Merge pull request #460 from LIT-Protocol/feat/ecdsa-validator-contracts

feat: Add ECDSA validator check when permitting an app version

Author: Spacesai1or

packages/libs/contracts-sdk/Makefile

@@ -1,6 +1,6 @@
 -include .env
 
-.PHONY: help build test test-verbose test-match deploy-vincent deploy-vincent-datil get-abis update-facet
+.PHONY: help build test test-verbose test-match deploy-vincent-datil deploy-vincent-base-sepolia deploy-vincent-base-mainnet update-facet set-trusted-forwarder set-ecdsa-validator get-abis
 
 help: ## Display this help screen
 	@grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
@@ -30,12 +30,18 @@ deploy-vincent-datil: ## Deploy the Vincent Diamond contract to Datil network on
 		echo "Error: VINCENT_DEPLOYER_PRIVATE_KEY is not set in .env"; \
 		exit 1; \
 	fi
+	@if [ -z "$(VINCENT_ECDSA_VALIDATOR_ADDRESS)" ]; then \
+		echo "Error: VINCENT_ECDSA_VALIDATOR_ADDRESS is not set in .env"; \
+		echo "This address is required for smart account owner verification"; \
+		exit 1; \
+	fi
 	@echo "Deploying Vincent Diamond to Datil network ($(VINCENT_DEPLOYMENT_RPC_URL))..."
 	@if [ -n "$(VINCENT_GELATO_FORWARDER_ADDRESS)" ]; then \
 		echo "Using Gelato forwarder: $(VINCENT_GELATO_FORWARDER_ADDRESS)"; \
 	else \
 		echo "Gelato forwarder not set (EIP-2771 disabled)"; \
 	fi
+	@echo "Using ECDSA validator: $(VINCENT_ECDSA_VALIDATOR_ADDRESS)"
 	@forge script script/DeployVincentDiamond.sol:DeployVincentDiamond --sig "deployToDatil()" -vvv \
 		--broadcast \
 		--private-key $(VINCENT_DEPLOYER_PRIVATE_KEY) \
@@ -50,12 +56,18 @@ deploy-vincent-base-sepolia: ## Deploy the Vincent Diamond contract to Base Sepo
 		echo "Error: VINCENT_DEPLOYER_PRIVATE_KEY is not set in .env"; \
 		exit 1; \
 	fi
+	@if [ -z "$(VINCENT_ECDSA_VALIDATOR_ADDRESS)" ]; then \
+		echo "Error: VINCENT_ECDSA_VALIDATOR_ADDRESS is not set in .env"; \
+		echo "This address is required for smart account owner verification"; \
+		exit 1; \
+	fi
 	@echo "Deploying Vincent Diamond to Base Sepolia ($(BASE_SEPOLIA_RPC_URL))..."
 	@if [ -n "$(VINCENT_GELATO_FORWARDER_ADDRESS)" ]; then \
 		echo "Using Gelato forwarder: $(VINCENT_GELATO_FORWARDER_ADDRESS)"; \
 	else \
 		echo "Gelato forwarder not set (EIP-2771 disabled)"; \
 	fi
+	@echo "Using ECDSA validator: $(VINCENT_ECDSA_VALIDATOR_ADDRESS)"
 	@forge script script/DeployVincentDiamond.sol:DeployVincentDiamond --sig "deployToBaseSepolia()" -vvv \
 		--broadcast \
 		--private-key $(VINCENT_DEPLOYER_PRIVATE_KEY) \
@@ -70,12 +82,18 @@ deploy-vincent-base-mainnet: ## Deploy the Vincent Diamond contract to Base Main
 		echo "Error: VINCENT_DEPLOYER_PRIVATE_KEY is not set in .env"; \
 		exit 1; \
 	fi
+	@if [ -z "$(VINCENT_ECDSA_VALIDATOR_ADDRESS)" ]; then \
+		echo "Error: VINCENT_ECDSA_VALIDATOR_ADDRESS is not set in .env"; \
+		echo "This address is required for smart account owner verification"; \
+		exit 1; \
+	fi
 	@echo "Deploying Vincent Diamond to Base Mainnet ($(BASE_MAINNET_RPC_URL))..."
 	@if [ -n "$(VINCENT_GELATO_FORWARDER_ADDRESS)" ]; then \
 		echo "Using Gelato forwarder: $(VINCENT_GELATO_FORWARDER_ADDRESS)"; \
 	else \
 		echo "Gelato forwarder not set (EIP-2771 disabled)"; \
 	fi
+	@echo "Using ECDSA validator: $(VINCENT_ECDSA_VALIDATOR_ADDRESS)"
 	@forge script script/DeployVincentDiamond.sol:DeployVincentDiamond --sig "deployToBaseMainnet()" -vvv \
 		--broadcast \
 		--private-key $(VINCENT_DEPLOYER_PRIVATE_KEY) \
@@ -89,7 +107,7 @@ update-facet: ## Update a specific facet in the Vincent Diamond contract. Usage:
 	@if [ -z "$(FACET_NAME)" ]; then \
 		echo "Error: FACET_NAME parameter is required."; \
 		echo "Usage: make update-facet FACET_NAME=VincentAppViewFacet NETWORK=datil|base-sepolia|base-mainnet"; \
-		echo "Available facets: VincentAppFacet, VincentAppViewFacet, VincentUserFacet, VincentUserViewFacet, VincentERC2771Facet"; \
+		echo "Available facets: VincentAppFacet, VincentAppViewFacet, VincentUserFacet, VincentUserViewFacet, VincentERC2771Facet, VincentZeroDevConfigFacet"; \
 		exit 1; \
 	fi
 	@if [ -z "$(NETWORK)" ]; then \
@@ -151,6 +169,40 @@ set-trusted-forwarder: ## Set the trusted forwarder address for EIP-2771 meta-tr
 		--private-key $(VINCENT_DEPLOYER_PRIVATE_KEY) \
 		--rpc-url $(RPC_URL)
 
+set-ecdsa-validator: ## Set the ECDSA validator address for smart account owner verification. Usage: make set-ecdsa-validator VALIDATOR_ADDRESS=0x... NETWORK=datil|base-sepolia|base-mainnet
+	@if [ -z "$(VINCENT_DEPLOYER_PRIVATE_KEY)" ]; then \
+		echo "Error: VINCENT_DEPLOYER_PRIVATE_KEY is not set in .env"; \
+		exit 1; \
+	fi
+	@if [ -z "$(VALIDATOR_ADDRESS)" ]; then \
+		echo "Error: VALIDATOR_ADDRESS parameter is required."; \
+		echo "Usage: make set-ecdsa-validator VALIDATOR_ADDRESS=0x... NETWORK=datil|base-sepolia|base-mainnet"; \
+		exit 1; \
+	fi
+	@if [ -z "$(NETWORK)" ]; then \
+		echo "Error: NETWORK parameter is required."; \
+		echo "Usage: make set-ecdsa-validator VALIDATOR_ADDRESS=0x... NETWORK=datil|base-sepolia|base-mainnet"; \
+		exit 1; \
+	fi
+	@if [ "$(NETWORK)" != "datil" ] && [ "$(NETWORK)" != "base-sepolia" ] && [ "$(NETWORK)" != "base-mainnet" ]; then \
+		echo "Error: NETWORK must be one of: datil, base-sepolia, base-mainnet"; \
+		exit 1; \
+	fi
+	@if [ -z "$(RPC_URL)" ]; then \
+		echo "Error: RPC_URL is not set in .env"; \
+		exit 1; \
+	fi
+	@if [ -z "$(VINCENT_DIAMOND_ADDRESS)" ]; then \
+		echo "Error: VINCENT_DIAMOND_ADDRESS is not set in .env"; \
+		exit 1; \
+	fi
+	@echo "Setting ECDSA validator to $(VALIDATOR_ADDRESS) on $(NETWORK)..."
+	@echo "Using diamond address: $(VINCENT_DIAMOND_ADDRESS)"
+	@ECDSA_VALIDATOR_ADDRESS=$(VALIDATOR_ADDRESS) VINCENT_DIAMOND_ADDRESS=$(VINCENT_DIAMOND_ADDRESS) forge script script/SetEcdsaValidatorAddress.sol:SetEcdsaValidatorAddress -vvv \
+		--broadcast \
+		--private-key $(VINCENT_DEPLOYER_PRIVATE_KEY) \
+		--rpc-url $(RPC_URL)
+
 get-abis: ## Get human-readable ABIs for all facets
 	@mkdir -p abis
 	# @echo "Getting ABI for DiamondCutFacet..."
@@ -169,6 +221,8 @@ get-abis: ## Get human-readable ABIs for all facets
 	@forge inspect VincentUserViewFacet abi --json > abis/VincentUserViewFacet.abi.json
 	@echo "Getting ABI for VincentERC2771Facet..."
 	@forge inspect VincentERC2771Facet abi --json > abis/VincentERC2771Facet.abi.json
+	@echo "Getting ABI for VincentZeroDevConfigFacet..."
+	@forge inspect VincentZeroDevConfigFacet abi --json > abis/VincentZeroDevConfigFacet.abi.json
 
 	@echo "Merging facet ABIs into abis/FeeDiamond.abi.json..."
 	@jq -s '[.[].abi] | add | unique_by(.type, .name, ((.inputs // []) | map(.type) | join(",")))' \

packages/libs/contracts-sdk/abis/VincentUserFacet.abi.json

@@ -363,11 +363,6 @@
       }
     ]
   },
-  {
-    "type": "error",
-    "name": "AgentNotRegisteredToUser",
-    "inputs": []
-  },
   {
     "type": "error",
     "name": "AgentRegisteredToDifferentUser",
@@ -611,6 +606,27 @@
       }
     ]
   },
+  {
+    "type": "error",
+    "name": "NotAgentOwner",
+    "inputs": [
+      {
+        "name": "caller",
+        "type": "address",
+        "internalType": "address"
+      },
+      {
+        "name": "agent",
+        "type": "address",
+        "internalType": "address"
+      },
+      {
+        "name": "owner",
+        "type": "address",
+        "internalType": "address"
+      }
+    ]
+  },
   {
     "type": "error",
     "name": "NotAllRegisteredAbilitiesProvided",

packages/libs/contracts-sdk/abis/VincentZeroDevConfigFacet.abi.json

@@ -0,0 +1,52 @@
+[
+  {
+    "type": "function",
+    "name": "getEcdsaValidatorAddress",
+    "inputs": [],
+    "outputs": [
+      {
+        "name": "",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "stateMutability": "view"
+  },
+  {
+    "type": "function",
+    "name": "setEcdsaValidatorAddress",
+    "inputs": [
+      {
+        "name": "_ecdsaValidatorAddress",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "outputs": [],
+    "stateMutability": "nonpayable"
+  },
+  {
+    "type": "event",
+    "name": "EcdsaValidatorAddressSet",
+    "inputs": [
+      {
+        "name": "previousAddress",
+        "type": "address",
+        "indexed": true,
+        "internalType": "address"
+      },
+      {
+        "name": "newAddress",
+        "type": "address",
+        "indexed": true,
+        "internalType": "address"
+      }
+    ],
+    "anonymous": false
+  },
+  {
+    "type": "error",
+    "name": "ZeroAddressNotAllowed",
+    "inputs": []
+  }
+]

packages/libs/contracts-sdk/contracts/LibVincentDiamondStorage.sol

@@ -112,3 +112,18 @@ library VincentUserStorage {
         }
     }
 }
+
+library VincentZeroDevStorage {
+    bytes32 internal constant ZERODEV_STORAGE_SLOT = keccak256("lit.vincent.zerodev.storage");
+
+    struct ZeroDevStorage {
+        address ecdsaValidatorAddress;
+    }
+
+    function zeroDevStorage() internal pure returns (ZeroDevStorage storage zs) {
+        bytes32 slot = ZERODEV_STORAGE_SLOT;
+        assembly {
+            zs.slot := slot
+        }
+    }
+}

packages/libs/contracts-sdk/contracts/VincentDiamond.sol

@@ -17,6 +17,7 @@ import "./facets/VincentAppViewFacet.sol";
 import "./facets/VincentUserFacet.sol";
 import "./facets/VincentUserViewFacet.sol";
 import "./facets/VincentERC2771Facet.sol";
+import "./facets/VincentZeroDevConfigFacet.sol";
 import "./libs/LibERC2771.sol";
 
 /**
@@ -55,6 +56,8 @@ contract VincentDiamond {
         address vincentUserViewFacet;
         // The facet implementing EIP-2771 meta-transaction support
         address vincentERC2771Facet;
+        // The facet implementing ZeroDev configuration
+        address vincentZeroDevConfigFacet;
     }
 
     /**
@@ -64,12 +67,14 @@ contract VincentDiamond {
      * @param _diamondCutFacet Address of the facet implementing diamond cut functionality
      * @param _facets Struct containing addresses of all other facets
      * @param _trustedForwarder Address of the Gelato trusted forwarder for EIP-2771 gasless transactions (address(0) to disable EIP-2771)
+     * @param _ecdsaValidatorAddress Address of the ZeroDev ECDSA validator contract for smart account owner verification
      */
     constructor(
         address _contractOwner,
         address _diamondCutFacet,
         FacetAddresses memory _facets,
-        address _trustedForwarder
+        address _trustedForwarder,
+        address _ecdsaValidatorAddress
     ) payable {
         // Validate inputs
         if (_diamondCutFacet == address(0)) revert InvalidFacetAddress();
@@ -79,11 +84,14 @@ contract VincentDiamond {
             _facets.diamondLoupeFacet == address(0) || _facets.ownershipFacet == address(0)
                 || _facets.vincentAppFacet == address(0) || _facets.vincentAppViewFacet == address(0)
                 || _facets.vincentUserFacet == address(0) || _facets.vincentUserViewFacet == address(0)
-                || _facets.vincentERC2771Facet == address(0)
+                || _facets.vincentERC2771Facet == address(0) || _facets.vincentZeroDevConfigFacet == address(0)
         ) {
             revert InvalidFacetAddress();
         }
 
+        // Validate ECDSA validator address
+        if (_ecdsaValidatorAddress == address(0)) revert InvalidFacetAddress();
+
         // Set the contract owner
         LibDiamond.setContractOwner(_contractOwner);
 
@@ -106,7 +114,7 @@ contract VincentDiamond {
         LibDiamond.diamondCut(diamondCut, address(0), "");
 
         // Now add all other facets
-        IDiamondCut.FacetCut[] memory cuts = new IDiamondCut.FacetCut[](7);
+        IDiamondCut.FacetCut[] memory cuts = new IDiamondCut.FacetCut[](8);
 
         // Add DiamondLoupeFacet
         cuts[0] = IDiamondCut.FacetCut({
@@ -157,12 +165,22 @@ contract VincentDiamond {
             functionSelectors: getVincentERC2771FacetSelectors()
         });
 
+        // Add VincentZeroDevConfigFacet
+        cuts[7] = IDiamondCut.FacetCut({
+            facetAddress: _facets.vincentZeroDevConfigFacet,
+            action: IDiamondCut.FacetCutAction.Add,
+            functionSelectors: getVincentZeroDevConfigFacetSelectors()
+        });
+
         LibDiamond.diamondCut(cuts, address(0), "");
 
         // Set the trusted forwarder for EIP-2771 meta-transactions
         // Setting to address(0) disables EIP-2771 support
         VincentERC2771Storage.erc2771Storage().trustedForwarder = _trustedForwarder;
         emit LibERC2771.TrustedForwarderSet(_trustedForwarder);
+
+        // Set the ECDSA validator address for smart account owner verification
+        VincentZeroDevStorage.zeroDevStorage().ecdsaValidatorAddress = _ecdsaValidatorAddress;
     }
 
     /**
@@ -241,6 +259,13 @@ contract VincentDiamond {
         return selectors;
     }
 
+    function getVincentZeroDevConfigFacetSelectors() internal pure returns (bytes4[] memory) {
+        bytes4[] memory selectors = new bytes4[](2);
+        selectors[0] = VincentZeroDevConfigFacet.setEcdsaValidatorAddress.selector;
+        selectors[1] = VincentZeroDevConfigFacet.getEcdsaValidatorAddress.selector;
+        return selectors;
+    }
+
     /**
      * @notice Fallback function that forwards calls to the appropriate facet
      * @dev Implements diamond proxy pattern by delegating calls to the correct implementation contract