matter-labs
diff --git a/‎l2-to-l1-relayer/FINALIZE_README.md‎
Lines changed: 11 additions & 4 deletions b/‎l2-to-l1-relayer/FINALIZE_README.md‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎l2-to-l1-relayer/README.md‎
Lines changed: 12 additions & 6 deletions b/‎l2-to-l1-relayer/README.md‎
Lines changed: 12 additions & 6 deletions
diff --git a/‎packages/bundler/README.md‎
Lines changed: 2 additions & 2 deletions b/‎packages/bundler/README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎passkey-wallet-app/DEPLOYMENT_SCRIPT.md‎
Lines changed: 16 additions & 11 deletions b/‎passkey-wallet-app/DEPLOYMENT_SCRIPT.md‎
Lines changed: 16 additions & 11 deletions
diff --git a/‎passkey-wallet-app/FIXES_APPLIED.md‎
Lines changed: 49 additions & 39 deletions b/‎passkey-wallet-app/FIXES_APPLIED.md‎
Lines changed: 49 additions & 39 deletions
@@ -4,7 +4,8 @@
 
 Your transaction has been successfully verified and is ready for L1 execution!
 
-**L2 Transaction**: `0xb20b44bf8761c6592d3e367b0633ccbf038c123d7e40b9b623095abeb2273de4`
+**L2 Transaction**:
+`0xb20b44bf8761c6592d3e367b0633ccbf038c123d7e40b9b623095abeb2273de4`
 
 **Status**:
 
@@ -22,6 +23,7 @@ The executor address needs Sepolia ETH to pay for gas:
 ### Get Sepolia ETH
 
 1. **Alchemy Faucet** (Recommended):
+
    - Visit: <https://www.alchemy.com/faucets/ethereum-sepolia>
    - Enter address: `0x18ac402d33706c303cD559FA6B2F2f14Fae75307`
    - Receive ~0.1 ETH
@@ -79,15 +81,19 @@ You should see:
 
 When the transaction executes:
 
-1. **Shadow Account Deployment**: Your shadow account on L1 gets deployed (if first time)
+1. **Shadow Account Deployment**: Your shadow account on L1 gets deployed (if
+   first time)
+
    - Address: Deterministic based on your L2 account
 
 2. **Bundle Execution**: Shadow account executes the Aave deposit:
+
    - Calls Aave WETH Gateway
    - Deposits 0.01 ETH into Aave Pool
    - Receives aWETH tokens
 
-3. **Check Aave Balance**: After execution, check your aave balance in the wallet app
+3. **Check Aave Balance**: After execution, check your aave balance in the
+   wallet app
 
 ## 🔍 Monitoring
 
@@ -121,7 +127,8 @@ https://sepolia.etherscan.io/tx/0x...
 
 ### Error: "Could not get L2-to-L1 proof"
 
-**Cause**: Transaction not finalized yet (needs ~15 minutes from L2 transaction time)
+**Cause**: Transaction not finalized yet (needs ~15 minutes from L2 transaction
+time)
 
 **Solution**: Wait and try again later
 
 
@@ -1,14 +1,17 @@
 # L2-to-L1 Relayer Service
 
-Automated relayer service that monitors L2 `sendBundleToL1` transactions and executes them on L1 Sepolia after finalization.
+Automated relayer service that monitors L2 `sendBundleToL1` transactions and
+executes them on L1 Sepolia after finalization.
 
 ## Overview
 
 When users deposit/withdraw via Aave on the passkey wallet app:
 
-1. **L2 Transaction**: User signs transaction calling `L2InteropCenter.sendBundleToL1()`
+1. **L2 Transaction**: User signs transaction calling
+   `L2InteropCenter.sendBundleToL1()`
 2. **~15 min wait**: L2-to-L1 message gets proven/finalized on L1
-3. **L1 Execution**: This relayer automatically calls `L1InteropHandler.receiveInteropFromL2()` to execute the bundle
+3. **L1 Execution**: This relayer automatically calls
+   `L1InteropHandler.receiveInteropFromL2()` to execute the bundle
 
 ## Architecture
 
@@ -56,13 +59,15 @@ npm install
 
 The `.env` file is already configured with:
 
-- Executor private key: `0x1cfcab2cf5ad255cb3387f7fdca2651a61377b334a2a3daa4af86eb476369105`
+- Executor private key:
+  `0x1cfcab2cf5ad255cb3387f7fdca2651a61377b334a2a3daa4af86eb476369105`
 - L2 RPC: ZKSync OS Testnet
 - L1 RPC: Sepolia
 - L2InteropCenter: `0xc64315efbdcD90B71B0687E37ea741DE0E6cEFac`
 - L1InteropHandler: `0xB0dD4151fdcCaAC990F473533C15BcF8CE10b1de`
 
-**Important**: Make sure the executor address has ETH on **L1 Sepolia** to pay gas fees!
+**Important**: Make sure the executor address has ETH on **L1 Sepolia** to pay
+gas fees!
 
 ### 3. Fund the Executor
 
@@ -194,7 +199,8 @@ The relayer automatically retries after 5 minutes.
 
 For production, consider:
 
-1. **Persistent Storage**: Store pending messages in a database (Redis, PostgreSQL)
+1. **Persistent Storage**: Store pending messages in a database (Redis,
+   PostgreSQL)
 2. **Multiple Relayers**: Run multiple instances for redundancy
 3. **Better RPC**: Use paid RPC providers (Alchemy, Infura) for reliability
 4. **Monitoring**: Add Prometheus metrics and alerting
 
@@ -109,8 +109,8 @@ Send ERC-4337 user operations to: `http://localhost:4337`
 
 Send standard JSON-RPC calls (e.g. `eth_getBalance`) to: `http://localhost:4339`
 
-Both proxies automatically forward requests and add permissive CORS headers
-for browser compatibility.
+Both proxies automatically forward requests and add permissive CORS headers for
+browser compatibility.
 
 ## Development
 
 
@@ -2,12 +2,13 @@
 
 ## Overview
 
-This script allows you to deploy a smart account using an EOA (Externally Owned Account) with Sepolia ETH,
-instead of relying on the bundler to deploy it.
+This script allows you to deploy a smart account using an EOA (Externally Owned
+Account) with Sepolia ETH, instead of relying on the bundler to deploy it.
 
 ## Why Use This?
 
-The bundler's counterfactual deployment can fail with `AA13 initCode failed or OOG` errors. Using this script, you can:
+The bundler's counterfactual deployment can fail with
+`AA13 initCode failed or OOG` errors. Using this script, you can:
 
 - Deploy the account from an EOA that you control
 - Verify the deployment succeeded
@@ -27,7 +28,8 @@ Edit `.env` and add your private key:
 DEPLOYER_PRIVATE_KEY=0x... # Your EOA private key (must have Sepolia ETH)
 ```
 
-**⚠️ Security Warning**: Never commit `.env` to git! It's already in `.gitignore`.
+**⚠️ Security Warning**: Never commit `.env` to git! It's already in
+`.gitignore`.
 
 ### 2. Get Your Passkey Data
 
@@ -130,21 +132,24 @@ Once deployed, you can:
 ## Important Notes
 
 1. **Origin Must Match**: The script uses `http://localhost:3000` as the origin.
-  If you're using a different origin in the app, update line 90 in `deploy-account.js`.
+   If you're using a different origin in the app, update line 90 in
+   `deploy-account.js`.
 
 2. **One-Time Operation**: You only need to deploy the account once. After that,
-  it exists on-chain forever (for that specific passkey).
+   it exists on-chain forever (for that specific passkey).
 
 3. **Gas Costs**: Deployment costs approximately 0.005-0.01 ETH on Sepolia.
 
-4. **Same Passkey = Same Account**: The account address is deterministic based on your credential ID.
-  Same passkey always generates the same account address.
+4. **Same Passkey = Same Account**: The account address is deterministic based
+   on your credential ID. Same passkey always generates the same account
+   address.
 
 ## Alternative: Deploy from App (Advanced)
 
-If you want to avoid using this script, you can also deploy programmatically by funding the account address BEFORE deployment,
-  then the first transaction will deploy it automatically.
-  However, this is more complex and requires careful gas estimation.
+If you want to avoid using this script, you can also deploy programmatically by
+funding the account address BEFORE deployment, then the first transaction will
+deploy it automatically. However, this is more complex and requires careful gas
+estimation.
 
 ## Security Best Practices
 
 
@@ -11,29 +11,34 @@ startAuthentication() was not called correctly
 TypeError: base64URLString.replace is not a function
 ```
 
-**Root Cause:**
-The `startAuthentication` function from `@simplewebauthn/browser` expects base64url **strings**, but we were passing arrays/bytes.
+**Root Cause:** The `startAuthentication` function from
+`@simplewebauthn/browser` expects base64url **strings**, but we were passing
+arrays/bytes.
 
 **Fix Applied:**
 
 ```javascript
 // Before (WRONG):
 const authOptions = {
-  challenge: Array.from(challenge),  // ❌ Array
-  allowCredentials: [{
-    id: base64UrlToBytes(passkeyData.credentialId),  // ❌ Bytes
-    type: 'public-key',
-  }],
+  challenge: Array.from(challenge), // ❌ Array
+  allowCredentials: [
+    {
+      id: base64UrlToBytes(passkeyData.credentialId), // ❌ Bytes
+      type: "public-key",
+    },
+  ],
 };
 
 // After (CORRECT):
-const challengeBase64 = bytesToBase64Url(challenge);  // Convert to base64url string
+const challengeBase64 = bytesToBase64Url(challenge); // Convert to base64url string
 const authOptions = {
-  challenge: challengeBase64,  // ✅ String
-  allowCredentials: [{
-    id: passkeyData.credentialId,  // ✅ String (already base64url)
-    type: 'public-key',
-  }],
+  challenge: challengeBase64, // ✅ String
+  allowCredentials: [
+    {
+      id: passkeyData.credentialId, // ✅ String (already base64url)
+      type: "public-key",
+    },
+  ],
 };
 ```
 
@@ -50,24 +55,23 @@ AbiFunctionNotFoundError: Function not found on ABI.
 Make sure you are using the correct ABI and that the function exists on it.
 ```
 
-**Root Cause:**
-Using `encodeFunctionData` with `parseAbiParameters` is incorrect.
-`encodeFunctionData` expects a full function ABI with a function name,
-while `parseAbiParameters` only provides parameter types.
+**Root Cause:** Using `encodeFunctionData` with `parseAbiParameters` is
+incorrect. `encodeFunctionData` expects a full function ABI with a function
+name, while `parseAbiParameters` only provides parameter types.
 
 **Fix Applied:**
 
 ```javascript
 // Before (WRONG):
 return encodeFunctionData({
-  abi: parseAbiParameters('bytes, string, uint256, uint256, bytes'),
+  abi: parseAbiParameters("bytes, string, uint256, uint256, bytes"),
   values: [authenticatorData, clientDataJSON, r, s, credentialId],
 });
 
 // After (CORRECT):
 return encodeAbiParameters(
-  parseAbiParameters('bytes, string, uint256, uint256, bytes'),
-  [authenticatorData, clientDataJSON, r, s, credentialId]
+  parseAbiParameters("bytes, string, uint256, uint256, bytes"),
+  [authenticatorData, clientDataJSON, r, s, credentialId],
 );
 ```
 
@@ -87,7 +91,8 @@ Changes made:
 
 1. Convert challenge to base64url string before passing to `startAuthentication`
 2. Use original base64url credential ID string (not bytes)
-3. Replace `encodeFunctionData` with `encodeAbiParameters` for signature encoding
+3. Replace `encodeFunctionData` with `encodeAbiParameters` for signature
+   encoding
 
 ```javascript
 async function signWithPasskey(hash) {
@@ -97,12 +102,14 @@ async function signWithPasskey(hash) {
   const challengeBase64 = bytesToBase64Url(challenge);
 
   const authOptions = {
-    challenge: challengeBase64,  // ✅ String format
-    allowCredentials: [{
-      id: passkeyData.credentialId,  // ✅ String format
-      type: 'public-key',
-    }],
-    userVerification: 'preferred',
+    challenge: challengeBase64, // ✅ String format
+    allowCredentials: [
+      {
+        id: passkeyData.credentialId, // ✅ String format
+        type: "public-key",
+      },
+    ],
+    userVerification: "preferred",
     timeout: 60000,
   };
 
@@ -112,8 +119,8 @@ async function signWithPasskey(hash) {
 
   // ✅ FIX 2: Use encodeAbiParameters instead of encodeFunctionData
   return encodeAbiParameters(
-    parseAbiParameters('bytes, string, uint256, uint256, bytes'),
-    [authenticatorDataHex, clientDataJSONString, r, s, credentialIdHex]
+    parseAbiParameters("bytes, string, uint256, uint256, bytes"),
+    [authenticatorDataHex, clientDataJSONString, r, s, credentialIdHex],
   );
 }
 ```
@@ -160,11 +167,13 @@ return keccak256(packed);
 ### When to Use Each Encoding Function
 
 1. **`encodeFunctionData`**
+
    - Use for: Encoding function calls with function name
    - Requires: Full function ABI with `name`, `inputs`, `outputs`
    - Example: `execute(address to, uint256 value, bytes data)`
 
 2. **`encodeAbiParameters`**
+
    - Use for: Encoding raw parameters without function name
    - Requires: Only parameter types via `parseAbiParameters`
    - Example: Encoding struct data, signature data, or raw parameters
@@ -241,14 +250,15 @@ Do not convert these to arrays or bytes - keep them as base64url strings!
 
 ### Why These Errors Occurred
 
-1. **API Expectations Mismatch**: The `@simplewebauthn/browser` library has specific format requirements
-  that weren't immediately obvious from the documentation.
+1. **API Expectations Mismatch**: The `@simplewebauthn/browser` library has
+   specific format requirements that weren't immediately obvious from the
+   documentation.
 
-2. **Function Naming Confusion**: `encodeFunctionData` and `encodeAbiParameters` sound similar
-  but have different purposes and requirements.
+2. **Function Naming Confusion**: `encodeFunctionData` and `encodeAbiParameters`
+   sound similar but have different purposes and requirements.
 
 3. **Type Conversion**: JavaScript's flexibility with types (strings, arrays,
-  Uint8Arrays) can lead to passing the wrong type without compile-time errors.
+   Uint8Arrays) can lead to passing the wrong type without compile-time errors.
 
 ### Prevention
 
@@ -270,12 +280,12 @@ Bundler error: EntryPoint 0x0000000071727De22E5E9d8BAf0edAc6f37da032 not support
 supported EntryPoints: 0x4337084D9E255Ff0702461CF8895CE9E3b5Ff108
 ```
 
-**Root Cause:**
-The ZKsync SSO bundler uses a custom EntryPoint contract at `0x4337084D9E255Ff0702461CF8895CE9E3b5Ff108` instead of the
-  standard ERC-4337 v0.7 EntryPoint.
+**Root Cause:** The ZKsync SSO bundler uses a custom EntryPoint contract at
+`0x4337084D9E255Ff0702461CF8895CE9E3b5Ff108` instead of the standard ERC-4337
+v0.7 EntryPoint.
 
-**Fix Applied:**
-Updated the EntryPoint address to match the bundler's supported address:
+**Fix Applied:** Updated the EntryPoint address to match the bundler's supported
+address:
 
 ```javascript
 // Before: