diff --git a/.env.example b/.env.example index 0adf02ac..361a718c 100644 --- a/.env.example +++ b/.env.example @@ -8,4 +8,4 @@ RPC_URL="" SIGNER=0x69bec2dd161d6bbcc91ec32aa44d9333ebc864c0 # Signer for the dkim oracle on IC ETHERSCAN_API_KEY= -CREATE2_SALT=1234 \ No newline at end of file +CREATE2_SALT=1234 diff --git a/package.json b/package.json index faad8128..cc7783e6 100644 --- a/package.json +++ b/package.json @@ -34,8 +34,8 @@ "@matterlabs/era-contracts": "github:matter-labs/era-contracts", "@openzeppelin/contracts-upgradeable": "5.0.1", "@rhinestone/modulekit": "github:rhinestonewtf/modulekit", - "@zk-email/contracts": "6.0.3", - "@zk-email/ether-email-auth-contracts": "0.1.1-preview", + "@zk-email/contracts": "https://gitpkg.vercel.app/zkemail/zk-email-verify/packages/contracts?feat/dkim-registry-updates", + "@zk-email/ether-email-auth-contracts": "https://gitpkg.vercel.app/zkemail/ether-email-auth/packages/contracts?feat/audit-fix-2024-09-registry", "erc7579-implementation": "github:erc7579/erc7579-implementation", "solidity-stringutils": "github:LayerZero-Labs/solidity-stringutils" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 24c8c8bf..6a8beaa4 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -18,11 +18,11 @@ importers: specifier: github:rhinestonewtf/modulekit version: https://codeload.github.com/rhinestonewtf/modulekit/tar.gz/67a5c02dec798b25a3b2581d485d75e116b14af8(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5))(typescript@4.9.5) '@zk-email/contracts': - specifier: 6.0.3 - version: 6.0.3 + specifier: https://gitpkg.vercel.app/zkemail/zk-email-verify/packages/contracts?feat/dkim-registry-updates + version: https://gitpkg.vercel.app/zkemail/zk-email-verify/packages/contracts?feat/dkim-registry-updates '@zk-email/ether-email-auth-contracts': - specifier: 0.1.1-preview - version: 0.1.1-preview + specifier: https://gitpkg.vercel.app/zkemail/ether-email-auth/packages/contracts?feat/audit-fix-2024-09-registry + version: https://gitpkg.vercel.app/zkemail/ether-email-auth/packages/contracts?feat/audit-fix-2024-09-registry erc7579-implementation: specifier: github:erc7579/erc7579-implementation version: https://codeload.github.com/erc7579/erc7579-implementation/tar.gz/b3f8bcb2df3aae3217213ffa8b7a87c1eb42ec56(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) @@ -317,8 +317,8 @@ packages: resolution: {integrity: sha512-c83qWb22rNRuB0UaVCI0uRPNRr8Z0FWnEIvT47jiHAmOIUHbBOg5XvV7pM5x+rKn9HRpjxquDbXYSXr3fAKFcw==} engines: {node: '>=12'} - '@prb/math@4.0.3': - resolution: {integrity: sha512-/RSt3VU1k2m3ox6U6kUL1MrktnAHr8vhydXu4eDtqFAms1gm3XnGpoZIPaK1lm2zdJQmKBwJ4EXALPARsuOlaA==} + '@prb/math@4.1.0': + resolution: {integrity: sha512-ef5Xrlh3BeX4xT5/Wi810dpEPq2bYPndRxgFIaKSU1F/Op/s8af03kyom+mfU7gEpvfIZ46xu8W0duiHplbBMg==} '@rhinestone/checknsignatures@https://codeload.github.com/rhinestonewtf/checknsignatures/tar.gz/7ff44ef46da1266374e6a98e6cf69d727d7c357d': resolution: {tarball: https://codeload.github.com/rhinestonewtf/checknsignatures/tar.gz/7ff44ef46da1266374e6a98e6cf69d727d7c357d} @@ -330,8 +330,8 @@ packages: '@rhinestone/erc4337-validation@0.0.1-alpha.5': resolution: {integrity: sha512-yOrYyQBrT0JfHb+rjvx4pqk8uItKxEtn7n8z3k0qbZTzkXaNS9pCUBsTxy0kp6T2SNUrbQ8I4DMSiyGqjdh2ng==} - '@rhinestone/module-bases@https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/dd88e0a4e5673dd4676de2067c2e524cd8573523': - resolution: {tarball: https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/dd88e0a4e5673dd4676de2067c2e524cd8573523} + '@rhinestone/module-bases@https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/107cda409627e6f05285c7d8e1ea594d35fb3ac0': + resolution: {tarball: https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/107cda409627e6f05285c7d8e1ea594d35fb3ac0} version: 0.0.1 '@rhinestone/modulekit@https://codeload.github.com/rhinestonewtf/modulekit/tar.gz/67a5c02dec798b25a3b2581d485d75e116b14af8': @@ -446,11 +446,11 @@ packages: '@types/ms@0.7.34': resolution: {integrity: sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g==} - '@types/node@20.16.12': - resolution: {integrity: sha512-LfPFB0zOeCeCNQV3i+67rcoVvoN5n0NVuR2vLG0O5ySQMgchuZlC4lgz546ZOJyDtj5KIgOxy+lacOimfqZAIA==} + '@types/node@20.16.13': + resolution: {integrity: sha512-GjQ7im10B0labo8ZGXDGROUl9k0BNyDgzfGpb4g/cl+4yYDWVKcozANF4FGr4/p0O/rAkQClM6Wiwkije++1Tg==} - '@types/node@22.7.6': - resolution: {integrity: sha512-/d7Rnj0/ExXDMcioS78/kf1lMzYk4BZV8MZGTBKzTGZ6/406ukkbYlIsZmMPhcR5KlkunDHQLrtAVmSq7r+mSw==} + '@types/node@22.7.7': + resolution: {integrity: sha512-SRxCrrg9CL/y54aiMCG3edPKdprgMVGDXjA3gB8UmmBW5TcXzRUYAh8EWzTnSJFAd1rgImPELza+A3bJ+qxz8Q==} '@types/pbkdf2@3.1.2': resolution: {integrity: sha512-uRwJqmiXmh9++aSu1VNEn3iIxWOhd8AHXNSdlaLfdAAdSTY9jYVeGWnzejM3dvrkbqE3/hyQkQQ29IFATEGlew==} @@ -464,14 +464,13 @@ packages: '@types/secp256k1@4.0.6': resolution: {integrity: sha512-hHxJU6PAEUn0TP4S/ZOzuTUvJWuZ6eIKeNKb5RBpODvSl6hp1Wrw4s7ATY50rklRCScUDpHzVA/DQdSjJ3UoYQ==} - '@zk-email/contracts@6.0.3': - resolution: {integrity: sha512-nPSG27431Cz5bzPlR/ltn7qa9k+Joc/6LDHUz+JeFWEP/ff9VnzK11P0ay5qdX14qpQ647varPdxGtulosUtxw==} + '@zk-email/contracts@https://gitpkg.vercel.app/zkemail/zk-email-verify/packages/contracts?feat/dkim-registry-updates': + resolution: {tarball: https://gitpkg.vercel.app/zkemail/zk-email-verify/packages/contracts?feat/dkim-registry-updates} + version: 6.2.0 - '@zk-email/contracts@6.2.0': - resolution: {integrity: sha512-HlMyQNKmwdqfht6hHfTLgNnt/pGEc1cR5X4v8dMV+8IqoJTPbuvv19u69p/3U1W1SK2KUJl2Hg/bf0OxqVCNRQ==} - - '@zk-email/ether-email-auth-contracts@0.1.1-preview': - resolution: {integrity: sha512-cgF86rZhtIHFmyyCviyLt+V7gA0A+ZZQi7kpO64k1SAGseIQ8MhQp6CRf1CILGt9vgoDTpO8g2IV/aJudQJhwg==} + '@zk-email/ether-email-auth-contracts@https://gitpkg.vercel.app/zkemail/ether-email-auth/packages/contracts?feat/audit-fix-2024-09-registry': + resolution: {tarball: https://gitpkg.vercel.app/zkemail/ether-email-auth/packages/contracts?feat/audit-fix-2024-09-registry} + version: 0.1.1-preview abbrev@1.0.9: resolution: {integrity: sha512-LEyx4aLEC3x6T0UguF6YILf+ntvmOaWsVfENmIW0E9H09vKlLDGelMjjSm0jkDHALj8A8quZ/HapKNigzwge+Q==} @@ -2483,7 +2482,7 @@ snapshots: '@pnpm/network.ca-file': 1.0.2 config-chain: 1.1.13 - '@prb/math@4.0.3': {} + '@prb/math@4.1.0': {} '@rhinestone/checknsignatures@https://codeload.github.com/rhinestonewtf/checknsignatures/tar.gz/7ff44ef46da1266374e6a98e6cf69d727d7c357d': dependencies: @@ -2530,7 +2529,7 @@ snapshots: - typechain - utf-8-validate - '@rhinestone/module-bases@https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/dd88e0a4e5673dd4676de2067c2e524cd8573523(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5))': + '@rhinestone/module-bases@https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/107cda409627e6f05285c7d8e1ea594d35fb3ac0(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5))': dependencies: '@ERC4337/account-abstraction': accountabstraction@https://codeload.github.com/kopy-kat/account-abstraction/tar.gz/c5887153fbfe3ed09b2637cac39873f96d676f38(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) erc7579: erc7579-implementation@https://codeload.github.com/erc7579/erc7579-implementation/tar.gz/b3f8bcb2df3aae3217213ffa8b7a87c1eb42ec56(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) @@ -2549,9 +2548,9 @@ snapshots: dependencies: '@ERC4337/account-abstraction': accountabstraction@https://codeload.github.com/kopy-kat/account-abstraction/tar.gz/c5887153fbfe3ed09b2637cac39873f96d676f38(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) '@ERC4337/account-abstraction-v0.6': accountabstraction@https://codeload.github.com/eth-infinitism/account-abstraction/tar.gz/7174d6d845618dbd11cee68eefa715f5263690b6(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) - '@prb/math': 4.0.3 + '@prb/math': 4.1.0 '@rhinestone/erc4337-validation': 0.0.1-alpha.5(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) - '@rhinestone/module-bases': https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/dd88e0a4e5673dd4676de2067c2e524cd8573523(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) + '@rhinestone/module-bases': https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/107cda409627e6f05285c7d8e1ea594d35fb3ac0(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) '@rhinestone/registry': https://codeload.github.com/rhinestonewtf/registry/tar.gz/1371979a97293e0c6188afcd923784f6a718ae7d '@rhinestone/safe7579': https://codeload.github.com/rhinestonewtf/safe7579/tar.gz/33f110f08ed5fcab75c29d7cfb93f7f3e4da76a7(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5))(typescript@4.9.5) '@rhinestone/sentinellist': https://codeload.github.com/rhinestonewtf/sentinellist/tar.gz/67e42f0eb3cf355ddba5a017892f9cc28d924875 @@ -2586,7 +2585,7 @@ snapshots: '@ERC4337/account-abstraction-v0.6': accountabstraction@https://codeload.github.com/eth-infinitism/account-abstraction/tar.gz/7174d6d845618dbd11cee68eefa715f5263690b6(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) '@rhinestone/checknsignatures': https://codeload.github.com/rhinestonewtf/checknsignatures/tar.gz/7ff44ef46da1266374e6a98e6cf69d727d7c357d '@rhinestone/erc4337-validation': 0.0.1-alpha.2(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5))(typescript@4.9.5) - '@rhinestone/module-bases': https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/dd88e0a4e5673dd4676de2067c2e524cd8573523(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) + '@rhinestone/module-bases': https://codeload.github.com/rhinestonewtf/module-bases/tar.gz/107cda409627e6f05285c7d8e1ea594d35fb3ac0(ethers@5.7.2)(hardhat@2.22.13(typescript@4.9.5))(lodash@4.17.21)(typechain@5.2.0(typescript@4.9.5)) '@rhinestone/sentinellist': https://codeload.github.com/rhinestonewtf/sentinellist/tar.gz/67e42f0eb3cf355ddba5a017892f9cc28d924875 '@safe-global/safe-contracts': 1.4.1(ethers@5.7.2) ds-test: https://codeload.github.com/dapphub/ds-test/tar.gz/e282159d5170298eb2455a6c05280ab5a73a4ef0 @@ -2711,11 +2710,11 @@ snapshots: '@types/bn.js@4.11.6': dependencies: - '@types/node': 22.7.6 + '@types/node': 22.7.7 '@types/bn.js@5.1.6': dependencies: - '@types/node': 22.7.6 + '@types/node': 22.7.7 '@types/debug@4.1.12': dependencies: @@ -2724,7 +2723,7 @@ snapshots: '@types/glob@7.2.0': dependencies: '@types/minimatch': 5.1.2 - '@types/node': 22.7.6 + '@types/node': 22.7.7 '@types/http-cache-semantics@4.0.4': {} @@ -2736,17 +2735,17 @@ snapshots: '@types/ms@0.7.34': {} - '@types/node@20.16.12': + '@types/node@20.16.13': dependencies: undici-types: 6.19.8 - '@types/node@22.7.6': + '@types/node@22.7.7': dependencies: undici-types: 6.19.8 '@types/pbkdf2@3.1.2': dependencies: - '@types/node': 22.7.6 + '@types/node': 22.7.7 '@types/prettier@2.7.3': {} @@ -2754,24 +2753,20 @@ snapshots: '@types/secp256k1@4.0.6': dependencies: - '@types/node': 22.7.6 - - '@zk-email/contracts@6.0.3': - dependencies: - '@openzeppelin/contracts': 5.1.0 - dotenv: 16.4.5 + '@types/node': 22.7.7 - '@zk-email/contracts@6.2.0': + '@zk-email/contracts@https://gitpkg.vercel.app/zkemail/zk-email-verify/packages/contracts?feat/dkim-registry-updates': dependencies: '@openzeppelin/contracts': 5.1.0 + '@openzeppelin/contracts-upgradeable': 5.0.1(@openzeppelin/contracts@5.1.0) dotenv: 16.4.5 - '@zk-email/ether-email-auth-contracts@0.1.1-preview': + '@zk-email/ether-email-auth-contracts@https://gitpkg.vercel.app/zkemail/ether-email-auth/packages/contracts?feat/audit-fix-2024-09-registry': dependencies: '@matterlabs/zksync-contracts': 0.6.1(@openzeppelin/contracts-upgradeable@5.0.1(@openzeppelin/contracts@5.1.0))(@openzeppelin/contracts@5.1.0) '@openzeppelin/contracts': 5.1.0 '@openzeppelin/contracts-upgradeable': 5.0.1(@openzeppelin/contracts@5.1.0) - '@zk-email/contracts': 6.2.0 + '@zk-email/contracts': https://gitpkg.vercel.app/zkemail/zk-email-verify/packages/contracts?feat/dkim-registry-updates solady: 0.0.123 abbrev@1.0.9: {} @@ -3906,7 +3901,7 @@ snapshots: mcl-wasm@1.7.0: dependencies: - '@types/node': 20.16.12 + '@types/node': 20.16.13 md5.js@1.3.5: dependencies: diff --git a/script/DeployEmailRecoveryModule.s.sol b/script/DeployEmailRecoveryModule.s.sol index 738259d3..ae63922f 100644 --- a/script/DeployEmailRecoveryModule.s.sol +++ b/script/DeployEmailRecoveryModule.s.sol @@ -10,6 +10,7 @@ import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifie import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol"; import { ECDSAOwnedDKIMRegistry } from "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol"; +import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol"; import { EmailAuth } from "@zk-email/ether-email-auth-contracts/src/EmailAuth.sol"; import { EmailRecoveryFactory } from "src/factories/EmailRecoveryFactory.sol"; import { OwnableValidator } from "src/test/OwnableValidator.sol"; @@ -19,13 +20,14 @@ contract DeployEmailRecoveryModuleScript is Script { function run() public { vm.startBroadcast(vm.envUint("PRIVATE_KEY")); address verifier = vm.envOr("VERIFIER", address(0)); - address dkimRegistry = vm.envOr("DKIM_REGISTRY", address(0)); - address dkimRegistrySigner = vm.envOr("SIGNER", address(0)); + address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0)); address emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0)); address validatorAddr = vm.envOr("VALIDATOR", address(0)); address initialOwner = vm.addr(vm.envUint("PRIVATE_KEY")); + UserOverrideableDKIMRegistry dkim; + if (verifier == address(0)) { Verifier verifierImpl = new Verifier(); console.log("Verifier implementation deployed at: %s", address(verifierImpl)); @@ -39,18 +41,26 @@ contract DeployEmailRecoveryModuleScript is Script { console.log("Deployed Verifier at", verifier); } - if (dkimRegistry == address(0)) { + // Deploy Useroverridable DKIM registry + dkim = UserOverrideableDKIMRegistry(vm.envOr("DKIM_REGISTRY", address(0))); + uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0)); + if (address(dkim) == address(0)) { require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required"); - - ECDSAOwnedDKIMRegistry dkimImpl = new ECDSAOwnedDKIMRegistry(); - console.log("ECDSAOwnedDKIMRegistry implementation deployed at: %s", address(dkimImpl)); + UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry(); + console.log( + "UserOverrideableDKIMRegistry implementation deployed at: %s", + address(overrideableDkimImpl) + ); ERC1967Proxy dkimProxy = new ERC1967Proxy( - address(dkimImpl), - abi.encodeCall(dkimImpl.initialize, (initialOwner, dkimRegistrySigner)) + address(overrideableDkimImpl), + abi.encodeCall( + overrideableDkimImpl.initialize, + (initialOwner, dkimRegistrySigner, setTimeDelay) + ) ); - dkimRegistry = address(ECDSAOwnedDKIMRegistry(address(dkimProxy))); - vm.setEnv("ECDSA_DKIM", vm.toString(address(dkimRegistry))); - console.log("Deployed DKIM Registry at", dkimRegistry); + dkim = UserOverrideableDKIMRegistry(address(dkimProxy)); + vm.setEnv("DKIM_REGISTRY", vm.toString(address(dkim))); + console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", address(dkim)); } if (emailAuthImpl == address(0)) { @@ -74,7 +84,7 @@ contract DeployEmailRecoveryModuleScript is Script { bytes32(uint256(0)), bytes32(uint256(0)), type(EmailRecoveryCommandHandler).creationCode, - dkimRegistry, + address(dkim), validatorAddr, bytes4(keccak256(bytes("changeOwner(address)"))) ); diff --git a/script/DeploySafeNativeRecovery.s.sol b/script/DeploySafeNativeRecovery.s.sol index ee8a35eb..c9325ae1 100644 --- a/script/DeploySafeNativeRecovery.s.sol +++ b/script/DeploySafeNativeRecovery.s.sol @@ -9,6 +9,7 @@ import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifie import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol"; import { ECDSAOwnedDKIMRegistry } from "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol"; +import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol"; import { EmailAuth } from "@zk-email/ether-email-auth-contracts/src/EmailAuth.sol"; import { SafeRecoveryCommandHandler } from "src/handlers/SafeRecoveryCommandHandler.sol"; import { SafeEmailRecoveryModule } from "src/modules/SafeEmailRecoveryModule.sol"; @@ -18,8 +19,7 @@ contract DeploySafeNativeRecovery_Script is Script { function run() public { vm.startBroadcast(vm.envUint("PRIVATE_KEY")); address verifier = vm.envOr("ZK_VERIFIER", address(0)); - address dkimRegistry = vm.envOr("DKIM_REGISTRY", address(0)); - address dkimRegistrySigner = vm.envOr("SIGNER", address(0)); + address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0)); address emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0)); address commandHandler = vm.envOr("COMMAND_HANDLER", address(0)); @@ -28,8 +28,11 @@ contract DeploySafeNativeRecovery_Script is Script { uint salt = vm.envOr("CREATE2_SALT", uint(0)); console.log("salt %s", salt); + console.log("verifier %s", verifier); + UserOverrideableDKIMRegistry dkim; + if (verifier == address(0)) { Verifier verifierImpl = new Verifier{ salt: bytes32(salt) }(); console.log("Verifier implementation deployed at: %s", address(verifierImpl)); @@ -43,18 +46,26 @@ contract DeploySafeNativeRecovery_Script is Script { console.log("Deployed Verifier at", verifier); } - if (dkimRegistry == address(0)) { + // Deploy Useroverridable DKIM registry + dkim = UserOverrideableDKIMRegistry(vm.envOr("DKIM_REGISTRY", address(0))); + uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0)); + if (address(dkim) == address(0)) { require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required"); - - ECDSAOwnedDKIMRegistry dkimImpl = new ECDSAOwnedDKIMRegistry{ salt: bytes32(salt) }(); - console.log("ECDSAOwnedDKIMRegistry implementation deployed at: %s", address(dkimImpl)); + UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry{ salt: bytes32(salt) }(); + console.log( + "UserOverrideableDKIMRegistry implementation deployed at: %s", + address(overrideableDkimImpl) + ); ERC1967Proxy dkimProxy = new ERC1967Proxy{ salt: bytes32(salt) }( - address(dkimImpl), - abi.encodeCall(dkimImpl.initialize, (initialOwner, dkimRegistrySigner)) + address(overrideableDkimImpl), + abi.encodeCall( + overrideableDkimImpl.initialize, + (initialOwner, dkimRegistrySigner, setTimeDelay) + ) ); - dkimRegistry = address(ECDSAOwnedDKIMRegistry(address(dkimProxy))); - vm.setEnv("ECDSA_DKIM", vm.toString(address(dkimRegistry))); - console.log("Deployed DKIM Registry at", dkimRegistry); + dkim = UserOverrideableDKIMRegistry(address(dkimProxy)); + vm.setEnv("DKIM_REGISTRY", vm.toString(address(dkim))); + console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", address(dkim)); } if (emailAuthImpl == address(0)) { @@ -68,7 +79,7 @@ contract DeploySafeNativeRecovery_Script is Script { } address module = address( - new SafeEmailRecoveryModule{ salt: bytes32(salt) }(verifier, dkimRegistry, emailAuthImpl, commandHandler) + new SafeEmailRecoveryModule{ salt: bytes32(salt) }(verifier, address(dkim), emailAuthImpl, commandHandler) ); console.log("Deployed Email Recovery Module at ", vm.toString(module)); diff --git a/script/DeploySafeRecovery.s.sol b/script/DeploySafeRecovery.s.sol index 7a54cf11..8bab0272 100644 --- a/script/DeploySafeRecovery.s.sol +++ b/script/DeploySafeRecovery.s.sol @@ -11,6 +11,7 @@ import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifie import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol"; import { ECDSAOwnedDKIMRegistry } from "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol"; +import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol"; import { EmailAuth } from "@zk-email/ether-email-auth-contracts/src/EmailAuth.sol"; import { Safe7579 } from "safe7579/Safe7579.sol"; @@ -28,12 +29,13 @@ contract DeploySafeRecovery_Script is Script { vm.startBroadcast(vm.envUint("PRIVATE_KEY")); address verifier = vm.envOr("VERIFIER", address(0)); - address dkimRegistry = vm.envOr("DKIM_REGISTRY", address(0)); - address dkimRegistrySigner = vm.envOr("SIGNER", address(0)); + address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0)); address emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0)); - + address initialOwner = vm.addr(vm.envUint("PRIVATE_KEY")); - uint salt = vm.envOr("CREATE2_SALT", uint(0)); + uint256 salt = vm.envOr("CREATE2_SALT", uint256(0)); + + UserOverrideableDKIMRegistry dkim; if (verifier == address(0)) { Verifier verifierImpl = new Verifier(); @@ -48,18 +50,26 @@ contract DeploySafeRecovery_Script is Script { console.log("Deployed Verifier at", verifier); } - if (dkimRegistry == address(0)) { + // Deploy Useroverridable DKIM registry + dkim = UserOverrideableDKIMRegistry(vm.envOr("DKIM_REGISTRY", address(0))); + uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0)); + if (address(dkim) == address(0)) { require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required"); - - ECDSAOwnedDKIMRegistry dkimImpl = new ECDSAOwnedDKIMRegistry(); - console.log("ECDSAOwnedDKIMRegistry implementation deployed at: %s", address(dkimImpl)); + UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry(); + console.log( + "UserOverrideableDKIMRegistry implementation deployed at: %s", + address(overrideableDkimImpl) + ); ERC1967Proxy dkimProxy = new ERC1967Proxy( - address(dkimImpl), - abi.encodeCall(dkimImpl.initialize, (initialOwner, dkimRegistrySigner)) + address(overrideableDkimImpl), + abi.encodeCall( + overrideableDkimImpl.initialize, + (initialOwner, dkimRegistrySigner, setTimeDelay) + ) ); - dkimRegistry = address(ECDSAOwnedDKIMRegistry(address(dkimProxy))); - vm.setEnv("ECDSA_DKIM", vm.toString(address(dkimRegistry))); - console.log("Deployed DKIM Registry at", dkimRegistry); + dkim = UserOverrideableDKIMRegistry(address(dkimProxy)); + vm.setEnv("DKIM_REGISTRY", vm.toString(address(dkim))); + console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", address(dkim)); } if (emailAuthImpl == address(0)) { @@ -73,7 +83,7 @@ contract DeploySafeRecovery_Script is Script { bytes32(salt), bytes32(salt), type(SafeRecoveryCommandHandler).creationCode, - dkimRegistry + address(dkim) ); address safe7579 = address(new Safe7579{ salt: bytes32(salt) }()); diff --git a/script/DeploySafeRecoveryWithAccountHiding.s.sol b/script/DeploySafeRecoveryWithAccountHiding.s.sol index 91abb8e9..21f1a3f0 100644 --- a/script/DeploySafeRecoveryWithAccountHiding.s.sol +++ b/script/DeploySafeRecoveryWithAccountHiding.s.sol @@ -5,7 +5,8 @@ pragma solidity ^0.8.25; import { Script } from "forge-std/Script.sol"; import { console } from "forge-std/console.sol"; -import { AccountHidingRecoveryCommandHandler } from "src/handlers/AccountHidingRecoveryCommandHandler.sol"; +import { AccountHidingRecoveryCommandHandler } from + "src/handlers/AccountHidingRecoveryCommandHandler.sol"; import { EmailRecoveryUniversalFactory } from "src/factories/EmailRecoveryUniversalFactory.sol"; import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifier.sol"; import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol"; @@ -17,9 +18,11 @@ import { Safe7579 } from "safe7579/Safe7579.sol"; import { Safe7579Launchpad } from "safe7579/Safe7579Launchpad.sol"; import { IERC7484 } from "safe7579/interfaces/IERC7484.sol"; import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; +import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol"; // 1. `source .env` -// 2. `forge script script/DeploySafeRecoveryWithAccountHiding.s.sol:DeploySafeRecoveryWithAccountHiding_Script +// 2. `forge script +// script/DeploySafeRecoveryWithAccountHiding.s.sol:DeploySafeRecoveryWithAccountHiding_Script // --rpc-url $RPC_URL --broadcast --verify --etherscan-api-key $ETHERSCAN_API_KEY -vvvv` contract DeploySafeRecoveryWithAccountHiding_Script is Script { function run() public { @@ -49,16 +52,23 @@ contract DeploySafeRecoveryWithAccountHiding_Script is Script { if (dkimRegistry == address(0)) { require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required"); - - ECDSAOwnedDKIMRegistry dkimImpl = new ECDSAOwnedDKIMRegistry(); - console.log("ECDSAOwnedDKIMRegistry implementation deployed at: %s", address(dkimImpl)); + // Deploy Useroverridable DKIM registry + uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0)); + UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry(); + console.log( + "UserOverrideableDKIMRegistry implementation deployed at: %s", + address(overrideableDkimImpl) + ); ERC1967Proxy dkimProxy = new ERC1967Proxy( - address(dkimImpl), - abi.encodeCall(dkimImpl.initialize, (initialOwner, dkimRegistrySigner)) + address(overrideableDkimImpl), + abi.encodeCall( + overrideableDkimImpl.initialize, + (initialOwner, dkimRegistrySigner, setTimeDelay) + ) ); - dkimRegistry = address(ECDSAOwnedDKIMRegistry(address(dkimProxy))); - vm.setEnv("ECDSA_DKIM", vm.toString(address(dkimRegistry))); - console.log("Deployed DKIM Registry at", dkimRegistry); + dkimRegistry = address(UserOverrideableDKIMRegistry(address(dkimProxy))); + vm.setEnv("DKIM_REGISTRY", vm.toString(dkimRegistry)); + console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", dkimRegistry); } if (emailAuthImpl == address(0)) { @@ -86,4 +96,4 @@ contract DeploySafeRecoveryWithAccountHiding_Script is Script { vm.stopBroadcast(); } -} \ No newline at end of file +} diff --git a/script/DeployUniversalEmailRecoveryModule.s.sol b/script/DeployUniversalEmailRecoveryModule.s.sol index bc81d052..d081c318 100644 --- a/script/DeployUniversalEmailRecoveryModule.s.sol +++ b/script/DeployUniversalEmailRecoveryModule.s.sol @@ -10,6 +10,7 @@ import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifie import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol"; import { ECDSAOwnedDKIMRegistry } from "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol"; +import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol"; import { EmailAuth } from "@zk-email/ether-email-auth-contracts/src/EmailAuth.sol"; import { EmailRecoveryUniversalFactory } from "src/factories/EmailRecoveryUniversalFactory.sol"; import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; @@ -18,12 +19,13 @@ contract DeployUniversalEmailRecoveryModuleScript is Script { function run() public { vm.startBroadcast(vm.envUint("PRIVATE_KEY")); address verifier = vm.envOr("VERIFIER", address(0)); - address dkimRegistry = vm.envOr("DKIM_REGISTRY", address(0)); - address dkimRegistrySigner = vm.envOr("SIGNER", address(0)); + address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0)); address emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0)); address initialOwner = vm.addr(vm.envUint("PRIVATE_KEY")); + UserOverrideableDKIMRegistry dkim; + if (verifier == address(0)) { Verifier verifierImpl = new Verifier(); console.log("Verifier implementation deployed at: %s", address(verifierImpl)); @@ -37,18 +39,26 @@ contract DeployUniversalEmailRecoveryModuleScript is Script { console.log("Deployed Verifier at", verifier); } - if (dkimRegistry == address(0)) { + // Deploy Useroverridable DKIM registry + dkim = UserOverrideableDKIMRegistry(vm.envOr("DKIM_REGISTRY", address(0))); + uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0)); + if (address(dkim) == address(0)) { require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required"); - - ECDSAOwnedDKIMRegistry dkimImpl = new ECDSAOwnedDKIMRegistry(); - console.log("ECDSAOwnedDKIMRegistry implementation deployed at: %s", address(dkimImpl)); + UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry(); + console.log( + "UserOverrideableDKIMRegistry implementation deployed at: %s", + address(overrideableDkimImpl) + ); ERC1967Proxy dkimProxy = new ERC1967Proxy( - address(dkimImpl), - abi.encodeCall(dkimImpl.initialize, (initialOwner, dkimRegistrySigner)) + address(overrideableDkimImpl), + abi.encodeCall( + overrideableDkimImpl.initialize, + (initialOwner, dkimRegistrySigner, setTimeDelay) + ) ); - dkimRegistry = address(ECDSAOwnedDKIMRegistry(address(dkimProxy))); - vm.setEnv("ECDSA_DKIM", vm.toString(address(dkimRegistry))); - console.log("Deployed DKIM Registry at", dkimRegistry); + dkim = UserOverrideableDKIMRegistry(address(dkimProxy)); + vm.setEnv("DKIM_REGISTRY", vm.toString(address(dkim))); + console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", address(dkim)); } if (emailAuthImpl == address(0)) { @@ -67,7 +77,7 @@ contract DeployUniversalEmailRecoveryModuleScript is Script { bytes32(uint256(0)), bytes32(uint256(0)), type(EmailRecoveryCommandHandler).creationCode, - dkimRegistry + address(dkim) ); console.log("Deployed Email Recovery Module at", vm.toString(module)); diff --git a/script/test/BaseDeployTest.sol b/script/test/BaseDeployTest.sol index 078dab6a..4f93e11f 100644 --- a/script/test/BaseDeployTest.sol +++ b/script/test/BaseDeployTest.sol @@ -56,8 +56,8 @@ abstract contract BaseDeployTest is Test { * @dev Sets up additional environment variables required for the deployment. */ function setupEnvironmentVariables() internal { - vm.setEnv("SIGNER", vm.toString(vm.addr(5))); - address dkimRegistrySigner = vm.envOr("SIGNER", address(0)); + vm.setEnv("DKIM_REGISTRY_SIGNER", vm.toString(vm.addr(5))); + address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0)); // Deploy DKIM Registry and set up proxy address dkimRegistry = deployDKIMRegistry(dkimRegistrySigner); diff --git a/script/test/DeployEmailRecoveryModule.t.sol b/script/test/DeployEmailRecoveryModule.t.sol index 01184d35..af189d70 100644 --- a/script/test/DeployEmailRecoveryModule.t.sol +++ b/script/test/DeployEmailRecoveryModule.t.sol @@ -56,12 +56,13 @@ contract DeployEmailRecoveryModule_TestFail is BaseDeployTest { } /** - * @dev Tests that deployment fails when both DKIM_REGISTRY and SIGNER environment variables are + * @dev Tests that deployment fails when both DKIM_REGISTRY and DKIM_REGISTRY_SIGNER environment + * variables are * not set. */ function testFail_run_no_dkim_registry_no_signer() public { vm.setEnv("DKIM_REGISTRY", vm.toString(address(0))); - vm.setEnv("SIGNER", vm.toString(address(0))); + vm.setEnv("DKIM_REGISTRY_SIGNER", vm.toString(address(0))); DeployEmailRecoveryModuleScript target = new DeployEmailRecoveryModuleScript(); target.run(); } diff --git a/script/test/DeploySafeNativeRecovery.t.sol b/script/test/DeploySafeNativeRecovery.t.sol index 76059726..f1378f52 100644 --- a/script/test/DeploySafeNativeRecovery.t.sol +++ b/script/test/DeploySafeNativeRecovery.t.sol @@ -51,14 +51,14 @@ contract DeploySafeNativeRecovery_Test is BaseDeployTest { /** * @notice Tests the deployment and execution of the DeploySafeNativeRecovery script - * without a SIGNER configured. + * without a DKIM_REGISTRY_SIGNER configured. */ function test_run_no_signer() public { // Set up the base test environment BaseDeployTest.setUp(); - // Disable the SIGNER environment variable - vm.setEnv("SIGNER", vm.toString(address(0))); + // Disable the DKIM_REGISTRY_SIGNER environment variable + vm.setEnv("DKIM_REGISTRY_SIGNER", vm.toString(address(0))); // Instantiate the script and run it DeploySafeNativeRecovery_Script target = new DeploySafeNativeRecovery_Script(); @@ -75,9 +75,9 @@ contract DeploySafeNativeRecovery_TestFail is BaseDeployTest { // Set up the base test environment BaseDeployTest.setUp(); - // Disable the DKIM_REGISTRY and SIGNER environment variables + // Disable the DKIM_REGISTRY and DKIM_REGISTRY_SIGNER environment variables vm.setEnv("DKIM_REGISTRY", vm.toString(address(0))); - vm.setEnv("SIGNER", vm.toString(address(0))); + vm.setEnv("DKIM_REGISTRY_SIGNER", vm.toString(address(0))); // Instantiate the script and attempt to run it, expecting failure DeploySafeNativeRecovery_Script target = new DeploySafeNativeRecovery_Script(); diff --git a/script/test/DeployUniversalEmailRecoveryModule.t.sol b/script/test/DeployUniversalEmailRecoveryModule.t.sol index 8a7b9ca1..cf75bacb 100644 --- a/script/test/DeployUniversalEmailRecoveryModule.t.sol +++ b/script/test/DeployUniversalEmailRecoveryModule.t.sol @@ -42,7 +42,7 @@ contract DeployUniversalEmailRecoveryModule_TestFail is BaseDeployTest { function testFail_run_no_dkim_registry_no_signer() public { BaseDeployTest.setUp(); vm.setEnv("DKIM_REGISTRY", vm.toString(address(0))); - vm.setEnv("SIGNER", vm.toString(address(0))); + vm.setEnv("DKIM_REGISTRY_SIGNER", vm.toString(address(0))); DeployUniversalEmailRecoveryModuleScript target = new DeployUniversalEmailRecoveryModuleScript(); target.run(); diff --git a/test/Base.t.sol b/test/Base.t.sol index 46546a80..21910982 100644 --- a/test/Base.t.sol +++ b/test/Base.t.sol @@ -11,6 +11,7 @@ import { import { CommandUtils } from "@zk-email/ether-email-auth-contracts/src/libraries/CommandUtils.sol"; import { ECDSAOwnedDKIMRegistry } from "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol"; +import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol"; import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; import { ECDSA } from "solady/utils/ECDSA.sol"; import { Strings } from "@openzeppelin/contracts/utils/Strings.sol"; @@ -47,7 +48,7 @@ abstract contract BaseTest is RhinestoneModuleKit, Test { // ZK Email contracts and variables address public zkEmailDeployer; - ECDSAOwnedDKIMRegistry public dkimRegistry; + UserOverrideableDKIMRegistry public dkimRegistry; MockGroth16Verifier public verifier; EmailAuth public emailAuthImpl; @@ -126,21 +127,17 @@ abstract contract BaseTest is RhinestoneModuleKit, Test { zkEmailDeployer = vm.addr(1); vm.startPrank(zkEmailDeployer); - { - ECDSAOwnedDKIMRegistry dkimImpl = new ECDSAOwnedDKIMRegistry(); - ERC1967Proxy dkimProxy = new ERC1967Proxy( - address(dkimImpl), - abi.encodeCall(dkimImpl.initialize, (zkEmailDeployer, zkEmailDeployer)) - ); - dkimRegistry = ECDSAOwnedDKIMRegistry(address(dkimProxy)); - } - string memory signedMsg = dkimRegistry.computeSignedMsg( - dkimRegistry.SET_PREFIX(), selector, domainName, publicKeyHash + uint256 setTimeDelay = 0; + UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry(); + ERC1967Proxy dkimProxy = new ERC1967Proxy( + address(overrideableDkimImpl), + abi.encodeCall( + overrideableDkimImpl.initialize, (zkEmailDeployer, zkEmailDeployer, setTimeDelay) + ) ); - bytes32 digest = ECDSA.toEthSignedMessageHash(bytes(signedMsg)); - (uint8 v, bytes32 r, bytes32 s) = vm.sign(1, digest); - bytes memory signature = abi.encodePacked(r, s, v); - dkimRegistry.setDKIMPublicKeyHash(selector, domainName, publicKeyHash, signature); + dkimRegistry = UserOverrideableDKIMRegistry(address(dkimProxy)); + + dkimRegistry.setDKIMPublicKeyHash(domainName, publicKeyHash, zkEmailDeployer, new bytes(0)); verifier = new MockGroth16Verifier(); emailAuthImpl = new EmailAuth();