feat!: change jwt nonce to be bytes32

Author: olehmisar

apps/interface/src/lib/services/JwtAccountService.ts

@@ -1,4 +1,3 @@
-import { decodeJwt, isDeployed } from "$lib/utils";
 import deployments from "@repo/contracts/deployments.json";
 import {
   SimpleAccount__factory,
@@ -16,6 +15,7 @@ import {
   getUserOperationHash,
   toSmartAccount,
 } from "viem/account-abstraction";
+import { decodeJwt, isDeployed } from "../utils";
 import {
   ethersSignerToWalletClient,
   getBundlerClient,
@@ -47,17 +47,17 @@ export class JwtAccountService {
   async setOwner(
     jwt: string,
     owner: ethers.Signer,
-    verificationData: JwtVerifier.VerificationDataStruct,
+    params: Omit<JwtVerifier.VerificationDataStruct, "jwtNonce">,
   ) {
-    assert(
-      utils.isAddressEqual(
-        await owner.getAddress(),
-        await ethers.resolveAddress(verificationData.jwtNonce),
-      ),
-      "jwt.nonce mismatch",
-    );
+    const verificationData = {
+      ...params,
+      jwtNonce: ethers.zeroPadValue(await owner.getAddress(), 32),
+    };
+
     const account = await this.getAccount(jwt, owner);
 
+    await this.publicKeyRegistry.requestPublicKeysUpdate();
+
     const bundlerClient = getBundlerClient(
       await ethersSignerToWalletClient(owner),
     );
@@ -93,6 +93,13 @@ export class JwtAccountService {
   }
 }
 
+export async function toJwtNonce(address: ethers.AddressLike) {
+  return ethers
+    .zeroPadValue(await ethers.resolveAddress(address), 32)
+    .toLowerCase()
+    .slice("0x".length);
+}
+
 export interface JwtSmartAccount
   extends Awaited<ReturnType<typeof toJwtSmartAccount>> {}
 

apps/interface/src/routes/+page.svelte

@@ -4,6 +4,7 @@
   import { LocalStore } from "$lib/localStorage.svelte.js";
   import { now } from "$lib/now.svelte.js";
   import SendEthCard from "$lib/SendEthCard.svelte";
+  import { toJwtNonce } from "$lib/services/JwtAccountService.js";
   import { EXTEND_SESSION_SEARCH_PARAM } from "$lib/utils.js";
   import * as web2Auth from "@auth/sveltekit/client";
   import { Ui } from "@repo/ui";
@@ -69,12 +70,7 @@
   async function extendSessionInner() {
     assert(jwt, "no session");
 
-    await lib.publicKeyRegistry.requestPublicKeysUpdate();
-
-    const result = await lib.jwtProver.proveJwt(
-      jwt,
-      toJwtNonce(await signer.getAddress()),
-    );
+    const result = await lib.jwtProver.proveJwt(jwt, await toJwtNonce(signer));
     if (!result) {
       Ui.toast.log(
         "Sign in again please to link your wallet to your Google account",
@@ -90,7 +86,6 @@
     const tx = await lib.jwtAccount.setOwner(jwt, signer, {
       proof,
       jwtIat: input.jwt_iat,
-      jwtNonce: await signer.getAddress(),
       publicKeyHash: input.public_key_hash,
     });
     console.log("recovery tx", tx);
@@ -105,7 +100,7 @@
     signer: ethers.Signer,
     { extendSessionAfterLogin = false } = {},
   ) {
-    const nonce = toJwtNonce(await signer.getAddress());
+    const nonce = await toJwtNonce(signer);
     const callbackUrl = new URL(location.href);
     if (extendSessionAfterLogin) {
       callbackUrl.searchParams.set(
@@ -122,10 +117,6 @@
     );
   }
 
-  function toJwtNonce(address: string) {
-    return address.toLowerCase().slice("0x".length);
-  }
-
   onMount(async () => {
     const url = new URL(location.href);
     if (

packages/evm-contracts/contracts/JwtVerifier.sol

@@ -28,7 +28,7 @@ contract JwtVerifier {
     struct VerificationData {
         bytes proof;
         uint256 jwtIat;
-        address jwtNonce;
+        bytes32 jwtNonce;
         bytes32 publicKeyHash;
     }
 

packages/evm-contracts/contracts/SimpleAccount.sol

@@ -115,7 +115,7 @@ contract SimpleAccount is
         require(result, "JwtAccount: invalid proof");
 
         ownerInfo = Owner({
-            owner: verificationData.jwtNonce,
+            owner: address(uint160(uint256(verificationData.jwtNonce))),
             expirationTimestamp: uint96(block.timestamp) + OWNER_EXPIRATION_TIME
         });
     }

packages/evm-contracts/contracts/Strings.sol

@@ -3,7 +3,6 @@ pragma solidity ^0.8.27;
 
 library Strings {
     bytes16 private constant HEX_DIGITS = "0123456789abcdef";
-    uint8 private constant ADDRESS_LENGTH = 20;
 
     /**
      * @dev The `value` string doesn't fit in the specified `length`.
@@ -27,8 +26,8 @@ library Strings {
     }
 
     function toHexStringWithoutPrefix(
-        address addr
+        bytes32 value
     ) internal pure returns (string memory) {
-        return toHexStringWithoutPrefix(uint256(uint160(addr)), ADDRESS_LENGTH);
+        return toHexStringWithoutPrefix(uint256(value), 32);
     }
 }

packages/evm-contracts/deployments.json

@@ -3,8 +3,8 @@
     "chainId": "84532",
     "contracts": {
       "PublicKeyRegistry": "0xd279B6E1a3322Bc43Ca23C464b2450E5672882d4",
-      "SimpleAccountFactory": "0x14a2e78045Cd2D8F59e9217e4562DD9836939F5d",
-      "UltraVerifier": "0x99d3945D1c34761173cd202DA247547c900159AF"
+      "SimpleAccountFactory": "0x828DEae396706557A02484055D59Adc0376812e4",
+      "UltraVerifier": "0x320E2cc9C73B87e47c18a07B6F18CF575894dCA8"
     },
     "name": "baseSepolia"
   }