New sessions replay protection hashes payload

Author: ScreamingHawk

packages/wallet/core/src/signers/session/explicit.ts

@@ -263,13 +263,7 @@ export class Explicit implements ExplicitSessionSigner {
     }
 
     // Sign it
-    const callHash = SessionSignature.hashCallWithReplayProtection(
-      wallet,
-      payload,
-      callIdx,
-      chainId,
-      sessionManagerAddress,
-    )
+    const callHash = SessionSignature.hashPayloadWithCallIdx(wallet, payload, callIdx, chainId, sessionManagerAddress)
     const sessionSignature = await this._privateKey.signDigest(Bytes.fromHex(callHash))
     return {
       permissionIndex: BigInt(permissionIndex),

packages/wallet/core/src/signers/session/implicit.ts

@@ -115,13 +115,7 @@ export class Implicit implements ImplicitSessionSigner {
     if (!isSupported) {
       throw new Error('Unsupported call')
     }
-    const callHash = SessionSignature.hashCallWithReplayProtection(
-      wallet,
-      payload,
-      callIdx,
-      chainId,
-      sessionManagerAddress,
-    )
+    const callHash = SessionSignature.hashPayloadWithCallIdx(wallet, payload, callIdx, chainId, sessionManagerAddress)
     const sessionSignature = await this._privateKey.signDigest(Bytes.fromHex(callHash))
     return {
       attestation: this._attestation,

packages/wallet/core/test/session-manager.test.ts

@@ -13,7 +13,7 @@ import {
   USDC_ADDRESS,
 } from './constants'
 import { Extensions } from '@0xsequence/wallet-primitives'
-import { ExplicitSessionConfig } from '../../wdk/src/sequence/types/sessions.js'
+import { ExplicitSessionConfig } from '../src/utils/session/types.js'
 
 const { PermissionBuilder, ERC20PermissionBuilder } = Utils
 
@@ -34,6 +34,10 @@ const ALL_EXTENSIONS = [
     name: 'Rc3',
     ...Extensions.Rc3,
   },
+  {
+    name: 'Rc4',
+    ...Extensions.Rc4,
+  },
 ]
 
 // Handle the increment call being first or last depending on the session manager version
@@ -561,7 +565,7 @@ for (const extension of ALL_EXTENSIONS) {
         }
 
         // Sign the transaction
-        expect(sessionManager.signSapient(wallet.address, chainId, payload, imageHash)).rejects.toThrow(
+        await expect(sessionManager.signSapient(wallet.address, chainId, payload, imageHash)).rejects.toThrow(
           `Signer supporting call is expired: ${explicitSigner.address}`,
         )
       },

packages/wallet/dapp-client/src/ChainSessionManager.ts

@@ -221,7 +221,7 @@ export class ChainSessionManager {
       stateProvider: this.stateProvider,
     })
     this.sessionManager = new Signers.SessionManager(this.wallet, {
-      sessionManagerAddress: Extensions.Rc3.sessions,
+      sessionManagerAddress: Extensions.Rc4.sessions,
       provider: this.provider!,
     })
     this.isInitialized = true
@@ -730,7 +730,7 @@ export class ChainSessionManager {
     for (let attempt = 1; attempt <= maxRetries; attempt++) {
       try {
         const tempManager = new Signers.SessionManager(this.wallet, {
-          sessionManagerAddress: Extensions.Rc3.sessions,
+          sessionManagerAddress: Extensions.Rc4.sessions,
           provider: this.provider,
         })
         const topology = await tempManager.getTopology()

packages/wallet/primitives/src/extensions/index.ts

@@ -24,5 +24,12 @@ export const Rc3: Extensions = {
   sessions: '0x0000000000CC58810c33F3a0D78aA1Ed80FaDcD8',
 }
 
+//FIXME This is a placeholder for the actual Rc4 extension
+export const Rc4: Extensions = {
+  passkeys: Rc3.passkeys,
+  recovery: Rc3.recovery,
+  sessions: '0x6f1092241e82bD0786C5DA6b6919AD38966fff8E',
+}
+
 export * as Passkeys from './passkeys.js'
 export * as Recovery from './recovery.js'

packages/wallet/primitives/src/payload.ts

@@ -184,6 +184,10 @@ export function isCalls4337_07(payload: Payload): payload is Calls4337_07 {
   return payload.type === 'call_4337_07'
 }
 
+export function isParented(payload: Payload): payload is Parented {
+  return 'parentWallets' in payload
+}
+
 export function toRecovery<T extends MayRecoveryPayload>(payload: T): Recovery<T> {
   if (isRecovery(payload)) {
     return payload

packages/wallet/primitives/src/session-signature.ts

@@ -281,31 +281,40 @@ export function decodeSessionSignature(encodedSignatures: Bytes.Bytes): {
  * @param sessionManagerAddress The session manager address to compile the hash for. Only required to support deprecated hash encodings for Dev1, Dev2 and Rc3.
  * @returns The hash of the call with replay protection parameters for sessions.
  */
-export function hashCallWithReplayProtection(
+export function hashPayloadWithCallIdx(
   wallet: Address.Address,
-  payload: Payload.Calls,
+  payload: Payload.Calls & Payload.Parent,
   callIdx: number,
   chainId: number,
   sessionManagerAddress?: Address.Address,
 ): Hex.Hex {
-  const call = payload.calls[callIdx]!
   // Support deprecated hashes for Dev1, Dev2 and Rc3
-  const ignoreCallIdx =
+  const deprecatedHashing =
     sessionManagerAddress &&
     (Address.isEqual(sessionManagerAddress, Extensions.Dev1.sessions) ||
-      Address.isEqual(sessionManagerAddress, Extensions.Dev2.sessions))
-  const ignoreWallet =
-    ignoreCallIdx || (sessionManagerAddress && Address.isEqual(sessionManagerAddress, Extensions.Rc3.sessions))
-  return Hex.fromBytes(
-    Hash.keccak256(
-      Bytes.concat(
-        ignoreWallet ? Bytes.from([]) : Bytes.fromHex(wallet),
-        Bytes.fromNumber(chainId, { size: 32 }),
-        Bytes.fromNumber(payload.space, { size: 32 }),
-        Bytes.fromNumber(payload.nonce, { size: 32 }),
-        ignoreCallIdx ? Bytes.from([]) : Bytes.fromNumber(callIdx, { size: 32 }),
-        Bytes.fromHex(Payload.hashCall(call)),
+      Address.isEqual(sessionManagerAddress, Extensions.Dev2.sessions) ||
+      Address.isEqual(sessionManagerAddress, Extensions.Rc3.sessions))
+  if (deprecatedHashing) {
+    const call = payload.calls[callIdx]!
+    const ignoreCallIdx = !Address.isEqual(sessionManagerAddress, Extensions.Rc3.sessions)
+    return Hex.fromBytes(
+      Hash.keccak256(
+        Bytes.concat(
+          Bytes.fromNumber(chainId, { size: 32 }),
+          Bytes.fromNumber(payload.space, { size: 32 }),
+          Bytes.fromNumber(payload.nonce, { size: 32 }),
+          ignoreCallIdx ? Bytes.from([]) : Bytes.fromNumber(callIdx, { size: 32 }),
+          Bytes.fromHex(Payload.hashCall(call)),
+        ),
       ),
-    ),
-  )
+    )
+  }
+  // Current hashing scheme uses entire payload hash and call index (without last parent)
+  const parentWallets = payload.parentWallets
+  if (payload.parentWallets && payload.parentWallets.length > 0) {
+    payload.parentWallets.pop()
+  }
+  const payloadHash = Payload.hash(wallet, chainId, payload)
+  payload.parentWallets = parentWallets
+  return Hex.fromBytes(Hash.keccak256(Bytes.concat(payloadHash, Bytes.fromNumber(callIdx, { size: 32 }))))
 }

packages/wallet/primitives/test/session-signature.test.ts

@@ -11,7 +11,7 @@ import {
   encodeSessionCallSignatureForJson,
   encodeSessionSignature,
   ExplicitSessionCallSignature,
-  hashCallWithReplayProtection,
+  hashPayloadWithCallIdx,
   ImplicitSessionCallSignature,
   isExplicitSessionCallSignature,
   isImplicitSessionCallSignature,
@@ -445,24 +445,24 @@ describe('Session Signature', () => {
   })
 
   describe('Helper Functions', () => {
-    describe('hashCallWithReplayProtection', () => {
+    describe('hashPayloadWithCallIdx', () => {
       it('should hash call with replay protection parameters', () => {
-        const result = hashCallWithReplayProtection(testAddress1, samplePayload, 0, testChainId)
+        const result = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, testChainId)
 
         expect(result).toMatch(/^0x[0-9a-f]{64}$/) // 32-byte hex string
         expect(Hex.size(result)).toBe(32)
       })
 
       it('should produce different hashes for different chain IDs', () => {
-        const hash1 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, ChainId.MAINNET)
-        const hash2 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, ChainId.POLYGON)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, ChainId.MAINNET)
+        const hash2 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, ChainId.POLYGON)
 
         expect(hash1).not.toBe(hash2)
       })
 
       it('should produce different hashes for different spaces', () => {
-        const hash1 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, testChainId)
-        const hash2 = hashCallWithReplayProtection(
+        const hash1 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, testChainId)
+        const hash2 = hashPayloadWithCallIdx(
           testAddress1,
           { ...samplePayload, space: samplePayload.space + 1n },
           0,
@@ -473,8 +473,8 @@ describe('Session Signature', () => {
       })
 
       it('should produce different hashes for different nonces', () => {
-        const hash1 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, testChainId)
-        const hash2 = hashCallWithReplayProtection(
+        const hash1 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, testChainId)
+        const hash2 = hashPayloadWithCallIdx(
           testAddress1,
           { ...samplePayload, nonce: samplePayload.nonce + 1n },
           0,
@@ -491,17 +491,17 @@ describe('Session Signature', () => {
         }
         const payload2 = { ...samplePayload, calls: [call2] }
 
-        const hash1 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, testChainId)
-        const hash2 = hashCallWithReplayProtection(testAddress1, payload2, 0, testChainId)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, testChainId)
+        const hash2 = hashPayloadWithCallIdx(testAddress1, payload2, 0, testChainId)
 
         expect(hash1).not.toBe(hash2)
       })
 
       it('should produce different hashes for different wallets', () => {
         const payload = { ...samplePayload, calls: [sampleCall, sampleCall] }
 
-        const hash1 = hashCallWithReplayProtection(testAddress1, payload, 0, testChainId)
-        const hash2 = hashCallWithReplayProtection(testAddress2, payload, 0, testChainId)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, payload, 0, testChainId)
+        const hash2 = hashPayloadWithCallIdx(testAddress2, payload, 0, testChainId)
 
         expect(hash1).not.toBe(hash2)
       })
@@ -511,8 +511,8 @@ describe('Session Signature', () => {
         // This is exploitable and should not be used in practice
         const payload = { ...samplePayload, calls: [sampleCall, sampleCall] }
 
-        const hash1 = hashCallWithReplayProtection(testAddress1, payload, 0, testChainId, Extensions.Dev1.sessions)
-        const hash2 = hashCallWithReplayProtection(testAddress2, payload, 0, testChainId, Extensions.Dev2.sessions)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, payload, 0, testChainId, Extensions.Dev1.sessions)
+        const hash2 = hashPayloadWithCallIdx(testAddress2, payload, 0, testChainId, Extensions.Dev2.sessions)
 
         expect(hash1).toBe(hash2)
       })
@@ -522,9 +522,9 @@ describe('Session Signature', () => {
         // This is exploitable and should not be used in practice
         const payload = { ...samplePayload, calls: [sampleCall, sampleCall] }
 
-        const hash1 = hashCallWithReplayProtection(testAddress1, payload, 0, testChainId, Extensions.Dev1.sessions)
-        const hash2 = hashCallWithReplayProtection(testAddress2, payload, 0, testChainId, Extensions.Rc3.sessions)
-        const hash3 = hashCallWithReplayProtection(testAddress2, payload, 0, testChainId)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, payload, 0, testChainId, Extensions.Dev1.sessions)
+        const hash2 = hashPayloadWithCallIdx(testAddress2, payload, 0, testChainId, Extensions.Rc3.sessions)
+        const hash3 = hashPayloadWithCallIdx(testAddress2, payload, 0, testChainId)
 
         expect(hash1).not.toBe(hash2)
         expect(hash1).not.toBe(hash3)
@@ -534,8 +534,8 @@ describe('Session Signature', () => {
       it('should produce different hashes for same call at different index', () => {
         const payload = { ...samplePayload, calls: [sampleCall, sampleCall] }
 
-        const hash1 = hashCallWithReplayProtection(testAddress1, payload, 0, testChainId)
-        const hash2 = hashCallWithReplayProtection(testAddress1, payload, 1, testChainId)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, payload, 0, testChainId)
+        const hash2 = hashPayloadWithCallIdx(testAddress1, payload, 1, testChainId)
 
         expect(hash1).not.toBe(hash2)
       })
@@ -545,15 +545,15 @@ describe('Session Signature', () => {
         // This is exploitable and should not be used in practice
         const payload = { ...samplePayload, calls: [sampleCall, sampleCall] }
 
-        const hash1 = hashCallWithReplayProtection(testAddress1, payload, 0, testChainId, Extensions.Dev1.sessions)
-        const hash2 = hashCallWithReplayProtection(testAddress1, payload, 1, testChainId, Extensions.Dev1.sessions)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, payload, 0, testChainId, Extensions.Dev1.sessions)
+        const hash2 = hashPayloadWithCallIdx(testAddress1, payload, 1, testChainId, Extensions.Dev1.sessions)
 
         expect(hash1).toBe(hash2)
       })
 
       it('should be deterministic', () => {
-        const hash1 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, testChainId)
-        const hash2 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, testChainId)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, testChainId)
+        const hash2 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, testChainId)
 
         expect(hash1).toBe(hash2)
       })
@@ -563,7 +563,7 @@ describe('Session Signature', () => {
         const largeSpace = 2n ** 16n
         const largeNonce = 2n ** 24n
 
-        const result = hashCallWithReplayProtection(
+        const result = hashPayloadWithCallIdx(
           testAddress1,
           { ...samplePayload, space: largeSpace, nonce: largeNonce },
           0,
@@ -573,7 +573,7 @@ describe('Session Signature', () => {
       })
 
       it('should handle zero values', () => {
-        const result = hashCallWithReplayProtection(testAddress1, { ...samplePayload, space: 0n, nonce: 0n }, 0, 0)
+        const result = hashPayloadWithCallIdx(testAddress1, { ...samplePayload, space: 0n, nonce: 0n }, 0, 0)
         expect(result).toMatch(/^0x[0-9a-f]{64}$/)
       })
 
@@ -584,7 +584,7 @@ describe('Session Signature', () => {
         }
         const payload = { ...samplePayload, calls: [callWithEmptyData] }
 
-        const result = hashCallWithReplayProtection(testAddress1, payload, 0, testChainId)
+        const result = hashPayloadWithCallIdx(testAddress1, payload, 0, testChainId)
         expect(result).toMatch(/^0x[0-9a-f]{64}$/)
       })
 
@@ -595,8 +595,8 @@ describe('Session Signature', () => {
         }
         const payload = { ...samplePayload, calls: [delegateCall] }
 
-        const hash1 = hashCallWithReplayProtection(testAddress1, samplePayload, 0, testChainId)
-        const hash2 = hashCallWithReplayProtection(testAddress1, payload, 0, testChainId)
+        const hash1 = hashPayloadWithCallIdx(testAddress1, samplePayload, 0, testChainId)
+        const hash2 = hashPayloadWithCallIdx(testAddress1, payload, 0, testChainId)
 
         expect(hash1).not.toBe(hash2)
       })
@@ -780,7 +780,7 @@ describe('Session Signature', () => {
 
       // Generate hashes for each call
       const hashes = calls.map((call) =>
-        hashCallWithReplayProtection(testAddress1, payload, calls.indexOf(call), testChainId),
+        hashPayloadWithCallIdx(testAddress1, payload, calls.indexOf(call), testChainId),
       )
 
       // All hashes should be valid and different

packages/wallet/wdk/src/sequence/manager.ts

@@ -85,7 +85,7 @@ export type ManagerOptions = {
 export const ManagerOptionsDefaults = {
   verbose: false,
 
-  extensions: Extensions.Rc3,
+  extensions: Extensions.Rc4,
   context: Context.Rc3,
   context4337: Context.Rc3_4337,
   guest: Constants.DefaultGuestAddress,