chore(test-suite): fix expired delegation, acl not allow tests (#2060)

* chore(test-suite): update acl failure test for delegated user decr

- Previously: negative delegated user decryption tests asserted on raw
  Solidity selector 0x0190c506 and was using relayer-sdk v0.4.1 that was
  not handling the label 'now_allowed_on_host_acl' from relayer.

- Now: bump relayer-sdk to v0.4.2 that handles the label and asserts on
  relayer-sdk error label not_allowed_on_host_acl, matching the
  structured error returned by the relayer on HTTP 400

* chore(test-suite): fix expired delegation test

- Issue: setting pastExpiration=1 reverted at the
  contract level (ExpirationDateBeforeOneHour) so
  the test never reached the decryption step

- Fix: delegate with a valid expiration (now + 1h1m),
  then use evm_increaseTime to fast-forward past it
  before attempting decryption

* chore(common): update package-lock.json

---------

Co-authored-by: Simon Eudeline <simon.eudeline@zama.ai>

Author: manoranjith

package-lock.json

@@ -16,7 +16,7 @@
   "dependencies": {
     "@fhevm/solidity": "*",
     "@openzeppelin/contracts": "^5.3.0",
-    "@zama-fhe/relayer-sdk": "^0.4.1",
+    "@zama-fhe/relayer-sdk": "^0.4.2",
     "bigint-buffer": "^1.1.5",
     "dotenv": "^16.0.3",
     "encrypted-types": "^0.0.4"

test-suite/e2e/package.json

@@ -5,7 +5,7 @@ import { createInstances } from '../instance';
 import { getSigners, initSigners } from '../signers';
 import { delegatedUserDecryptSingleHandle, waitForBlock } from '../utils';
 
-const USER_DECRYPTION_NOT_DELEGATED_SELECTOR = '0x0190c506';
+const NOT_ALLOWED_ON_HOST_ACL = 'not_allowed_on_host_acl';
 
 describe('Delegated user decryption', function () {
   before(async function () {
@@ -233,8 +233,8 @@ describe('Delegated user decryption', function () {
     const balanceHandle = await this.token.balanceOf(this.smartWalletAddress);
     const { publicKey, privateKey } = this.instances.bob.generateKeypair();
 
-    await expect(
-      delegatedUserDecryptSingleHandle(
+    try {
+      await delegatedUserDecryptSingleHandle(
         this.instances.bob,
         balanceHandle,
         this.tokenAddress,
@@ -243,18 +243,19 @@ describe('Delegated user decryption', function () {
         this.signers.bob,
         privateKey,
         publicKey,
-      )
-    ).to.be.rejectedWith(
-      new RegExp(USER_DECRYPTION_NOT_DELEGATED_SELECTOR),
-    );
+      );
+      expect.fail('Expected delegated user decrypt to be rejected after revocation');
+    } catch (err: any) {
+      expect(err.relayerApiError?.label).to.equal(NOT_ALLOWED_ON_HOST_ACL);
+    }
   });
 
   it('test delegated user decryption should fail when no delegation exists', async function () {
     const balanceHandle = await this.token.balanceOf(this.smartWalletAddress);
     const { publicKey, privateKey } = this.instances.dave.generateKeypair();
 
-    await expect(
-      delegatedUserDecryptSingleHandle(
+    try {
+      await delegatedUserDecryptSingleHandle(
         this.instances.dave,
         balanceHandle,
         this.tokenAddress,
@@ -263,8 +264,11 @@ describe('Delegated user decryption', function () {
         this.signers.dave,
         privateKey,
         publicKey,
-      )
-    ).to.be.rejectedWith(new RegExp(USER_DECRYPTION_NOT_DELEGATED_SELECTOR));
+      );
+      expect.fail('Expected delegated user decrypt to be rejected without delegation');
+    } catch (err: any) {
+      expect(err.relayerApiError?.label).to.equal(NOT_ALLOWED_ON_HOST_ACL);
+    }
   });
 
   it('test delegated user decryption should fail when delegation is for wrong contract', async function () {
@@ -284,8 +288,8 @@ describe('Delegated user decryption', function () {
     const balanceHandle = await this.token.balanceOf(this.smartWalletAddress);
     const { publicKey, privateKey } = this.instances.eve.generateKeypair();
 
-    await expect(
-      delegatedUserDecryptSingleHandle(
+    try {
+      await delegatedUserDecryptSingleHandle(
         this.instances.eve,
         balanceHandle,
         this.tokenAddress,
@@ -294,24 +298,37 @@ describe('Delegated user decryption', function () {
         this.signers.eve,
         privateKey,
         publicKey,
-      )
-    ).to.be.rejectedWith(new RegExp(USER_DECRYPTION_NOT_DELEGATED_SELECTOR));
+      );
+      expect.fail('Expected delegated user decrypt to be rejected for wrong contract');
+    } catch (err: any) {
+      expect(err.relayerApiError?.label).to.equal(NOT_ALLOWED_ON_HOST_ACL);
+    }
   });
 
   it('test delegated user decryption should fail when delegation has expired', async function () {
-    const pastExpiration = 1;
+    // Expiration must be >1h from chain time (FHE library constraint).
+    // Use block timestamp, not Date.now(), since evm_increaseTime shifts chain clock.
+    const oneHour = 3600;
+    const buffer = 60;
+    const latestBlock = await ethers.provider.getBlock('latest');
+    const expirationTimestamp = latestBlock!.timestamp + oneHour + buffer;
     const tx = await this.smartWallet
       .connect(this.signers.bob)
-      .delegateUserDecryption(this.signers.eve.address, this.tokenAddress, pastExpiration);
+      .delegateUserDecryption(this.signers.eve.address, this.tokenAddress, expirationTimestamp);
     await tx.wait();
+
+    // Fast-forward time past the expiration.
+    await ethers.provider.send('evm_increaseTime', [oneHour + buffer + 1]);
+    await ethers.provider.send('evm_mine', []);
+
     const currentBlock = await ethers.provider.getBlockNumber();
     await waitForBlock(currentBlock + 15);
 
     const balanceHandle = await this.token.balanceOf(this.smartWalletAddress);
     const { publicKey, privateKey } = this.instances.eve.generateKeypair();
 
-    await expect(
-      delegatedUserDecryptSingleHandle(
+    try {
+      await delegatedUserDecryptSingleHandle(
         this.instances.eve,
         balanceHandle,
         this.tokenAddress,
@@ -320,7 +337,10 @@ describe('Delegated user decryption', function () {
         this.signers.eve,
         privateKey,
         publicKey,
-      )
-    ).to.be.rejectedWith(new RegExp(USER_DECRYPTION_NOT_DELEGATED_SELECTOR));
+      );
+      expect.fail('Expected delegated user decrypt to be rejected for expired delegation');
+    } catch (err: any) {
+      expect(err.relayerApiError?.label).to.equal(NOT_ALLOWED_ON_HOST_ACL);
+    }
   });
 });