🐛 (signer-eth): Fix duplicate proxy info send in EIP-712 flow

Skip the clearSignContext proxy when it was already provided via
additionalContexts (which uses a fresh challenge). When no proxy
exists in additionalContexts, the clearSignContext proxy is still
sent as before.

Made-with: Cursor

Author: aussedatlo

.changeset/long-flies-try.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/device-signer-kit-ethereum": patch
+---
+
+Fix duplicate PROXY_INFO send in EIP-712 typed data signing that caused a challenge mismatch error on the device

packages/signer/signer-eth/src/internal/app-binder/task/ProvideEIP712ContextTask.test.ts

@@ -1088,7 +1088,7 @@ describe("ProvideEIP712ContextTask", () => {
     );
   });
 
-  it("Provide proxy", async () => {
+  it("Provide proxy from clearSignContext when not in additionalContexts", async () => {
     // GIVEN
     const proxy: ClearSignContextSuccess<ClearSignContextType.PROXY_INFO> = {
       type: ClearSignContextType.PROXY_INFO,
@@ -1131,6 +1131,61 @@ describe("ProvideEIP712ContextTask", () => {
     );
   });
 
+  it("Skip duplicate proxy from clearSignContext when already in additionalContexts", async () => {
+    // GIVEN
+    const proxy: ClearSignContextSuccess<ClearSignContextType.PROXY_INFO> = {
+      type: ClearSignContextType.PROXY_INFO,
+      payload: "0x010203",
+    };
+    const additionalProxy: ClearSignContextSuccess<ClearSignContextType.PROXY_INFO> =
+      {
+        type: ClearSignContextType.PROXY_INFO,
+        payload: "0xaabbcc",
+      };
+    const clearSignContext: TypedDataClearSignContextSuccess = {
+      ...TEST_CLEAR_SIGN_CONTEXT,
+      proxy,
+    };
+    const args: ProvideEIP712ContextTaskArgs = {
+      deviceModelId: DeviceModelId.STAX,
+      derivationPath: "44'/60'/0'/0/0",
+      types: TEST_TYPES,
+      domain: TEST_DOMAIN_VALUES,
+      message: TEST_MESSAGE_VALUES,
+      clearSignContext: Just(clearSignContext),
+      calldatasPreContexts: {},
+      calldatasPostContexts: {},
+      additionalContexts: [additionalProxy],
+      loggerFactory: mockLoggerFactory,
+    };
+
+    // WHEN
+    apiMock.sendCommand.mockResolvedValue(
+      CommandResultFactory({ data: { tokenIndex: 4 } }),
+    );
+    await new ProvideEIP712ContextTask(
+      apiMock,
+      contextModuleMock,
+      args,
+      provideContextFactoryMock,
+    ).run();
+
+    // THEN — the clearSignContext proxy (0x010203) should NOT be sent
+    expect(apiMock.sendCommand).not.toHaveBeenCalledWith(
+      new ProvideProxyInfoCommand({
+        data: hexaStringToBuffer("0x0003010203")!,
+        isFirstChunk: true,
+      }),
+    );
+    // — the additionalContexts proxy (0xaabbcc) should have been sent
+    expect(apiMock.sendCommand).toHaveBeenCalledWith(
+      new ProvideProxyInfoCommand({
+        data: hexaStringToBuffer("0x0003aabbcc")!,
+        isFirstChunk: true,
+      }),
+    );
+  });
+
   it("Send certificate from clearSignContext", async () => {
     // GIVEN
     const certificatePayload = new Uint8Array([0x01, 0x02, 0x03, 0x04, 0x05]);

packages/signer/signer-eth/src/internal/app-binder/task/ProvideEIP712ContextTask.ts

@@ -137,11 +137,15 @@ export class ProvideEIP712ContextTask {
       await this.provideContext(context);
     }
 
-    // Send proxy descriptor first if required
+    // Send proxy descriptor from clear sign context only if not already
+    // provided via additionalContexts (which uses a fresh challenge).
+    const alreadyProvidedProxy = this.args.additionalContexts.some(
+      (c) => c.type === ClearSignContextType.PROXY_INFO,
+    );
     const proxyContext:
       | ClearSignContextSuccess<ClearSignContextType.PROXY_INFO>
       | undefined = this.args.clearSignContext.extract()?.proxy;
-    if (proxyContext !== undefined) {
+    if (proxyContext !== undefined && !alreadyProvidedProxy) {
       await this.provideContext(proxyContext);
     }