Skip to content

Sync v3 session encoding with wallet-contracts-v3#365

Open
ScreamingHawk wants to merge 6 commits into
masterfrom
fix/v3-session-encoding-sync
Open

Sync v3 session encoding with wallet-contracts-v3#365
ScreamingHawk wants to merge 6 commits into
masterfrom
fix/v3-session-encoding-sync

Conversation

@ScreamingHawk

Copy link
Copy Markdown
Contributor

go-sequence's session encoding was ported before several contract changes and never caught up, so any explicit-session config, attestation, or session-call digest it produced was rejected on-chain. This re-syncs it (cross-checked against the sequence.js primitives):

  • SessionPermissions: add chainId (32 bytes after signer) and encode deadline as uint64 (8 bytes, was 32) — wallet-contracts-v3 cc6890e and 8a376ad. Matches SessionSig.recoverConfiguration / permission.ts.
  • Attestation: append issuedAt (uint64, 8 bytes) to authData so the attestation hash matches LibAttestation.toHash12b8c27. Serialized as a decimal string in JSON to match attestation.ts.
  • Session-call digest: drop the last parent wallet before hashing. On chain the session wallet is msg.sender (the verifying contract), not a parent entry, so the signing context's trailing parent must be removed — the wallet-bound digest comes from the partial-payload-replay audit fix (9c19609, Code4rena S-93/S-169, wallet-contracts-v3#89, the same fix Implement session call digest for v3 sessions #362 implements).
  • Wire issuedAt through the cmd/sequence CLI input.

Encoding vectors in the added tests are verified against the contracts via forge (recoverConfiguration, LibAttestation.toHash, hashPayloadCallIdx). Only the current (Rc4+) session manager is targeted; the deprecated Dev1/Dev2/Rc3 digest schemes are intentionally not supported.

🤖 Generated with Claude Code

@ScreamingHawk
ScreamingHawk requested a review from Agusx1211 July 13, 2026 02:42

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ca80af7e18

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread core/v3/session.go
Comment thread core/v3/permission.go

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 05ac5ffbcf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread core/v3/attestation.go Outdated
@Agusx1211

Copy link
Copy Markdown
Member

LGTM just that small comment

Base automatically changed from v3-session-call-digest to master July 13, 2026 13:59
ScreamingHawk and others added 4 commits July 14, 2026 07:08
The explicit-session and implicit-attestation encodings had drifted from
the deployed v3 contracts, so any config image hash / session signature
go-sequence produced was rejected on-chain. Re-sync three changes the
contracts made (and mirror the sequence.js primitives JSON):

- SessionPermissions: add chainId (32 bytes, after signer) and encode
  deadline as uint64 (8 bytes) instead of 32. Matches SessionSig
  recoverConfiguration and permission.ts.
- Attestation authData: append issuedAt (uint64, 8 bytes) so the
  attestation hash matches LibAttestation.toHash. Serialize issuedAt as a
  decimal string in JSON to match attestation.ts.
- Wire issuedAt through the cmd/sequence CLI input.

Add regression tests with byte vectors verified against the contracts via
forge (recoverConfiguration / LibAttestation.toHash).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
HashCallWithReplayProtection hashed the payload's parentWallets verbatim.
The session-holding wallet is the last parent wallet in the signing
context, but on chain it is the verifying contract (msg.sender), not a
parent entry, so it must be dropped before hashing to match
SessionSig.hashPayloadCallIdx. Wallet-bound digest comes from the partial
payload replay audit fix (wallet-contracts-v3 9c19609, Code4rena
S-93/S-169, #89).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
EncodeSessionPermissions encodes deadline into an 8-byte buffer via
big.Int.FillBytes, which panics on a negative value or one that does not
fit in uint64 (e.g. a max-value "no expiry" deadline). Validate the range
and return an error instead of crashing.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
AttestationFromJson accepted a JSON-number issuedAt via an unchecked
uint64 cast, so a negative, fractional or out-of-range value was silently
coerced (e.g. -1 -> MaxUint64) and the library would hash/sign a
different attestation than the JSON represented. Reject negatives,
fractions and values outside uint64, matching the string path.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@ScreamingHawk
ScreamingHawk force-pushed the fix/v3-session-encoding-sync branch from 3d5e23e to 920ba26 Compare July 13, 2026 19:08

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 920ba266ff

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread core/v3/session_digest_test.go Outdated
Comment thread core/v3/permission.go
Comment thread core/v3/attestation.go Outdated
ScreamingHawk and others added 2 commits July 14, 2026 07:29
#362 was merged with the digest function renamed to HashPayloadCallIdx;
update the parent-wallets test to the new name so the package builds.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Numeric JSON attributes were decoded and encoded unsafely: an unquoted
number above 2^53 was silently rounded by encoding/json before use, and a
negative or over-wide chainId/valueLimit was encoded as its absolute value
or spilled past the fixed 32-byte field.

Add bigIntFromJSON, a single decoder shared by chainId, valueLimit,
deadline and attestation issuedAt: it parses strings and json.Number
exactly and rejects float64 that is non-integer or at/above 2^53.
EncodeSessionPermissions now rejects chainId and valueLimit that are
negative or wider than uint256.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Agusx1211

Copy link
Copy Markdown
Member

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants