Merge pull request #91 from cometh-hq/develop

Develop

Author: yoanslvy

bun.lockb

@@ -6,7 +6,7 @@
       "name": "yoanslvy"
     }
   ],
-  "version": "1.0.13",
+  "version": "1.0.14",
   "description": "SDK Cometh Connect 4337",
   "repository": "https://github.com/cometh-hq/connect-sdk-4337.git",
   "keywords": [
@@ -45,7 +45,7 @@
     "build": "tsup --splitting"
   },
   "peerDependencies": {
-    "viem": "^2.22.23",
+    "viem": "^2.31.1",
     "wagmi": "^2"
   },
   "devDependencies": {

packages/sdk/package.json

@@ -11,7 +11,6 @@ const SENTINEL_MODULES =
 const SAFE_7579_ADDRESS: Address = "0x7579EE8307284F293B1927136486880611F20002";
 const LAUNCHPAD_ADDRESS: Address = "0x7579011aB74c46090561ea277Ba79D510c6C00ff";
 
-const add7579FunctionSelector = "0xd78343d9";
 const hardcodeVerificationGasLimit7579 = 1000000n;
 const FALLBACK_TARGET_FLAG =
     "0x0000000000000000000000000000000000000001" as Address;
@@ -35,7 +34,6 @@ export {
     FALLBACK_TARGET_FLAG,
     FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION,
     customChains,
-    add7579FunctionSelector,
     hardcodeVerificationGasLimit7579,
     defaultClientConfig,
 };

packages/sdk/src/constants.ts

@@ -38,7 +38,7 @@ import {
     getSafeInitializer,
 } from "./services/safe";
 
-import { SAFE_7579_ADDRESS, add7579FunctionSelector } from "@/constants";
+import { SAFE_7579_ADDRESS } from "@/constants";
 import { MethodNotSupportedError } from "@/errors";
 import { isSmartAccountDeployed } from "permissionless";
 import type { ToSafeSmartAccountReturnType } from "permissionless/accounts";
@@ -325,7 +325,6 @@ export async function createSafeSmartAccount<
         async signMessage({ message }) {
             return safeSigner.signMessage({ message });
         },
-
         async signTypedData() {
             throw new MethodNotSupportedError();
         },
@@ -379,12 +378,12 @@ export async function createSafeSmartAccount<
             }
 
             // set fallback 7579 in delegateCall
-            const modifiedCalls = calls.map((call) => ({
+            // biome-ignore lint/suspicious/noExplicitAny: to Allow nested delegatecalls
+            const modifiedCalls = calls.map((call: any) => ({
                 ...call,
                 data: call.data ?? "0x",
                 value: call.value ?? BigInt(0),
-                operation:
-                    call.data?.slice(0, 10) === add7579FunctionSelector ? 1 : 0,
+                operation: call.operation ?? 0,
             }));
 
             if (hasMultipleCalls) {
@@ -417,7 +416,7 @@ export async function createSafeSmartAccount<
                     modifiedCalls[0].to,
                     modifiedCalls[0].value,
                     modifiedCalls[0].data,
-                    modifiedCalls[0].operation,
+                    modifiedCalls[0].operation ?? 0,
                 ],
             });
         },

packages/sdk/src/core/accounts/safe/createSafeSmartAccount.ts

@@ -118,6 +118,7 @@ export async function setFallbackTo7579<
                 ],
             }),
             value: BigInt(0),
+            operation: 1,
         },
     ];
 

packages/sdk/src/core/actions/accounts/7579/setFallbackTo7579.ts

@@ -3,26 +3,34 @@ import {
     retrieveSmartAccountAddressFromPasskey,
     retrieveSmartAccountAddressFromPasskeyId,
 } from "@/core/signers/passkeys/passkeyService";
-import type { Address, Chain } from "viem";
+import type { Address, Chain, PublicClient } from "viem";
 
 /**
  * Function used to retrieve an account address from passkeys
  * @param apiKey
  * @param chain
  * @param fullDomainSelected
  */
-export const retrieveAccountAddressFromPasskeys = async (
-    apiKey: string,
-    chain: Chain,
+export const retrieveAccountAddressFromPasskeys = async ({
+    apiKey,
+    chain,
     fullDomainSelected = false,
-    baseUrl?: string
-): Promise<Address> => {
+    baseUrl,
+    publicClient,
+}: {
+    apiKey: string;
+    chain: Chain;
+    fullDomainSelected: boolean;
+    baseUrl?: string;
+    publicClient?: PublicClient;
+}): Promise<Address> => {
     const api = new API(apiKey, baseUrl);
 
     return await retrieveSmartAccountAddressFromPasskey(
         api,
         chain,
-        fullDomainSelected
+        fullDomainSelected,
+        publicClient
     );
 };
 
@@ -39,12 +47,14 @@ export const retrieveAccountAddressFromPasskeyId = async ({
     chain,
     fullDomainSelected = false,
     baseUrl,
+    publicClient,
 }: {
     apiKey: string;
     id: string;
     chain: Chain;
     fullDomainSelected: boolean;
     baseUrl?: string;
+    publicClient?: PublicClient;
 }): Promise<Address> => {
     const api = new API(apiKey, baseUrl);
 
@@ -53,5 +63,6 @@ export const retrieveAccountAddressFromPasskeyId = async ({
         id,
         chain,
         fullDomainSelected,
+        publicClient,
     });
 };

packages/sdk/src/core/actions/accounts/retrieveAccountAddressFromPasskey.ts

@@ -60,6 +60,7 @@ export async function grantPermission<
             to: preparedPermission.action.target,
             data: preparedPermission.action.callData,
             value: BigInt(0),
+            operation: 0,
         },
     ];
 
@@ -117,6 +118,7 @@ export async function grantPermission<
                 ],
             }),
             value: BigInt(0),
+            operation: 1,
         });
     }
 

packages/sdk/src/core/modules/sessionKey/decorators/grantPermission.ts

@@ -1,16 +1,22 @@
+import { SafeAbi } from "@/core/accounts/safe/abi/safe";
+import { SafeWebAuthnSharedSignerAbi } from "@/core/accounts/safe/abi/sharedWebAuthnSigner";
 import { isSafeOwner } from "@/core/accounts/safe/services/safe";
 import type { API } from "@/core/services/API";
 import { parseAuthenticatorData } from "@simplewebauthn/server/helpers";
 import CBOR from "cbor-js";
 import elliptic from "elliptic";
+import { isSmartAccountDeployed } from "permissionless";
 import psl from "psl";
 import type { ParsedDomain } from "psl";
 import {
+    http,
     type Address,
     type Chain,
     type Hex,
     type PublicClient,
+    createPublicClient,
     encodeAbiParameters,
+    getContract,
     hashMessage,
     keccak256,
     toBytes,
@@ -406,7 +412,8 @@ const getPasskeySigner = async ({
 const retrieveSmartAccountAddressFromPasskey = async (
     API: API,
     chain: Chain,
-    fullDomainSelected: boolean
+    fullDomainSelected: boolean,
+    publicClient?: PublicClient
 ): Promise<Address> => {
     let publicKeyId: Hex;
 
@@ -435,6 +442,15 @@ const retrieveSmartAccountAddressFromPasskey = async (
     const { smartAccountAddress, publicKeyX, publicKeyY, signerAddress } =
         webAuthnSignerForGivenChain;
 
+    await _checkIfOwner({
+        smartAccountAddress: smartAccountAddress as Address,
+        signerAddress: signerAddress as Address,
+        publicKeyX: publicKeyX as Hex,
+        publicKeyY: publicKeyY as Hex,
+        chain,
+        publicClient: publicClient as PublicClient,
+    });
+
     setPasskeyInStorage(
         smartAccountAddress as Address,
         publicKeyId,
@@ -451,11 +467,13 @@ const retrieveSmartAccountAddressFromPasskeyId = async ({
     id,
     chain,
     fullDomainSelected,
+    publicClient,
 }: {
     API: API;
     id: string;
     chain: Chain;
     fullDomainSelected: boolean;
+    publicClient?: PublicClient;
 }): Promise<Address> => {
     const publicKeyCredentials = [
         {
@@ -488,10 +506,18 @@ const retrieveSmartAccountAddressFromPasskeyId = async ({
     );
     if (!webAuthnSignerForGivenChain)
         throw new NoPasskeySignerFoundForGivenChain();
-
     const { smartAccountAddress, publicKeyX, publicKeyY, signerAddress } =
         webAuthnSignerForGivenChain;
 
+    await _checkIfOwner({
+        chain,
+        smartAccountAddress: smartAccountAddress as Address,
+        signerAddress: signerAddress as Address,
+        publicKeyX: publicKeyX as Hex,
+        publicKeyY: publicKeyY as Hex,
+        publicClient: publicClient as PublicClient,
+    });
+
     setPasskeyInStorage(
         smartAccountAddress as Address,
         publicKeyId,
@@ -503,6 +529,62 @@ const retrieveSmartAccountAddressFromPasskeyId = async ({
     return smartAccountAddress as Address;
 };
 
+const _checkIfOwner = async ({
+    chain,
+    smartAccountAddress,
+    signerAddress,
+    publicKeyX,
+    publicKeyY,
+    publicClient,
+}: {
+    chain: Chain;
+    smartAccountAddress: Address;
+    signerAddress: Address;
+    publicKeyX: Hex;
+    publicKeyY: Hex;
+    publicClient: PublicClient;
+}) => {
+    const _publicClient =
+        publicClient ??
+        createPublicClient({
+            chain,
+            transport: http(),
+        });
+
+    const safe = getContract({
+        address: smartAccountAddress as Address,
+        abi: SafeAbi,
+        client: _publicClient,
+    });
+
+    const sharedWebAuthnSigner = getContract({
+        address: signerAddress as Address,
+        abi: SafeWebAuthnSharedSignerAbi,
+        client: _publicClient,
+    });
+
+    const isSafeDeployed = await isSmartAccountDeployed(
+        _publicClient,
+        smartAccountAddress as Address
+    );
+    if (!isSafeDeployed) return;
+
+    const [isSignerOwner, sharedWebAuthnSignerConfiguration] =
+        await Promise.all([
+            await safe.read.isOwner([signerAddress]),
+            await sharedWebAuthnSigner.read.getConfiguration([
+                smartAccountAddress as Address,
+            ]),
+        ]);
+
+    if (!isSignerOwner) throw new SignerNotOwnerError();
+
+    if (
+        sharedWebAuthnSignerConfiguration.x !== BigInt(publicKeyX) ||
+        sharedWebAuthnSignerConfiguration.y !== BigInt(publicKeyY)
+    )
+        throw new SignerNotOwnerError();
+};
 export {
     createPasskeySigner,
     getPasskeyInStorage,