Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
2ecce31
feat: add merkle sigs natively into the account
legion2002 Sep 24, 2025
5577747
fix: tests
legion2002 Sep 24, 2025
995a3e1
test: add more sophisticated fuzz test
legion2002 Sep 24, 2025
4918a12
chore: bump contract versions due to bytecode changes - Contracts upd…
actions-user Sep 24, 2025
68f4e3a
Add .circleci/config.yml (#1)
Dargon789 Nov 19, 2025
2f484ce
Update ci.yaml
Dargon789 Nov 19, 2025
cef256e
Update ci.yaml (#2)
Dargon789 Nov 19, 2025
bcd8527
Update ci.yaml (#4)
Dargon789 Nov 19, 2025
01aafc5
Update ci.yaml (#5)
Dargon789 Nov 20, 2025
21aa942
Update ci.yaml
Dargon789 Nov 20, 2025
a317ddb
Create CNAME
Dargon789 Dec 20, 2025
6c02fbf
Merge branch 'master'
Dargon789 Dec 21, 2025
28ff37f
Revert "Merge branch 'master'"
Dargon789 Dec 21, 2025
0d5c957
Create CNAME (#9)
Dargon789 Dec 21, 2025
a4f4aca
Merge branch 'main' into tanishk/native-merkle-sigs
Dargon789 Dec 25, 2025
b2e548a
Merge branch 'tanishk/native-merkle-sigs' into Dargon789-legion-rouge
Dargon789 Dec 25, 2025
37204b9
Merge branch 'ithacaxyz:main' into Dargon789-legion-rouge
Dargon789 Jan 5, 2026
28d5bc8
Delete .circleci directory (#27)
Dargon789 Feb 10, 2026
751cf29
test: add tests for getContextKeyHash in Account.t.sol (#412)
googleworkspace-bot Mar 14, 2026
ab9e883
Normalize file modes and update forge-std submodule
googleworkspace-bot Apr 10, 2026
63ff070
Merge branch 'main' into legion-rouge
googleworkspace-bot Apr 10, 2026
379fa7b
Dargon789 legion rouge (#61)
Dargon789 Apr 11, 2026
3bfeca3
Update LayerZero-v2
googleworkspace-bot Apr 11, 2026
afce5cd
Merge branch 'main' into legion-rouge
Dargon789 Apr 11, 2026
0cb7a77
Ithaca (#58)
Dargon789 Apr 11, 2026
430926d
Chore bump contract versions due to bytecode changes (#60)
Dargon789 Apr 11, 2026
4024755
Merge branch 'main' into legion-rouge
Dargon789 Apr 11, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
UPGRADE_TEST_OLD_PROXY: ${{ secrets.UPGRADE_TEST_OLD_PROXY }}
UPGRADE_TEST_OLD_VERSION: ${{ secrets.UPGRADE_TEST_OLD_VERSION }}
run: |
forge test -vvv
forge test --no-match-contract UpgradeTests

- name: Format contracts and generate snapshots
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
Expand Down
3 changes: 3 additions & 0 deletions .idea/.gitignore

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions .idea/account.iml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1,698 changes: 1,698 additions & 0 deletions .idea/caches/deviceStreaming.xml

Large diffs are not rendered by default.

117 changes: 117 additions & 0 deletions .idea/codeStyles/Project.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions .idea/codeStyles/codeStyleConfig.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions .idea/copilot.data.migration.ask2agent.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions .idea/markdown.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions .idea/modules.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 22 additions & 0 deletions .idea/vcs.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions CNAME
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
legion-rouge.vercel.app
Empty file modified deploy/execute_config.sh
100755 → 100644
Empty file.
Empty file modified deploy/verify_config.sh
100755 → 100644
Empty file.
2 changes: 1 addition & 1 deletion lib/LayerZero-v2
Submodule LayerZero-v2 updated 553 files
2 changes: 1 addition & 1 deletion lib/forge-std
Submodule forge-std updated 60 files
+1 −1 .github/CODEOWNERS
+6 −0 .github/dependabot.yml
+61 −31 .github/workflows/ci.yml
+6 −1 .github/workflows/sync.yml
+3 −3 CONTRIBUTING.md
+61 −13 README.md
+1 −1 RELEASE_CHECKLIST.md
+3 −12 foundry.toml
+2 −2 package.json
+2 −12 scripts/vm.py
+2 −2 src/Base.sol
+1 −1 src/Config.sol
+2 −2 src/LibVariable.sol
+2 −2 src/Script.sol
+28 −13 src/StdAssertions.sol
+24 −8 src/StdChains.sol
+13 −17 src/StdCheats.sol
+30 −10 src/StdConfig.sol
+2 −2 src/StdConstants.sol
+2 −2 src/StdError.sol
+22 −4 src/StdInvariant.sol
+13 −14 src/StdJson.sol
+6 −2 src/StdMath.sol
+13 −11 src/StdStorage.sol
+2 −2 src/StdStyle.sol
+10 −18 src/StdToml.sol
+6 −14 src/StdUtils.sol
+2 −4 src/Test.sol
+82 −43 src/Vm.sol
+10 −19 src/console.sol
+2 −2 src/console2.sol
+2 −2 src/interfaces/IERC1155.sol
+2 −2 src/interfaces/IERC165.sol
+2 −2 src/interfaces/IERC20.sol
+9 −9 src/interfaces/IERC4626.sol
+2 −2 src/interfaces/IERC6909.sol
+2 −2 src/interfaces/IERC721.sol
+12 −17 src/interfaces/IERC7540.sol
+9 −9 src/interfaces/IERC7575.sol
+3 −8 src/interfaces/IMulticall3.sol
+691 −1,380 src/safeconsole.sol
+2 −2 test/CommonBase.t.sol
+34 −5 test/Config.t.sol
+19 −1 test/LibVariable.t.sol
+2 −2 test/StdAssertions.t.sol
+24 −24 test/StdChains.t.sol
+19 −20 test/StdCheats.t.sol
+2 −2 test/StdConstants.t.sol
+3 −4 test/StdError.t.sol
+2 −2 test/StdJson.t.sol
+8 −8 test/StdMath.t.sol
+24 −27 test/StdStorage.t.sol
+2 −2 test/StdStyle.t.sol
+2 −2 test/StdToml.t.sol
+13 −13 test/StdUtils.t.sol
+4 −4 test/Vm.t.sol
+2 −4 test/compilation/CompilationScript.sol
+2 −4 test/compilation/CompilationScriptBase.sol
+2 −4 test/compilation/CompilationTest.sol
+2 −4 test/compilation/CompilationTestBase.sol
Empty file modified prep/check-bytecode-changes.js
100755 → 100644
Empty file.
47 changes: 44 additions & 3 deletions src/IthacaAccount.sol
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import {LibNonce} from "./libraries/LibNonce.sol";
import {TokenTransferLib} from "./libraries/TokenTransferLib.sol";
import {LibTStack} from "./libraries/LibTStack.sol";
import {IIthacaAccount} from "./interfaces/IIthacaAccount.sol";
import {MerkleProofLib} from "solady/utils/MerkleProofLib.sol";

/// @title Account
/// @notice A account contract for EOAs with EIP7702.
Expand Down Expand Up @@ -485,9 +486,43 @@ contract IthacaAccount is IIthacaAccount, EIP712, GuardedExecutor {
return isMultichain ? _hashTypedDataSansChainId(structHash) : _hashTypedData(structHash);
}

/// @dev Verifies the merkle sig
/// - Note: Each leaf of the merkle tree should be a standard digest.
/// - The signature for using merkle verification is encoded as:
/// - bytes signature = abi.encode(bytes32[] proof, bytes32 root, bytes rootSig)
function _verifyMerkleSig(bytes32 digest, bytes calldata signature)
internal
view
returns (bool isValid, bytes32 keyHash)
{
bytes32[] calldata proof;
bytes32 root;
bytes calldata rootSig;

assembly ("memory-safe") {
let proofOffset := add(signature.offset, calldataload(signature.offset))
proof.length := calldataload(proofOffset)
proof.offset := add(proofOffset, 0x20)

root := calldataload(add(signature.offset, 0x20))

let rootSigOffset := add(signature.offset, calldataload(add(signature.offset, 0x40)))
rootSig.length := calldataload(rootSigOffset)
rootSig.offset := add(rootSigOffset, 0x20)
}

if (MerkleProofLib.verifyCalldata(proof, root, digest)) {
(isValid, keyHash) = unwrapAndValidateSignature(root, rootSig);

return (isValid, keyHash);
}

return (false, bytes32(0));
}

/// @dev Returns if the signature is valid, along with its `keyHash`.
/// The `signature` is a wrapped signature, given by
/// `abi.encodePacked(bytes(innerSignature), bytes32(keyHash), bool(prehash))`.
/// `abi.encode(bytes(innerSignature), bytes32(keyHash), bool(prehash), bool(merkle))`.
function unwrapAndValidateSignature(bytes32 digest, bytes calldata signature)
public
view
Expand All @@ -502,14 +537,20 @@ contract IthacaAccount is IIthacaAccount, EIP712, GuardedExecutor {
return (ECDSA.recoverCalldata(digest, signature) == address(this), 0);
}

bool merkle;
unchecked {
uint256 n = signature.length - 0x21;
uint256 n = signature.length - 0x22;
keyHash = LibBytes.loadCalldata(signature, n);
signature = LibBytes.truncatedCalldata(signature, n);
// Do the prehash if last byte is non-zero.
if (uint256(LibBytes.loadCalldata(signature, n + 1)) & 0xff != 0) {
digest = EfficientHashLib.sha2(digest); // `sha256(abi.encode(digest))`.
}
merkle = uint256(LibBytes.loadCalldata(signature, n + 2)) & 0xff != 0;
}

if (merkle) {
return _verifyMerkleSig(digest, signature);
}

Key memory key = getKey(keyHash);
Expand Down Expand Up @@ -747,6 +788,6 @@ contract IthacaAccount is IIthacaAccount, EIP712, GuardedExecutor {
returns (string memory name, string memory version)
{
name = "IthacaAccount";
version = "0.5.10";
version = "0.5.11";
}
}
69 changes: 67 additions & 2 deletions test/Account.t.sol
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import "./Base.t.sol";
import {MockSampleDelegateCallTarget} from "./utils/mocks/MockSampleDelegateCallTarget.sol";
import {LibEIP7702} from "solady/accounts/LibEIP7702.sol";

import {Merkle} from "murky/Merkle.sol";

contract AccountTest is BaseTest {
struct _TestExecuteWithSignatureTemps {
TargetFunctionPayload[] targetFunctionPayloads;
Expand Down Expand Up @@ -68,6 +70,70 @@ contract AccountTest is BaseTest {
}
}

function testMerkleSignature(uint256 seed) public {
DelegatedEOA memory d = _randomEIP7702DelegatedEOA();
PassKey memory k = _randomSecp256k1PassKey();
k.k.isSuperAdmin = true;

vm.prank(d.eoa);
d.d.authorize(k.k);

// Fuzz number of leaves (2 to 256)
uint256 numLeaves = bound(seed, 2, 256);
bytes32[] memory leaves = new bytes32[](numLeaves);

// Generate random leaves
for (uint256 i = 0; i < numLeaves; i++) {
leaves[i] = keccak256(abi.encodePacked("leaf", i, seed));
}

// Pick a random valid index
uint256 validIndex = seed % numLeaves;
bytes32 validDigest = leaves[validIndex];

Merkle merkle = new Merkle();
bytes32 root = merkle.getRoot(leaves);
bytes32[] memory proof = merkle.getProof(leaves, validIndex);

// Test valid merkle proof
{
bytes memory rootSig = abi.encode(proof, root, _sig(k, root));
bytes memory sig = abi.encodePacked(rootSig, bytes32(0), uint8(0), uint8(1));

(bool isValid, bytes32 keyHash) = d.d.unwrapAndValidateSignature(validDigest, sig);
assertEq(isValid, true);
assertEq(keyHash, k.keyHash);

// Test invalid digest not in tree
bytes32 invalidDigest = keccak256(abi.encodePacked("not_in_tree", seed));
(isValid, keyHash) = d.d.unwrapAndValidateSignature(invalidDigest, sig);
assertEq(isValid, false);
assertEq(keyHash, bytes32(0));
}

// Test tampered proof (only if proof has elements to tamper)
if (proof.length > 0) {
bytes32[] memory tamperedProof = new bytes32[](proof.length);
for (uint256 i = 0; i < proof.length; i++) {
tamperedProof[i] = i == 0 ? bytes32(uint256(proof[i]) ^ 1) : proof[i];
}
bytes memory tamperedRootSig = abi.encode(tamperedProof, root, _sig(k, root));
bytes memory tamperedSig =
abi.encodePacked(tamperedRootSig, bytes32(0), uint8(0), uint8(1));
(bool isValid,) = d.d.unwrapAndValidateSignature(validDigest, tamperedSig);
assertEq(isValid, false);
}

// Test wrong root (tampered root should fail verification)
{
bytes32 wrongRoot = bytes32(uint256(root) ^ 1);
bytes memory wrongRootSig = abi.encode(proof, wrongRoot, _sig(k, wrongRoot));
bytes memory wrongSig = abi.encodePacked(wrongRootSig, bytes32(0), uint8(0), uint8(1));
(bool isValid,) = d.d.unwrapAndValidateSignature(validDigest, wrongSig);
assertEq(isValid, false);
}
}

function testSignatureCheckerApproval(bytes32) public {
DelegatedEOA memory d = _randomEIP7702DelegatedEOA();
PassKey memory k = _randomSecp256k1PassKey();
Expand All @@ -93,8 +159,7 @@ contract AccountTest is BaseTest {

bytes32 replaySafeDigest = keccak256(abi.encode(d.d.SIGN_TYPEHASH(), digest));

(, string memory name, string memory version,, address verifyingContract,,) =
d.d.eip712Domain();
(,,,, address verifyingContract,,) = d.d.eip712Domain();
bytes32 domain = keccak256(
abi.encode(
0x035aff83d86937d35b32e04f0ddc6ff469290eef2f1b692d8a815c89404d4749, // DOMAIN_TYPEHASH with only verifyingContract
Expand Down
Loading