 * clear && forge fmt && forge snapshot clear && forge fmt && forge snapshot --isolate --match-contract Benchmark --via-ir && git add snapshots --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> * Create SECURITY.md for security policy (#95) * Create SECURITY.md for security policy Added a security policy document outlining supported versions and vulnerability reporting. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Ithaca account (#92) * feat: add ERC20 transfer benchmark for Porto with passkey Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> * chore: use `auto-assign-pr.yml` org action * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * # Default ignored files * .snapshot_worktree * Normalize file modes and update forge-std submodule Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes. * Update LayerZero-v2 * clear && forge fmt && forge snapshot clear && forge fmt && forge snapshot --isolate --match-contract Benchmark --via-ir && git add snapshots --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> * Create SECURITY.md for security policy (#95) * Create SECURITY.md for security policy Added a security policy document outlining supported versions and vulnerability reporting. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#66) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#67) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#68) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * ci(Mergify): configuration update (#81) Signed-off-by: Dargon789 <null> * Revert "Ithaca (#58)" (#82) This reverts commit 0cb7a77. @gemini-code-assist Code Review This pull request cleans up the repository by removing various IDE-specific configuration files located in the .idea directory. Additionally, it removes the testERC20TransferViaPortoOrchestratorWithPasskey function from the BenchmarkTest contract in test/Benchmark.t.sol. I have no feedback to provide. * Update issue templates (#88) * Update issue templates * Update .github/ISSUE_TEMPLATE/feature_request.md Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/bug_report.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/bug_report.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/ISSUE_TEMPLATE/custom.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Legion (#72) * feat: add ERC20 transfer benchmark for Porto with passkey Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> * feat: allow early refunds by recipient in escrow * feat: add callSansTo support to ERC7821 execute * chore: improvements and fixes to ERC7821Ithaca * chore: add address(0) replacement to new compute digest * fix: sanitize upper bits before checking replacement + tests * feat: do not add replay safe wrapper if sig is eoa * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * chore: use `auto-assign-pr.yml` org action * fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379 Combines the following fixes: - PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker - PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.) - PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max) Co-Authored-By: GarmashAlex <noreply@github.com> Co-Authored-By: sukrucildirr <noreply@github.com> Co-Authored-By: Forostovec <noreply@github.com> 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: subaccount design using spend function * test: complete subaccount flow with unit test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: fix and simplify multichain design (ithacaxyz#327) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * chore: redundant multichain bool * fix: lint * . * feat: remove intent struct (ithacaxyz#365) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * . * ~50 failing tests down to 5 * down to 1 failing test * fixed failing test * chore: remove console logs and bench * . * Update test/Base.t.sol * Update src/Orchestrator.sol * Update test/utils/mocks/MockPayerWithSignatureOptimized.sol * chore: final cleanup, rebench * Update src/Orchestrator.sol * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator * chore: cleanup * rebase * fix --------- Co-authored-by: GitHub Action <action@github.com> * feat: native merkle sig verification in Account * chore: fmt * chore: unify merkle sig flow for orchestrator multi chain intents * chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator * Add .circleci/config.yml (#1) Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow CI: Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * save local changes before merge * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. * Create CNAME (#9) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#10) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15) https://github.com/Dargon789/account/security/code-scanning/3 Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update ci.yaml (#16) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Delete CNAME * Update Brutalizer.sol * Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Refactor deployment scripts and update configs Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments. * Fix commit user email format in CI workflow (#18) 30a2096 Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update ci.yaml (#21) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Master (#22) * Merge branch 'master' (#8) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create CNAME --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Revert "fix vm block accoount (#11)" (#13) Reverts #11 Summary by Sourcery CI: Update the Forge test command in the CI workflow to enable reruns and increase verbosity. This reverts commit 942017f. --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Refactor function signatures and formatting for consistency Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made. * Add Multicall3 simulation support to Simulator Introduces Multicall3 simulation methods in Simulator.sol, enabling simulation of orchestrator calls with pre-execution calls via Multicall3. Adds IMulticall3 interface, updates related tests to cover multicall simulation flows, and includes minor formatting and interface signature changes for consistency. * feat: add multicall to simulator (ithacaxyz#402) (#24) * feat: add multicall to simulator (ithacaxyz#402) * feat: add multicall to simulator * chore: add gas test * chore: review fixes * chore: fmt contracts and update gas snapshots * test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412) --------- Co-authored-by: howy <132113803+howydev@users.noreply.github.com> Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com> * Fix commit user email formatting in CI workflow Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Revert "feat: add multicall to simulator (ithacaxyz#402) (#24)" (#26) This reverts commit 1aef318. * Delete .circleci directory (#27) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * # Default ignored files * Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#32) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * .snapshot_worktree * Delete .idea directory (#35) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * pre-commit * pre-commit * deploy execute_config.sh * Update forge-std * Update check-bytecode-changes.js * pre-commit * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes contracts update * v0.5.11 * chore: unify merkle sig flow for orchestrator multi chain intents * test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412) * Refactor function signatures and formatting for consistency * Legion (#38) * feat: add ERC20 transfer benchmark for Porto with passkey Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> * feat: allow early refunds by recipient in escrow * feat: add callSansTo support to ERC7821 execute * chore: improvements and fixes to ERC7821Ithaca * chore: add address(0) replacement to new compute digest * fix: sanitize upper bits before checking replacement + tests * feat: do not add replay safe wrapper if sig is eoa * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * chore: use `auto-assign-pr.yml` org action * fix: combine improvements from PRs ithacaxyz#357, ithacaxyz#314, and ithacaxyz#379 Combines the following fixes: - PR ithacaxyz#357: Replace SuperAdminCanSpendAnything with SuperAdminCanExecuteEverything in setCallChecker - PR ithacaxyz#314: Fix typos across codebase (overriden→overridden, Calcualated→Calculated, etc.) - PR ithacaxyz#379: Correct inline comment about approval amount (20-byte all-ones, not type(uint256).max) Co-Authored-By: GarmashAlex <noreply@github.com> Co-Authored-By: sukrucildirr <noreply@github.com> Co-Authored-By: Forostovec <noreply@github.com> 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: subaccount design using spend function * test: complete subaccount flow with unit test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * feat: fix and simplify multichain design (ithacaxyz#327) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * chore: redundant multichain bool * fix: lint * . * feat: remove intent struct (ithacaxyz#365) * feat: simplify multichain nonce design * chore: readd merkle verification prefix * chore: undo blank line addns * chore: lint * . * ~50 failing tests down to 5 * down to 1 failing test * fixed failing test * chore: remove console logs and bench * . * Update test/Base.t.sol * Update src/Orchestrator.sol * Update test/utils/mocks/MockPayerWithSignatureOptimized.sol * chore: final cleanup, rebench * Update src/Orchestrator.sol * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator * chore: cleanup * rebase * fix --------- Co-authored-by: GitHub Action <action@github.com> * feat: native merkle sig verification in Account * chore: fmt * chore: unify merkle sig flow for orchestrator multi chain intents * chore: bump contract versions due to bytecode changes - Contracts updated: Orchestrator,SimpleFunder,Simulator * Add .circleci/config.yml (#1) Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow CI: Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. * Create CNAME (#9) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create CNAME * Revert "Merge branch 'master'" This reverts commit 6c02fbf, reversing changes made to a317ddb. --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#10) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#15) https://github.com/Dargon789/account/security/code-scanning/3 Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update ci.yaml (#16) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Delete CNAME * Update Brutalizer.sol * Potential fix for code scanning alert no. 2: Workflow does not contain permissions (#17) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Refactor deployment scripts and update configs Migrates deployment scripts to use fork-based configuration loading, removes legacy CircleCI and GitHub workflow files, and introduces a registry-based contract deployment record. Updates .env.example, README, and foundry configuration. Removes LayerZero vendor and test files, adds devtools submodule, and improves LayerZeroSettler configuration logic for multi-chain deployments. * Fix commit user email format in CI workflow (#18) 30a2096 Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Workflow does not contain permissions (#19) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#20) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update ci.yaml (#21) reback use test CI and automation chores (ithacaxyz#394) 7dd8a5d Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Master (#22) * Merge branch 'master' (#8) * Update ci.yaml (#2) CI: Update Forge test command to use --rerun and increase verbosity to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#4) Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge. CI: Enable the --rerun flag for Forge tests to retry failures automatically Increase Forge test verbosity from -vvv to -vvvvv Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml (#5) Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv" Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create CNAME --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Revert "fix vm block accoount (#11)" (#13) Reverts #11 Summary by Sourcery CI: Update the Forge test command in the CI workflow to enable reruns and increase verbosity. This reverts commit 942017f. --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update ci.yaml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Refactor function signatures and formatting for consistency Updated function signatures in IFunder and SimpleFunder for single-line style, and improved code formatting in IthacaAccount, test/Account.t.sol, test/Benchmark.t.sol, and test/LayerZeroSettler.t.sol for readability and consistency. No logic changes were made. * Delete .circleci directory (#27) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * # Default ignored files * .snapshot_worktree * Delete .idea directory (#35) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * pre-commit * pre-commit * deploy execute_config.sh * Update forge-std * Update check-bytecode-changes.js * pre-commit * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes * chore: bump contract versions due to bytecode changes contracts update * v0.5.11 * chore: unify merkle sig flow for orchestrator multi chain intents * test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412) * Refactor function signatures and formatting for consistency --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: howy <132113803+howydev@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> * Add .idea configs and tweak .env comments Add IntelliJ IDEA project files under .idea and lib/.idea (modules, caches, iml, vcs, and a .gitignore) and update the lib/forge-std gitlink (submodule) reference. Also adjust .env.example by removing spaces before inline comments on RPC URLs (UPGRADE_TEST_RPC_URL, RPC_1, RPC_11155111) to standardize formatting. * Normalize file modes and update forge-std submodule Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes. * Update LayerZero-v2 * Update LayerZero-v2 --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: howy <132113803+howydev@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: John Doe <jdoe@email.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> * Revert "Legion (#72)" (#90) This reverts commit cb23ac3. * Account (#93) * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * pre-commit * deploy execute_config.sh * Update forge-std * Normalize file modes and update forge-std submodule Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes. * Update LayerZero submodule & remove exec bits Normalize file permissions and advance submodule: change file modes from executable (100755) to non-executable (100644) for deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js. Update lib/LayerZero-v2 submodule commit from 88428755be6caa71cb1d2926141d73c8989296b5 to ab9b083410b9359285a5756807e1b6145d4711a7. * Update LayerZero-v2 * Update LayerZero-v2 * clear && forge fmt && forge snapshot clear && forge fmt && forge snapshot --isolate --match-contract Benchmark --via-ir && git add snapshots --------- Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> * Create SECURITY.md for security policy (#95) (#96) * Ithaca account (#92) * feat: add ERC20 transfer benchmark for Porto with passkey Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate passkey authentication costs from spend limit enforcement costs. - Uses secp256k1 passkey for transaction signing - Sets execution permissions for ERC20 transfers - Requires spend limits (set to max) for passkey operations - Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits) - Provides clean measurement of passkey overhead (~19k gas) Resolves ithacaxyz#272 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> * chore: use `auto-assign-pr.yml` org action * feat: add merkle sigs natively into the account * fix: tests * test: add more sophisticated fuzz test * chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount * # Default ignored files * .snapshot_worktree * Normalize file modes and update forge-std submodule Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes. * Update LayerZero-v2 * clear && forge fmt && forge snapshot clear && forge fmt && forge snapshot --isolate --match-contract Benchmark --via-ir && git add snapshots --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> * Create SECURITY.md for security policy (#95) * Create SECURITY.md for security policy Added a security policy document outlining supported versions and vulnerability reporting. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Delete .mergify.yml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <null> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com> Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com> Co-authored-by: howy <132113803+howydev@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: o-az <omaraziz.dev@proton.me> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: John Doe <jdoe@email.com> Co-authored-by: Roberto Delgado Ferrezuelo <108575058+robertodf99@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
Summary by Sourcery
Add Merkle tree–based signature support to IthacaAccount and extend the wrapped signature format, along with corresponding tests and benchmarks.
New Features:
Enhancements:
Tests: