Support value tracking in explicit sessions

Author: ScreamingHawk

packages/wallet/core/src/signers/session/explicit.ts

@@ -1,11 +1,12 @@
-import { Payload, Permission, SessionSignature, Utils } from '@0xsequence/wallet-primitives'
+import { Payload, Permission, SessionSignature, Constants } from '@0xsequence/wallet-primitives'
 import { AbiFunction, AbiParameters, Address, Bytes, Hash, Hex, Provider } from 'ox'
 import { MemoryPkStore, PkStore } from '../pk/index.js'
 import { ExplicitSessionSigner, UsageLimit } from './session.js'
-import { GET_LIMIT_USAGE, INCREMENT_USAGE_LIMIT } from '../../../../primitives/dist/constants.js'
 
 export type ExplicitParams = Omit<Permission.SessionPermissions, 'signer'>
 
+const VALUE_TRACKING_ADDRESS: Address.Address = '0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE'
+
 export class Explicit implements ExplicitSessionSigner {
   private readonly _privateKey: PkStore
 
@@ -28,6 +29,27 @@ export class Explicit implements ExplicitSessionSigner {
     sessionManagerAddress: Address.Address,
     provider?: Provider.Provider,
   ): Promise<Permission.Permission | undefined> {
+    if (call.value !== 0n) {
+      // Validate the value
+      if (!provider) {
+        throw new Error('Value transaction validation requires a provider')
+      }
+      const usageHash = Hash.keccak256(
+        AbiParameters.encode(
+          [
+            { type: 'address', name: 'signer' },
+            { type: 'address', name: 'valueTrackingAddress' },
+          ],
+          [this.address, VALUE_TRACKING_ADDRESS],
+        ),
+      )
+      const { usageAmount } = await this.readCurrentUsageLimit(wallet, sessionManagerAddress, usageHash, provider)
+      const value = Bytes.fromNumber(usageAmount + call.value, { size: 32 })
+      if (Bytes.toBigInt(value) > this.sessionPermissions.valueLimit) {
+        return undefined
+      }
+    }
+
     for (const permission of this.sessionPermissions.permissions) {
       // Validate the permission
       if (await this.validatePermission(permission, call, wallet, sessionManagerAddress, provider)) {
@@ -37,12 +59,12 @@ export class Explicit implements ExplicitSessionSigner {
     return undefined
   }
 
-  async getCurrentUsageLimit(
+  private async getCurrentPermissionUsageLimit(
     wallet: Address.Address,
     sessionManagerAddress: Address.Address,
     permission: Permission.Permission,
     ruleIndex: number | bigint,
-    provider?: Provider.Provider,
+    provider: Provider.Provider,
   ): Promise<UsageLimit> {
     const encodedPermission = {
       target: permission.target,
@@ -54,15 +76,40 @@ export class Explicit implements ExplicitSessionSigner {
         mask: Bytes.toHex(rule.mask),
       })),
     }
-
     const usageHash = Hash.keccak256(
       AbiParameters.encode(
         [{ type: 'address', name: 'signer' }, Permission.permissionStructAbi, { type: 'uint256', name: 'ruleIndex' }],
         [this.address, encodedPermission, BigInt(ruleIndex)],
       ),
     )
-    const readData = AbiFunction.encodeData(GET_LIMIT_USAGE, [wallet, usageHash])
-    const getUsageLimitResult = await provider!.request({
+    return this.readCurrentUsageLimit(wallet, sessionManagerAddress, usageHash, provider)
+  }
+
+  private async getCurrentValueUsageLimit(
+    wallet: Address.Address,
+    sessionManagerAddress: Address.Address,
+    provider: Provider.Provider,
+  ): Promise<UsageLimit> {
+    const usageHash = Hash.keccak256(
+      AbiParameters.encode(
+        [
+          { type: 'address', name: 'signer' },
+          { type: 'address', name: 'valueTrackingAddress' },
+        ],
+        [this.address, VALUE_TRACKING_ADDRESS],
+      ),
+    )
+    return this.readCurrentUsageLimit(wallet, sessionManagerAddress, usageHash, provider)
+  }
+
+  private async readCurrentUsageLimit(
+    wallet: Address.Address,
+    sessionManagerAddress: Address.Address,
+    usageHash: Hex.Hex,
+    provider: Provider.Provider,
+  ): Promise<UsageLimit> {
+    const readData = AbiFunction.encodeData(Constants.GET_LIMIT_USAGE, [wallet, usageHash])
+    const getUsageLimitResult = await provider.request({
       method: 'eth_call',
       params: [
         {
@@ -71,7 +118,7 @@ export class Explicit implements ExplicitSessionSigner {
         },
       ],
     })
-    const usageAmount = AbiFunction.decodeResult(GET_LIMIT_USAGE, getUsageLimitResult)
+    const usageAmount = AbiFunction.decodeResult(Constants.GET_LIMIT_USAGE, getUsageLimitResult)
     return {
       usageHash,
       usageAmount,
@@ -99,7 +146,7 @@ export class Explicit implements ExplicitSessionSigner {
       let value: Bytes.Bytes = callDataValue.map((b, i) => b & rule.mask[i]!)
       if (rule.cumulative) {
         if (provider) {
-          const { usageAmount } = await this.getCurrentUsageLimit(
+          const { usageAmount } = await this.getCurrentPermissionUsageLimit(
             wallet,
             sessionManagerAddress,
             permission,
@@ -109,7 +156,7 @@ export class Explicit implements ExplicitSessionSigner {
           // Increment the value
           value = Bytes.fromNumber(usageAmount + Bytes.toBigInt(value), { size: 32 })
         } else {
-          throw new Error('Cumulative rules require a provider and usage hash')
+          throw new Error('Cumulative rules require a provider')
         }
       }
 
@@ -147,8 +194,8 @@ export class Explicit implements ExplicitSessionSigner {
     provider?: Provider.Provider,
   ): Promise<boolean> {
     if (
-      call.data.length > 4 &&
-      Hex.isEqual(Hex.slice(call.data, 0, 4), AbiFunction.getSelector(INCREMENT_USAGE_LIMIT))
+      Hex.size(call.data) > 4 &&
+      Hex.isEqual(Hex.slice(call.data, 0, 4), AbiFunction.getSelector(Constants.INCREMENT_USAGE_LIMIT))
     ) {
       // Can sign increment usage calls
       return true
@@ -174,8 +221,8 @@ export class Explicit implements ExplicitSessionSigner {
   ): Promise<SessionSignature.SessionCallSignature> {
     let permissionIndex: number
     if (
-      call.data.length > 4 &&
-      Hex.isEqual(Hex.slice(call.data, 0, 4), AbiFunction.getSelector(INCREMENT_USAGE_LIMIT))
+      Hex.size(call.data) > 4 &&
+      Hex.isEqual(Hex.slice(call.data, 0, 4), AbiFunction.getSelector(Constants.INCREMENT_USAGE_LIMIT))
     ) {
       // Permission check not required. Use the first permission
       permissionIndex = 0
@@ -231,12 +278,35 @@ export class Explicit implements ExplicitSessionSigner {
       if (Bytes.toBigInt(value) === 0n) continue
 
       // read on-chain "used so far"
-      const currentUsage = await this.getCurrentUsageLimit(wallet, sessionManagerAddress, perm, ruleIndex, provider)
+      const currentUsage = await this.getCurrentPermissionUsageLimit(
+        wallet,
+        sessionManagerAddress,
+        perm,
+        ruleIndex,
+        provider!,
+      )
       increments.push({
         usageHash: currentUsage.usageHash,
         usageAmount: Bytes.toBigInt(Bytes.fromNumber(currentUsage.usageAmount + Bytes.toBigInt(value), { size: 32 })),
       })
     }
+
+    // Check the value
+    if (call.value !== 0n) {
+      if (!provider) {
+        throw new Error('Value transaction validation requires a provider')
+      }
+      const currentUsage = await this.getCurrentValueUsageLimit(wallet, sessionManagerAddress, provider)
+      const value = Bytes.fromNumber(currentUsage.usageAmount + call.value, { size: 32 })
+      if (Bytes.toBigInt(value) > this.sessionPermissions.valueLimit) {
+        throw new Error('Value transaction validation failed')
+      }
+      increments.push({
+        usageHash: currentUsage.usageHash,
+        usageAmount: Bytes.toBigInt(value),
+      })
+    }
+
     return increments
   }
 }

packages/wallet/core/test/session-manager.test.ts

@@ -281,7 +281,7 @@ describe('SessionManager', () => {
   const simulateTransaction = async (
     provider: Provider.Provider,
     transaction: { to: Address.Address; data: Hex.Hex },
-    expectedEventTopic: Hex.Hex,
+    expectedEventTopic?: Hex.Hex,
   ) => {
     console.log('Simulating transaction', transaction)
     const txHash = await provider.request({
@@ -300,20 +300,21 @@ describe('SessionManager', () => {
       throw new Error('Transaction receipt not found')
     }
 
-    // Check for event
-    if (!receipt.logs) {
-      throw new Error('No events emitted')
-    }
-    if (!receipt.logs.some((log) => log.topics.includes(expectedEventTopic))) {
-      throw new Error(`Expected topic ${expectedEventTopic} not found in event`)
+    if (expectedEventTopic) {
+      // Check for event
+      if (!receipt.logs) {
+        throw new Error('No events emitted')
+      }
+      if (!receipt.logs.some((log) => log.topics.includes(expectedEventTopic))) {
+        throw new Error(`Expected topic ${expectedEventTopic} not found in event`)
+      }
     }
 
     return receipt
   }
 
-  // Submit a real transaction with a wallet that has a SessionManager using implicit session
   it(
-    'Submits a real transaction with a wallet that has a SessionManager using implicit session',
+    'signs a payload using an implicit session',
     async () => {
       // Check the contracts have been deployed
       const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
@@ -384,7 +385,7 @@ describe('SessionManager', () => {
   )
 
   it(
-    'Submits a real transaction with a wallet that has a SessionManager using explicit session',
+    'signs a payload using an explicit session',
     async () => {
       const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
       const chainId = BigInt(await provider.request({ method: 'eth_chainId' }))
@@ -450,7 +451,7 @@ describe('SessionManager', () => {
   )
 
   it(
-    'Submits a real transaction with a wallet that has a SessionManager using explicit session using cumulative rule',
+    'signs a payload using an explicit session',
     async () => {
       const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
       const chainId = BigInt(await provider.request({ method: 'eth_chainId' }))
@@ -525,12 +526,128 @@ describe('SessionManager', () => {
       expect(increment).not.toBeNull()
       expect(increment).toBeDefined()
 
-      if (increment) {
-        // Build, sign and send the transaction
-        const transaction = await buildAndSignCall(wallet, sessionManager, [call, increment], provider, chainId)
-        await simulateTransaction(provider, transaction, EMITTER_EVENT_TOPICS[0])
+      if (!increment) {
+        return
+      }
+
+      // Build, sign and send the transaction
+      const transaction = await buildAndSignCall(wallet, sessionManager, [call, increment], provider, chainId)
+      await simulateTransaction(provider, transaction, EMITTER_EVENT_TOPICS[0])
+
+      // Repeat call fails because the usage limit has been reached
+      try {
+        await sessionManager.prepareIncrement(wallet.address, chainId, [call])
+        throw new Error('Expected call as no signer supported to fail')
+      } catch (error) {
+        expect(error).toBeDefined()
+        expect(error.message).toContain('No signer supported')
+      }
+    },
+    timeout,
+  )
+
+  it(
+    'signs a payload sending value using an explicit session',
+    async () => {
+      const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
+      const chainId = BigInt(await provider.request({ method: 'eth_chainId' }))
+
+      // Create explicit signer
+      const explicitPrivateKey = Secp256k1.randomPrivateKey()
+      const explicitAddress = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey: explicitPrivateKey }))
+      const sessionPermission: Signers.Session.ExplicitParams = {
+        valueLimit: 1000000000000000000n, // 1 ETH
+        deadline: BigInt(Math.floor(Date.now() / 1000) + 3600), // 1 hour from now
+        permissions: [
+          {
+            target: explicitAddress,
+            rules: [
+              {
+                cumulative: true,
+                operation: Permission.ParameterOperation.EQUAL,
+                value: Bytes.padRight(Bytes.fromHex(AbiFunction.getSelector(EMITTER_FUNCTIONS[0])), 32),
+                offset: 0n,
+                mask: Permission.SELECTOR_MASK,
+              },
+            ],
+          },
+        ],
+      }
+      const explicitSigner = new Signers.Session.Explicit(explicitPrivateKey, sessionPermission)
+      // Test manually building the session topology
+      const sessionTopology = SessionConfig.addExplicitSession(SessionConfig.emptySessionsTopology(identityAddress), {
+        ...sessionPermission,
+        signer: explicitSigner.address,
+      })
+      await stateProvider.saveTree(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+      const imageHash = GenericTree.hash(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+
+      // Create the wallet
+      const wallet = await Wallet.fromConfiguration(
+        {
+          threshold: 1n,
+          checkpoint: 0n,
+          topology: [
+            // Random explicit signer will randomise the image hash
+            {
+              type: 'sapient-signer',
+              address: Constants.DefaultSessionManager,
+              weight: 1n,
+              imageHash,
+            },
+            // Include a random node leaf (bytes32) to prevent image hash collision
+            Hex.random(32),
+          ],
+        },
+        {
+          stateProvider,
+        },
+      )
+      // Force 1 ETH to the wallet
+      await provider.request({
+        method: 'anvil_setBalance',
+        params: [wallet.address, Hex.fromNumber(1000000000000000000n)],
+      })
+      // Create the session manager
+      const sessionManager = new Signers.SessionManager(wallet, {
+        provider,
+        explicitSigners: [explicitSigner],
+      })
+
+      const call: Payload.Call = {
+        to: explicitAddress,
+        value: 1000000000000000000n, // 1 ETH
+        data: AbiFunction.encodeData(EMITTER_FUNCTIONS[0]), // Explicit emit
+        gasLimit: 0n,
+        delegateCall: false,
+        onlyFallback: false,
+        behaviorOnError: 'revert',
+      }
+
+      const increment = await sessionManager.prepareIncrement(wallet.address, chainId, [call])
+      expect(increment).not.toBeNull()
+      expect(increment).toBeDefined()
+
+      if (!increment) {
+        return
       }
 
+      // Build, sign and send the transaction
+      const transaction = await buildAndSignCall(wallet, sessionManager, [call, increment], provider, chainId)
+      await simulateTransaction(provider, transaction)
+
+      // Check the balances
+      const walletBalance = await provider.request({
+        method: 'eth_getBalance',
+        params: [wallet.address, 'latest'],
+      })
+      expect(BigInt(walletBalance)).toBe(0n)
+      const explicitAddressBalance = await provider.request({
+        method: 'eth_getBalance',
+        params: [explicitAddress, 'latest'],
+      })
+      expect(BigInt(explicitAddressBalance)).toBe(1000000000000000000n)
+
       // Repeat call fails because the usage limit has been reached
       try {
         await sessionManager.prepareIncrement(wallet.address, chainId, [call])