Merge pull request #119 from Virtual-Protocol/feat/yang-check-acp-agent-env-correctness

feat: add read contract check on session signer

Author: Ang-dot

src/abis/singleSignerValidationModuleAbi.ts

@@ -0,0 +1,214 @@
+const SINGLE_SIGNER_VALIDATION_MODULE_ABI = [
+  { inputs: [], name: "InvalidSignatureType", type: "error" },
+  {
+    inputs: [],
+    name: "NotAuthorized",
+    type: "error",
+  },
+  { inputs: [], name: "NotImplemented", type: "error" },
+  {
+    inputs: [],
+    name: "UnexpectedDataPassed",
+    type: "error",
+  },
+  {
+    anonymous: true,
+    inputs: [
+      {
+        indexed: true,
+        internalType: "address",
+        name: "account",
+        type: "address",
+      },
+      {
+        indexed: true,
+        internalType: "uint32",
+        name: "entityId",
+        type: "uint32",
+      },
+      {
+        indexed: true,
+        internalType: "address",
+        name: "newSigner",
+        type: "address",
+      },
+      {
+        indexed: false,
+        internalType: "address",
+        name: "previousSigner",
+        type: "address",
+      },
+    ],
+    name: "SignerTransferred",
+    type: "event",
+  },
+  {
+    inputs: [],
+    name: "moduleId",
+    outputs: [{ internalType: "string", name: "", type: "string" }],
+    stateMutability: "pure",
+    type: "function",
+  },
+  {
+    inputs: [{ internalType: "bytes", name: "data", type: "bytes" }],
+    name: "onInstall",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function",
+  },
+  {
+    inputs: [{ internalType: "bytes", name: "data", type: "bytes" }],
+    name: "onUninstall",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function",
+  },
+  {
+    inputs: [
+      { internalType: "address", name: "account", type: "address" },
+      {
+        internalType: "bytes32",
+        name: "hash",
+        type: "bytes32",
+      },
+    ],
+    name: "replaySafeHash",
+    outputs: [{ internalType: "bytes32", name: "", type: "bytes32" }],
+    stateMutability: "view",
+    type: "function",
+  },
+  {
+    inputs: [
+      { internalType: "uint32", name: "entityId", type: "uint32" },
+      {
+        internalType: "address",
+        name: "account",
+        type: "address",
+      },
+    ],
+    name: "signers",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function",
+  },
+  {
+    inputs: [{ internalType: "bytes4", name: "interfaceId", type: "bytes4" }],
+    name: "supportsInterface",
+    outputs: [{ internalType: "bool", name: "", type: "bool" }],
+    stateMutability: "view",
+    type: "function",
+  },
+  {
+    inputs: [
+      { internalType: "uint32", name: "entityId", type: "uint32" },
+      {
+        internalType: "address",
+        name: "newSigner",
+        type: "address",
+      },
+    ],
+    name: "transferSigner",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function",
+  },
+  {
+    inputs: [
+      { internalType: "address", name: "account", type: "address" },
+      {
+        internalType: "uint32",
+        name: "entityId",
+        type: "uint32",
+      },
+      { internalType: "address", name: "sender", type: "address" },
+      {
+        internalType: "uint256",
+        name: "",
+        type: "uint256",
+      },
+      { internalType: "bytes", name: "", type: "bytes" },
+      {
+        internalType: "bytes",
+        name: "",
+        type: "bytes",
+      },
+    ],
+    name: "validateRuntime",
+    outputs: [],
+    stateMutability: "view",
+    type: "function",
+  },
+  {
+    inputs: [
+      { internalType: "address", name: "account", type: "address" },
+      {
+        internalType: "uint32",
+        name: "entityId",
+        type: "uint32",
+      },
+      { internalType: "address", name: "", type: "address" },
+      {
+        internalType: "bytes32",
+        name: "digest",
+        type: "bytes32",
+      },
+      { internalType: "bytes", name: "signature", type: "bytes" },
+    ],
+    name: "validateSignature",
+    outputs: [{ internalType: "bytes4", name: "", type: "bytes4" }],
+    stateMutability: "view",
+    type: "function",
+  },
+  {
+    inputs: [
+      {
+        internalType: "uint32",
+        name: "entityId",
+        type: "uint32",
+      },
+      {
+        components: [
+          { internalType: "address", name: "sender", type: "address" },
+          {
+            internalType: "uint256",
+            name: "nonce",
+            type: "uint256",
+          },
+          { internalType: "bytes", name: "initCode", type: "bytes" },
+          {
+            internalType: "bytes",
+            name: "callData",
+            type: "bytes",
+          },
+          {
+            internalType: "bytes32",
+            name: "accountGasLimits",
+            type: "bytes32",
+          },
+          {
+            internalType: "uint256",
+            name: "preVerificationGas",
+            type: "uint256",
+          },
+          { internalType: "bytes32", name: "gasFees", type: "bytes32" },
+          {
+            internalType: "bytes",
+            name: "paymasterAndData",
+            type: "bytes",
+          },
+          { internalType: "bytes", name: "signature", type: "bytes" },
+        ],
+        internalType: "struct PackedUserOperation",
+        name: "userOp",
+        type: "tuple",
+      },
+      { internalType: "bytes32", name: "userOpHash", type: "bytes32" },
+    ],
+    name: "validateUserOp",
+    outputs: [{ internalType: "uint256", name: "", type: "uint256" }],
+    stateMutability: "view",
+    type: "function",
+  },
+];
+
+export default SINGLE_SIGNER_VALIDATION_MODULE_ABI;

src/constants.ts

@@ -19,3 +19,5 @@ export const HTTP_STATUS_CODES = {
   OK: 200,
   PAYMENT_REQUIRED: 402,
 };
+
+export const SINGLE_SIGNER_VALIDATION_MODULE_ADDRESS: Address = "0x00000000000099DE0BF6fA90dEB851E2A2df7d83";

src/contractClients/acpContractClient.ts

@@ -74,6 +74,23 @@ class AcpContractClient extends BaseAcpContractClient {
       this.sessionKeyClient,
       this.publicClient
     );
+
+    const account = this.sessionKeyClient.account;
+    const sessionSignerAddress: Address = await account.getSigner().getAddress();
+
+    if (!await account.isAccountDeployed()) {
+      throw new AcpError(
+        `ACP Contract Client validation failed: agent account ${this.agentWalletAddress} is not deployed on-chain`
+      );
+    }
+
+    await this.validateSessionKeyOnChain(sessionSignerAddress, sessionEntityKeyId);
+
+    console.log("Connected to ACP:", {
+      agentWalletAddress: this.agentWalletAddress,
+      whitelistedWalletAddress: sessionSignerAddress,
+      entityId: sessionEntityKeyId,
+    });
   }
 
   getRandomNonce(bits = 152) {

src/contractClients/acpContractClientV2.ts

@@ -113,6 +113,23 @@ class AcpContractClientV2 extends BaseAcpContractClient {
       this.sessionKeyClient,
       this.publicClient
     );
+
+    const account = this.sessionKeyClient.account;
+    const sessionSignerAddress: Address = await account.getSigner().getAddress();
+
+    if (!await account.isAccountDeployed()) {
+      throw new AcpError(
+        `ACP Contract Client validation failed: agent account ${this.agentWalletAddress} is not deployed on-chain`
+      );
+    }
+
+    await this.validateSessionKeyOnChain(sessionSignerAddress, sessionEntityKeyId);
+
+    console.log("Connected to ACP:", {
+      agentWalletAddress: this.agentWalletAddress,
+      whitelistedWalletAddress: sessionSignerAddress,
+      entityId: sessionEntityKeyId,
+    });
   }
 
   getRandomNonce(bits = 152) {

src/contractClients/baseAcpContractClient.ts

@@ -9,6 +9,7 @@ import {
   keccak256,
   toEventSignature,
   toHex,
+  zeroAddress,
 } from "viem";
 import { AcpContractConfig, baseAcpConfig } from "../configs/acpConfigs";
 import ACP_V2_ABI from "../abis/acpAbiV2";
@@ -25,6 +26,8 @@ import {
   X402PaymentResponse,
 } from "../interfaces";
 import FIAT_TOKEN_V2_ABI from "../abis/fiatTokenV2Abi";
+import SINGLE_SIGNER_VALIDATION_MODULE_ABI from "../abis/singleSignerValidationModuleAbi";
+import { SINGLE_SIGNER_VALIDATION_MODULE_ADDRESS } from "../constants";
 
 export enum MemoType {
   MESSAGE, // 0 - Text message
@@ -89,6 +92,47 @@ abstract class BaseAcpContractClient {
     });
   }
 
+  protected async validateSessionKeyOnChain(
+    sessionSignerAddress: Address,
+    sessionEntityKeyId: number
+  ): Promise<void> {
+    const onChainSignerAddress = ((await this.publicClient.readContract({
+      address: SINGLE_SIGNER_VALIDATION_MODULE_ADDRESS,
+      abi: SINGLE_SIGNER_VALIDATION_MODULE_ABI,
+      functionName: "signers",
+      args: [sessionEntityKeyId, this.agentWalletAddress],
+    })) as Address).toLowerCase();
+
+    if (onChainSignerAddress === zeroAddress.toLowerCase()) {
+      throw new AcpError(
+        `ACP Contract Client validation failed:\n${JSON.stringify(
+          {
+            reason: "no whitelisted wallet registered on-chain for entity id",
+            entityId: sessionEntityKeyId,
+            agentWalletAddress: this.agentWalletAddress,
+          },
+          null,
+          2
+        )}`
+      );
+    }
+
+    if (onChainSignerAddress !== sessionSignerAddress.toLowerCase()) {
+      throw new AcpError(
+        `ACP Contract Client validation failed:\n${JSON.stringify(
+          {
+            agentWalletAddress: this.agentWalletAddress,
+            entityId: sessionEntityKeyId,
+            givenWhitelistedWalletAddress: sessionSignerAddress,
+            expectedWhitelistedWalletAddress: onChainSignerAddress,
+          },
+          null,
+          2
+        )}`
+      );
+    }
+  }
+
   abstract handleOperation(operations: OperationPayload[]): Promise<{ userOpHash: Address , txnHash: Address }>;
 
   abstract getJobId(