Skip to content

feat(v1.0.0): merkle #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
legion2002 wants to merge 6 commits into
base: v1.0.0
Choose a base branch
from
Open

feat(v1.0.0): merkle #393

legion2002 wants to merge 6 commits into from

Conversation

@legion2002
Copy link
Collaborator

@legion2002 legion2002 commented Sep 29, 2025
edited
Loading

Applies PR #388 to v1.0.0 account.

With an additional breaking change, which removes the orchestrator's redundant verifyMerkleSig function, and unifies all flows through the account's native merkle sig verification.

Note: large diff is because of new foundry fmt changes, the main changes are in the IthacaAccount, Orchestrator, Account.t.sol, and Orchestrator.t.sol files

howydev and others added 5 commits September 26, 2025 11:59
@howydev
feat: fix and simplify multichain design (#327)
6dd67d0 
* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* chore: redundant multichain bool

* fix: lint

* .
@howydev @actions-user
feat: remove intent struct (#365)
4cde57e 
* feat: simplify multichain nonce design

* chore: readd merkle verification prefix

* chore: undo blank line addns

* chore: lint

* .

* ~50 failing tests down to 5

* down to 1 failing test

* fixed failing test

* chore: remove console logs and bench

* .

* Update test/Base.t.sol

* Update src/Orchestrator.sol

* Update test/utils/mocks/MockPayerWithSignatureOptimized.sol

* chore: final cleanup, rebench

* Update src/Orchestrator.sol

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount,Orchestrator,SimpleFunder,Simulator

* chore: cleanup

* rebase

* fix

---------

Co-authored-by: GitHub Action <[email protected]>
@legion2002
feat: native merkle sig verification in Account
9b5b848
@legion2002
chore: fmt
40e6a08
@legion2002
chore: unify merkle sig flow for orchestrator multi chain intents
61b3720
@legion2002 legion2002 changed the base branch from main to v1.0.0 September 29, 2025 12:44
@legion2002 legion2002 changed the title /v1.0.0 merkle feat(v1.0.0): merkle Sep 29, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 29, 2025

🤖 Bytecode changes detected! EIP-712 domain versions have been automatically updated for: Orchestrator,SimpleFunder,Simulator

@legion2002 legion2002 requested a review from howydev September 29, 2025 12:48
howydev
howydev reviewed Sep 29, 2025
View reviewed changes
src/IthacaAccount.sol
internal
view
returns (bool isValid, bytes32 keyHash)
{
Copy link
Contributor

@howydev howydev Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

continuing convo from this: https://github.com/ithacaxyz/account/pull/388/files#r2387828490

I think the outer one is entirely ignored, so theres no security issue

return _verifyMerkleSig(digest, signature) -> this overrides the keyHash = ... parsed in the top level call frame

On prehash - IIUC there should only be 1 prehash that's set, in either the outer or inner wrapper. There's a difference between the 2 since the digest has to be in the merkle tree, so which one we want to set depends whether the merkle leaf is sha-ed or not. I don't know which one would be shaed in practice, but the other one would probably be redundant

Copy link
Contributor

@howydev howydev Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something that I just thought to check was whether we'll run into issues around second preimage attacks

I don't see anything thats obvious so far, bringing it up just in case im missing something

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@howydev howydev howydev left review comments

Assignees

@legion2002 legion2002

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@legion2002 @howydev @actions-user