OpenZeppelin · ernestognw · Apr 16, 2025 · Mar 25, 2025 · Mar 25, 2025 · Mar 26, 2025
@@ -9,3 +9,6 @@
 [submodule "lib/forge-std"]
 	path = lib/forge-std
 	url = https://github.com/foundry-rs/forge-std.git
+[submodule "lib/email-tx-builder"]
+	path = lib/email-tx-builder
+	url = https://github.com/zkemail/email-tx-builder
@@ -0,0 +1 @@
+lib
diff --git a/contracts/utils/cryptography/ZKEmailSigner.sol b/contracts/utils/cryptography/ZKEmailSigner.sol
@@ -0,0 +1,97 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {IDKIMRegistry} from "@zk-email/contracts/DKIMRegistry.sol";
+import {IVerifier, EmailProof} from "@zk-email/email-tx-builder/interfaces/IVerifier.sol";
+import {EmailAuthMsg} from "@zk-email/email-tx-builder/interfaces/IEmailTypes.sol";
+import {AbstractSigner} from "./AbstractSigner.sol";
+import {ZKEmailUtils} from "./ZKEmailUtils.sol";
+
+abstract contract ZKEmailSigner is AbstractSigner {
+    using ZKEmailUtils for EmailAuthMsg;
+
+    bytes32 private _accountSalt;
+    IDKIMRegistry private _registry;
+    IVerifier private _verifier;
+    uint256 private _commandTemplate;
+
+    /// @dev Proof verification error.
+    error InvalidEmailProof(ZKEmailUtils.EmailProofError err);
+
+    /*
+     * @dev Unique identifier for owner of this contract defined as a hash of an email address and an account code.
+     *
+     * An account code is a random integer in a finite scalar field of https://neuromancer.sk/std/bn/bn254[BN254] curve.
+     * It is a private randomness to derive a CREATE2 salt of the user’s Ethereum address
+     * from the email address, i.e., userEtherAddr := CREATE2(hash(userEmailAddr, accountCode)).
+     */
+    function accountSalt() public view virtual returns (bytes32) {
+        return _accountSalt;
+    }
+
+    /// @dev An instance of the DKIM registry contract.
+    // solhint-disable-next-line func-name-mixedcase
+    function DKIMRegistry() public view virtual returns (IDKIMRegistry) {
+        return _registry;
+    }
+
+    /// @dev An instance of the Verifier contract.
+    function verifier() public view virtual returns (IVerifier) {
+        return _verifier;
+    }
+
+    /// @dev The templateId of the sign hash command.
+    function commandTemplate() public view virtual returns (uint256) {
+        return _commandTemplate;
+    }
+
+    /// @dev Set the {accountSalt}.
+    function _setAccountSalt(bytes32 accountSalt_) internal virtual {
+        _accountSalt = accountSalt_;
+    }
+
+    /// @dev Set the {DKIMRegistry} contract address.
+    function _setDKIMRegistry(IDKIMRegistry registry_) internal virtual {
+        _registry = registry_;
+    }
+
+    /// @dev Set the {verifier} contract address.
+    function _setVerifier(IVerifier verifier_) internal virtual {
+        _verifier = verifier_;
+    }
+
+    /// @dev Set the {commandTemplate} ID.
+    function _setCommandTemplate(uint256 commandTemplate_) internal virtual {
+        _commandTemplate = commandTemplate_;
+    }
+
+    /** @dev Authenticate the email sender and authorize the message in the email command.
+     *
+     * NOTE: This function only verifies the authenticity of the email and command, without
+     * handling replay protection. The calling contract should implement its own mechanisms
+     * to prevent replay attacks, similar to how nonces are used with ECDSA signatures.
+     */
+    function verifyEmail(EmailAuthMsg memory emailAuthMsg) public view virtual {
+        (bool verified, ZKEmailUtils.EmailProofError err) = emailAuthMsg.isValidZKEmail(DKIMRegistry(), verifier());
+        if (!verified) revert InvalidEmailProof(err);
+    }
+
+    /// @inheritdoc AbstractSigner
+    function _rawSignatureValidation(
+        bytes32 hash,
+        bytes calldata signature
+    ) internal view virtual override returns (bool) {
+        EmailAuthMsg memory emailAuthMsg = abi.decode(signature, (EmailAuthMsg));
+        if (
+            abi.decode(emailAuthMsg.commandParams[0], (bytes32)) == hash &&
-            abi.decode(emailAuthMsg.commandParams[0], (bytes32)) == hash &&
+            emailAuthMsg.commandParams.length > 0 &&
+            emailAuthMsg.commandParams[0].length >= 0x20 &&
+            bytes32(emailAuthMsg.commandParams[0]) == hash &&
-            abi.decode(emailAuthMsg.commandParams[0], (bytes32)) == hash &&
+            emailAuthMsg.commandParams.length > 0 &&
+            emailAuthMsg.commandParams[0].length >= 0x20 &&
+            bytes32(emailAuthMsg.commandParams[0]) == hash &&
+            emailAuthMsg.templateId == commandTemplate() &&
+            emailAuthMsg.proof.accountSalt == accountSalt()
+        ) {
+            (bool verified, ) = emailAuthMsg.isValidZKEmail(DKIMRegistry(), verifier());
+            return verified;
+        } else {
+            return false;
+        }
+    }
+}
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
+import {IDKIMRegistry} from "@zk-email/contracts/DKIMRegistry.sol";
+import {IVerifier, EmailProof} from "@zk-email/email-tx-builder/interfaces/IVerifier.sol";
+import {EmailAuthMsg} from "@zk-email/email-tx-builder/interfaces/IEmailTypes.sol";
+import {CommandUtils} from "@zk-email/email-tx-builder/libraries/CommandUtils.sol";
+import {AbstractSigner} from "./AbstractSigner.sol";
+
+library ZKEmailUtils {
+    using Strings for string;
+
+    enum EmailProofError {
+        NoError,
+        DKIMPublicKeyHash, // The DKIM public key hash verification fails
+        MaskedCommandLength, // The masked command length exceeds the maximum
+        SkippedCommandPrefixSize, // The skipped command prefix size is invalid
+        Command, // The command format is invalid
+        EmailProof // The email proof verification fails
+    }
+
+    function isValidZKEmail(
+        EmailAuthMsg memory emailAuthMsg,
+        IDKIMRegistry dkimregistry,
+        IVerifier verifier
+    ) internal view returns (bool, EmailProofError) {
+        if (!dkimregistry.isDKIMPublicKeyHashValid(emailAuthMsg.proof.domainName, emailAuthMsg.proof.publicKeyHash)) {
+            return (false, EmailProofError.DKIMPublicKeyHash);
+        } else if (bytes(emailAuthMsg.proof.maskedCommand).length > verifier.commandBytes()) {
+            return (false, EmailProofError.MaskedCommandLength);
+        } else if (emailAuthMsg.skippedCommandPrefix >= verifier.commandBytes()) {
+            return (false, EmailProofError.SkippedCommandPrefixSize);
+        } else {
+            string[] memory signHashTemplate = new string[](2);
+            signHashTemplate[0] = "signHash";
+            signHashTemplate[1] = CommandUtils.UINT_MATCHER;
+
+            // Construct an expectedCommand from template and the values of emailAuthMsg.commandParams.
+            string memory trimmedMaskedCommand = CommandUtils.removePrefix(
+                emailAuthMsg.proof.maskedCommand,
+                emailAuthMsg.skippedCommandPrefix
+            );
+            for (uint256 stringCase = 0; stringCase < 2; stringCase++) {
+                if (
+                    CommandUtils.computeExpectedCommand(emailAuthMsg.commandParams, signHashTemplate, stringCase).equal(
+                        trimmedMaskedCommand
+                    )
+                ) {
+                    if (verifier.verifyEmailProof(emailAuthMsg.proof)) return (true, EmailProofError.NoError);
+                    else return (false, EmailProofError.EmailProof);
+                }
+            }
+            return (false, EmailProofError.Command);
+        }
+    }
+}
diff --git a/lib/@openzeppelin-contracts b/lib/@openzeppelin-contracts
diff --git a/lib/@openzeppelin-contracts-upgradeable b/lib/@openzeppelin-contracts-upgradeable
@@ -17,10 +17,10 @@
     "prepare-docs": "scripts/prepare-docs.sh",
     "lint": "npm run lint:js && npm run lint:sol",
     "lint:fix": "npm run lint:js:fix && npm run lint:sol:fix",
-    "lint:js": "prettier --log-level warn --ignore-path .gitignore '**/*.{js,ts}' --check && eslint .",
-    "lint:js:fix": "prettier --log-level warn --ignore-path .gitignore '**/*.{js,ts}' --write && eslint . --fix",
-    "lint:sol": "prettier --log-level warn --ignore-path .gitignore '{contracts,test}/**/*.sol' --check && solhint '{contracts,test}/**/*.sol'",
-    "lint:sol:fix": "prettier --log-level warn --ignore-path .gitignore '{contracts,test}/**/*.sol' --write",
+    "lint:js": "prettier --log-level warn '**/*.{js,ts}' --check && eslint .",
+    "lint:js:fix": "prettier --log-level warn '**/*.{js,ts}' --write && eslint . --fix",
+    "lint:sol": "prettier --log-level warn '{contracts,test}/**/*.sol' --check && solhint '{contracts,test}/**/*.sol'",
+    "lint:sol:fix": "prettier --log-level warn '{contracts,test}/**/*.sol' --write",
     "coverage": "scripts/checks/coverage.sh",
     "test": "hardhat test",
     "test:inheritance": "scripts/checks/inheritance-ordering.js artifacts/build-info/*",
@@ -43,7 +43,8 @@
     "zeppelin"
   ],
   "dependencies": {
-    "@axelar-network/axelar-gmp-sdk-solidity": "^6.0.6"
+    "@axelar-network/axelar-gmp-sdk-solidity": "^6.0.6",
+    "@zk-email/contracts": "^6.3.2"
   },
   "devDependencies": {
     "@openzeppelin/contracts": "file:lib/@openzeppelin-contracts",

@@ -2,3 +2,5 @@
 @openzeppelin/contracts-upgradeable/=lib/@openzeppelin-contracts-upgradeable/contracts/
 @openzeppelin/community-contracts/=contracts/
 @axelar-network/axelar-gmp-sdk-solidity/=node_modules/@axelar-network/axelar-gmp-sdk-solidity/
+@zk-email/email-tx-builder/=lib/email-tx-builder/packages/contracts/src/
+@zk-email/contracts/=node_modules/@zk-email/contracts/
@@ -7,7 +7,7 @@ const { findAll } = require('solidity-ast/utils');
 const { _: artifacts } = require('yargs').argv;
 
 // files to skip
-const skipPatterns = ['contracts-exposed/**', 'contracts/mocks/WithInit.sol'];
+const skipPatterns = ['contracts-exposed/**', 'contracts/mocks/WithInit.sol', '@zk-email/**'];
 
 for (const artifact of artifacts) {
   const { output: solcOutput } = require(path.resolve(__dirname, '../..', artifact));
+5 −0		.changeset/mighty-melons-cheer.md
+1 −0		CHANGELOG.md
+3 −3		contracts/interfaces/draft-IERC4337.sol
+6 −6		contracts/interfaces/draft-IERC7579.sol
+2 −2		contracts/mocks/docs/access-control/AccessControlModified.sol
+1 −1		contracts/mocks/token/ERC20ForceApproveMock.sol
+1 −2		contracts/token/ERC20/ERC20.sol
+5 −5		contracts/token/ERC20/README.adoc
+1 −1		contracts/utils/TransientSlot.sol
+40 −2		contracts/utils/cryptography/P256.sol
+4 −4		docs/modules/ROOT/pages/utilities.adoc
+1 −0		hardhat.config.js
+1 −1		hardhat/ignore-unreachable-warnings.js
+124 −131		package-lock.json
+1 −1		package.json
+1 −1		scripts/generate/templates/TransientSlot.js
+1 −1		test/governance/extensions/GovernorVotesSuperQuorumFraction.test.js
+6 −6		test/token/ERC20/extensions/ERC4626.test.js
+0 −8		test/token/ERC721/extensions/ERC721Consecutive.test.js
+22 −0		test/utils/cryptography/P256.t.sol
+56 −30		test/utils/cryptography/P256.test.js