Skip to content

fix: overwrite signMessage to be compatible with rpc paymaster #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bluecco wants to merge 1 commit into
base: feat/rpc-paymaster
Choose a base branch
from
Open

fix: overwrite signMessage to be compatible with rpc paymaster #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 34 additions & 3 deletions src/SessionAccount.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,25 @@ import {
CallData,
InvocationsSignerDetails,
RPC,
Signature,
TypedData,
V2InvocationsSignerDetails,
V3InvocationsSignerDetails,
constants,
hash,
shortString,
stark,
transaction,
} from "starknet"
import { argentSignTxAndSession } from "./argentBackendUtils"
import { ARGENT_SESSION_SERVICE_BASE_URL } from "./constants"
import { OffChainSession, Session, SessionKey } from "./session.types"
import {
GetAccountWithSessionSignerParams,
GetSessionSignatureForTransactionParams,
} from "./SessionAccount.types"
import { SessionSigner } from "./SessionSigner"
import { argentSignTxAndSession } from "./argentBackendUtils"
import { ARGENT_SESSION_SERVICE_BASE_URL } from "./constants"
import { signOutsideExecution } from "./outsideExecution"
import { OffChainSession, Session, SessionKey } from "./session.types"
import {
compileSessionHelper,
compileSessionTokenHelper,
Expand Down Expand Up @@ -74,6 +78,9 @@ export class SessionAccount {
cacheAuthorisation,
)
},
(typedData: TypedData) => {
return this.signMessage(typedData)
},
)

return new Account(
Expand All @@ -86,6 +93,30 @@ export class SessionAccount {
)
}

private async signMessage(
outsideExecutionTypedData: TypedData,
): Promise<Signature> {
const calls = (outsideExecutionTypedData.message as any).Calls.map(
Copy link

@sgc-code sgc-code Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it might be nice to fail with with a more explicit message if we are not signing an EFO

(call: any) => ({
contractAddress: call.To,
entrypoint: call.Selector,
Copy link

@sgc-code sgc-code Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

selectors and entrypoints are not the same, selector being the enrypoint hash. this can lead to mistakes

Copy link
Contributor Author

@bluecco bluecco Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the issue is that, on signMessage, we only have the selector
I couldn't find a better way to get the original calls (if you have any ideas, would be great)

Copy link

@sgc-code sgc-code Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually, i think the terminology is different on snip9, and the Selector field is supposed to hold the entrypoint name. Are you sure we are getting a hash in "call.Selector"?
If we are, maybe the request is not coming in correctly, as the typedata should include the entrypoint name to be it can be shown to users

Copy link
Contributor Author

@bluecco bluecco Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pretty sure, will check again

Copy link

@sgc-code sgc-code Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this data coming from the paymaster? if so it can be a bug there

Copy link
Contributor Author

@bluecco bluecco Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sgc-code yes, it's coming from paymaster
this is the response

{
    "jsonrpc": "2.0",
    "id": 1,
    "result": {
        "type": "invoke",
        "typed_data": {
            "types": {
                "StarknetDomain": [
                    {
                        "name": "name",
                        "type": "shortstring"
                    },
                    {
                        "name": "version",
                        "type": "shortstring"
                    },
                    {
                        "name": "chainId",
                        "type": "shortstring"
                    },
                    {
                        "name": "revision",
                        "type": "shortstring"
                    }
                ],
                "OutsideExecution": [
                    {
                        "name": "Caller",
                        "type": "ContractAddress"
                    },
                    {
                        "name": "Nonce",
                        "type": "felt"
                    },
                    {
                        "name": "Execute After",
                        "type": "u128"
                    },
                    {
                        "name": "Execute Before",
                        "type": "u128"
                    },
                    {
                        "name": "Calls",
                        "type": "Call*"
                    }
                ],
                "Call": [
                    {
                        "name": "To",
                        "type": "ContractAddress"
                    },
                    {
                        "name": "Selector",
                        "type": "selector"
                    },
                    {
                        "name": "Calldata",
                        "type": "felt*"
                    }
                ]
            },
            "domain": {
                "name": "Account.execute_from_outside",
                "version": "2",
                "chainId": "SN_SEPOLIA",
                "revision": "1"
            },
            "primaryType": "OutsideExecution",
            "message": {
                "Caller": "0x75a180e18e56da1b1cae181c92a288f586f5fe22c18df21cf97886f1e4b316c",
                "Nonce": "0xa8bfbe2cce7aeea5824e7add4e9180aa",
                "Execute After": "0x1",
                "Execute Before": "0x6899d807",
                "Calls": [
                    {
                        "To": "0x88d3cc4377a6cdfd27545a11548bd070c4e2e1e3df3d402922dbc4350b416",
                        "Selector": "0x2c8004df9c9db8f4ed7801fe6835d799212ba582b2d523aaef9315b9b325365",
                        "Calldata": [
                            "0x1"
                        ]
                    }
                ]
            }
        },
        "parameters": {
            "version": "0x1",
            "fee_mode": {
                "mode": "sponsored"
            },
            "time_bounds": null
        },
        "fee": {
            "gas_token_price_in_strk": "0xde0b6b3a7640000",
            "estimated_fee_in_strk": "0x8462d41c09b00",
            "estimated_fee_in_gas_token": "0x8462d41c09b00",
            "suggested_max_fee_in_strk": "0x31a50f8a83a200",
            "suggested_max_fee_in_gas_token": "0x31a50f8a83a200"
        }
    }
}

Copy link

@sgc-code sgc-code Aug 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this avnu's paymaster? this is wrong according to SNIP12, the selector must be the entrypoint name https://github.com/starknet-io/SNIPs/blob/main/SNIPS/snip-12.md#when-x-is-a-selector
(the name could be misleading, sure), otherwise this defeats the point of snip12 which is to allow users to understand what they are signing, is this in prod?

Copy link
Contributor Author

@bluecco bluecco Aug 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep it's avnu paymaster https://sepolia.paymaster.avnu.fi/

I've only used the prod sepolia endpoint, but I think it's the same for mainnet

payload:

{
  "id": 1,
  "jsonrpc": "2.0",
  "method": "paymaster_buildTransaction",
  "params": {
    "transaction": {
      "type": "invoke",
      "invoke": {
        "user_address": "0x05c6edda08c13885c55aca6502bbab24eed18ba0b51c4ce39c9809851ea3aacc",
        "calls": [
          {
            "to": "0x88d3cc4377a6cdfd27545a11548bd070c4e2e1e3df3d402922dbc4350b416",
            "selector": "0x2c8004df9c9db8f4ed7801fe6835d799212ba582b2d523aaef9315b9b325365",
            "calldata": [
              "0x1"
            ]
          }
        ]
      }
    },
    "parameters": {
      "version": "0x1",
      "fee_mode": {
        "mode": "sponsored"
      }
    }
  }
}

Copy link
Contributor Author

@bluecco bluecco Aug 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

on dapp side, this is the code interacting with it (using our session account too)

 const calls = [
        {
          contractAddress: CONTRACT_ADDRESS,
          entrypoint: "set_number",
          calldata: CallData.compile(["0x1"]),
        },
      ]

// inside executePaymasterTransaction it call the `paymaster_buildTransaction` that builds the typed data too
      const { transaction_hash } =
        await sessionAccount.executePaymasterTransaction(calls, {
          feeMode: { mode: "sponsored" },
        })

calldata: call.Calldata,
}),
Comment on lines +100 to +104
Copy link

@sgc-code sgc-code Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this only works with snip12 version2, maybe fine maybe unintended

)

return signOutsideExecution({
session: this.session,
sessionKey: this.sessionKey,
outsideExecutionTypedData,
argentSessionServiceUrl: this.argentSessionServiceUrl,
calls,
network:
this.session.chainId === constants.StarknetChainId.SN_SEPOLIA
? "sepolia"
: "mainnet",
})
}

private async signTransaction(
sessionAuthorizationSignature: ArraySignatureType,
session: Session,
Expand Down
11 changes: 11 additions & 0 deletions src/SessionSigner.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,18 @@ import {
Call,
InvocationsSignerDetails,
Signer,
type Signature,
type TypedData,
} from "starknet"
export { sign } from "@scure/starknet"

class SessionSigner extends Signer {
constructor(
private signTransactionCallback: (
calls: Call[],
invocationSignerDetails: InvocationsSignerDetails,
) => Promise<ArraySignatureType>,
private signMessageCallback: (typedData: TypedData) => Promise<Signature>,
) {
super()
}
Expand All @@ -19,6 +23,13 @@ class SessionSigner extends Signer {
throw new Error("Method not implemented.")
}

public async signMessage(
typedData: TypedData,
_: string,
): Promise<Signature> {
return this.signMessageCallback(typedData)
}

public async signTransaction(
calls: Call[],
invocationSignerDetails: InvocationsSignerDetails,
Expand Down
8 changes: 6 additions & 2 deletions src/sessionUtils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,14 @@ export const getSessionProofs = (
return calls.map((call) => {
const allowedIndex = sessionRequest.allowed_methods.findIndex(
(allowedMethod) => {
const checkEntrypoint = /^0x[0-9a-fA-F]+$/.test(call.entrypoint)
? selector.getSelectorFromName(allowedMethod.selector) ==
Copy link

@sgc-code sgc-code Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will hash the hash again, it shouldn't be needed

call.entrypoint
: allowedMethod.selector == call.entrypoint

return (
num.hexToDecimalString(allowedMethod["Contract Address"]) ===
num.hexToDecimalString(call.contractAddress) &&
allowedMethod.selector == call.entrypoint
num.hexToDecimalString(call.contractAddress) && checkEntrypoint
)
},
)
Expand Down
4 changes: 2 additions & 2 deletions vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ export default defineConfig({
}),
],

esbuild: {
/* esbuild: {
pure: process.env.NODE_ENV === "production" ? ["console.log"] : [],
},
}, */
})