Feat/gnark zkemail

[Peartes]

This commit adds in the zk email authenticator into the AA contract

[crucible-burnt]

🔍 Crucible Security Review

Summary

Adds ZK Email authenticator support to the Account contract, enabling email-based authentication via DKIM proofs. Integrates with the xion DKIM module for proof verification.

Security Assessment

• Risk Level: Medium (feature addition, new attack surface)
• Proof validation: Properly delegates to xion DKIM module via gRPC query
• Signature length check: 700-byte minimum enforces reasonable proof size
• Email host validation: Non-empty check prevents misconfiguration
• Verification before save: Signature verified before storing authenticator

Potential Concerns:

• Email salt handling: Verify salt is truly random and properly isolated per user; check if public_inputs use leaks information
• Allowed hosts update: Requires signature verification before allowing new hosts (current: unverified update possible)

Immunefi Pattern Check

• ✅ No proto.Message singletons
• ✅ No JWT validation gaps
• ✅ No fee bypass paths
• ✅ Proper state validation
• ✅ Signature verification before storage

False Report Risk

• Email salt format needs documentation to prevent claims of "plaintext email storage"
• Add comments on DKIM verification to prevent "unverified signature" reports

Code Quality

• Strong error handling with descriptive types
• Good cosmwasm_std abstractions
• Test coverage with sample proofs ✓
• Note: remove_auth_method validation logic change needs separate verification

Recommendation

Approve with minor improvements:

• Document email_salt format and privacy implications
• Add signature check to update_allowed_email_hosts
• Verify remove_auth_method change separately

[crucible-burnt]

🔍 Crucible Security Review

Summary

Adds gnark-based ZKEmail verification support. Updates CosmWasm dependencies and adds new protobuf/cosmos SDK dependencies.

Security Assessment

• Risk Level: Medium ⚠️ (new ZK functionality)
• Dependency updates:
  • cosmwasm-* 2.2.2 → 2.3.2
  • anyhow 1.0.100 → 1.0.101
  • bytes 1.10.1 → 1.11.1
• New dependencies:
  • cosmos-sdk-proto from burnt-labs fork (feat/xion-zk branch)
  • pbjson, pbjson-types, prost, tendermint-proto
  • chrono for timestamp handling
  • aho-corasick for pattern matching (likely for email parsing)

Immunefi Pattern Check

• New attack surface: Email verification via ZK proofs
• Custom cosmos-sdk-proto fork requires supply chain review
• No known matches to existing patterns (new functionality)

False Report Risk

• ZKEmail is complex — document security assumptions clearly
• Email parsing has historically been a source of vulnerabilities

Code Quality Notes

• Using forked cosmos-sdk-proto from burnt-labs — ensure fork maintenance plan
• chrono added without tz feature — verify timezone handling is intentional
• bitflags 2.10.0 added as new dependency
• Recommendation: Pin cosmos-sdk-proto to specific commit rather than branch

Status

Requires deeper cryptographic review. ZKEmail implementations need specialist attention. Recommend:

1. Document fork maintenance plan for cosmos-sdk-proto
2. Ensure email parsing is robust against malformed inputs
3. Dedicated ZK circuit audit before mainnet