Merge branch 'main' into passkey-docs

matter-labs · Feb 12, 2025 · e41fe0b · e41fe0b
2 parents 5ec5f86 + ee178e3
commit e41fe0b
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 6 deletions.
diff --git a/src/AAFactory.sol b/src/AAFactory.sol
@@ -19,6 +19,7 @@ contract AAFactory {
 
   /// @dev The bytecode hash of the beacon proxy, used for deploying proxy accounts.
   bytes32 public immutable beaconProxyBytecodeHash;
+  /// @dev The address of the SsoBeacon contract used for the SSO accounts' beacon proxies.
   address public immutable beacon;
 
   /// @notice A mapping from unique account IDs to their corresponding deployed account addresses.

diff --git a/src/validators/SessionKeyValidator.sol b/src/validators/SessionKeyValidator.sol
@@ -68,7 +68,8 @@ contract SessionKeyValidator is IModuleValidator {
     require(sessionCounter[msg.sender] == 0, "Revoke all keys first");
   }
 
-  /// @notice This module should not be used to validate signatures
+  /// @notice This module should not be used to validate signatures (including EIP-1271),
+  /// as a signature by itself does not have enough information to validate it against a session.
   /// @return false
   function validateSignature(bytes32, bytes memory) external pure returns (bool) {
     return false;

diff --git a/src/validators/WebAuthValidator.sol b/src/validators/WebAuthValidator.sol
@@ -19,6 +19,8 @@ contract WebAuthValidator is VerifierCaller, IModuleValidator {
   using JSONParserLib for JSONParserLib.Item;
   using JSONParserLib for string;
 
+  /// @dev P256Verify precompile implementation, as defined in RIP-7212, is found at
+  /// https://github.com/matter-labs/era-contracts/blob/main/system-contracts/contracts/precompiles/P256Verify.yul
   address private constant P256_VERIFIER = address(0x100);
 
   // check for secure validation: bit 0 = 1 (user present), bit 2 = 1 (user verified)
@@ -64,7 +66,7 @@ contract WebAuthValidator is VerifierCaller, IModuleValidator {
     upperKeyHalf[originDomain][msg.sender] = key32[1];
 
     // we're returning true if this was a new key, false for update
-    bool keyExists = initialLowerHalf == 0 && initialUpperHalf == 0;
+    bool keyExists = uint256(initialLowerHalf) == 0 && uint256(initialUpperHalf) == 0;
 
     emit PasskeyCreated(msg.sender, originDomain);
 
@@ -140,7 +142,7 @@ contract WebAuthValidator is VerifierCaller, IModuleValidator {
     pubkey[0] = lowerKeyHalf[origin][msg.sender];
     pubkey[1] = upperKeyHalf[origin][msg.sender];
     // This really only validates the origin is set
-    if (pubkey[0] == 0 || pubkey[1] == 0) {
+    if (uint256(pubkey[0]) == 0 || uint256(pubkey[1]) == 0) {
       return false;
     }
 

diff --git a/test/PasskeyModule.ts b/test/PasskeyModule.ts
@@ -8,7 +8,7 @@ import { assert, expect } from "chai";
 import { randomBytes } from "crypto";
 import { parseEther, ZeroAddress } from "ethers";
 import * as hre from "hardhat";
-import { encodeAbiParameters, Hex, hexToBytes, toHex } from "viem";
+import { encodeAbiParameters, Hex, hexToBytes, toHex, pad } from "viem";
 import { SmartAccount, Wallet } from "zksync-ethers";
 import { base64UrlToUint8Array } from "zksync-sso/utils";
 
@@ -433,8 +433,14 @@ async function validateSignatureTest(
     { name: "clientDataJson", type: "string" },
     { name: "rs", type: "bytes32[2]" },
   ],
-  [toHex(authData), sampleClientString, [toHex(rNormalization(generatedSignature.r)), toHex(sNormalization(generatedSignature.s))]],
-  );
+  [
+    toHex(authData),
+    sampleClientString,
+    [
+      pad(toHex(rNormalization(generatedSignature.r))),
+      pad(toHex(sNormalization(generatedSignature.s)))
+    ]
+  ]);
   return await passkeyValidator.validateSignature(transactionHash, fatSignature);
 }