Fix intent signing for malleable payloads

Author: ScreamingHawk

intent_config.go

@@ -260,20 +260,20 @@ func CreateIntentConfiguration(mainSigner common.Address, calls []*v3.CallsPaylo
 func CreateIntentConfigurationWithMalleableSapient(
 	ctx context.Context,
 	mainSigner common.Address,
-	calls []*v3.CallsPayload,
+	payloads []*v3.CallsPayload,
 	configs []MalleableSapientConfig,
 ) (*v3.WalletConfig, error) {
-	if len(calls) == 0 {
+	if len(payloads) == 0 {
 		return nil, fmt.Errorf("calls cannot be empty")
 	}
 
-	if len(configs) != len(calls) {
-		return nil, fmt.Errorf("configs length (%d) must match calls length (%d)", len(configs), len(calls))
+	if len(configs) != len(payloads) {
+		return nil, fmt.Errorf("configs length (%d) must match payloads length (%d)", len(configs), len(payloads))
 	}
 
 	var callsWithoutMalleableSapient []*v3.CallsPayload
 	var sapientSignerLeaves []v3.WalletConfigTree
-	for i, callPayload := range calls {
+	for i, callPayload := range payloads {
 		config := configs[i]
 
 		// Skip if address is zero address. Will be handled by CreateIntentConfiguration.
@@ -308,33 +308,37 @@ func CreateIntentConfigurationWithMalleableSapient(
 	}
 
 	// Remaining calls go to CreateIntentConfiguration
-	return CreateIntentConfiguration(mainSigner, callsWithoutMalleableSapient, sapientSignerTree)
+	return createIntentConfiguration(mainSigner, callsWithoutMalleableSapient, sapientSignerTree)
+}
+
+type SignerSignature struct {
+	Address   common.Address
+	Signature []byte
+	Type      core.SignerSignatureType
 }
 
 // `GetIntentConfigurationSignature` creates a signature for the intent configuration that can be used to bypass chain ID validation.
-// The signature is based on the transaction bundle digests only.
+// `SignerSignatures` can be nil when executing a preapproved static payload.
 func GetIntentConfigurationSignature(
-	mainSigner common.Address,
-	calls []*v3.CallsPayload,
+	ctx context.Context,
+	config *v3.WalletConfig,
+	signerSignatures []*SignerSignature,
 ) ([]byte, error) {
-	// Default case without any sapient signer
-	config, err := CreateIntentConfiguration(mainSigner, calls, nil)
-	if err != nil {
-		return nil, err
-	}
-
 	// spew.Dump(config)
 	// spew.Dump(config.Tree)
 
 	signingFunc := func(ctx context.Context, signer core.Signer, _ []core.SignerSignature) (core.SignerSignatureType, []byte, error) {
-		// For mainSigner or other signers, we don't provide a signature here.
-		// This will result in an AddressLeaf or NodeLeaf in the signature tree.
+		for _, signerSignature := range signerSignatures {
+			if signer.Address == signerSignature.Address {
+				return signerSignature.Type, signerSignature.Signature, nil
+			}
+		}
 		return 0, nil, nil
 	}
 
 	// Build the signature using BuildNoChainIDSignature, which allows us to inject custom signatures via SigningFunction.
 	// Set validateSigningPower to false, as we are not necessarily providing signatures for all parts of the config.
-	sig, err := config.BuildRegularSignature(context.Background(), signingFunc, false)
+	sig, err := config.BuildRegularSignature(ctx, signingFunc, false)
 	if err != nil {
 		return nil, fmt.Errorf("failed to build regular signature: %w", err)
 	}
@@ -374,42 +378,3 @@ func GetIntentConfigurationSignature(
 
 	return data, nil
 }
-
-// // replaceSapientSignerWithNodeInConfigTree recursively traverses the WalletConfigTree.
-// func replaceSapientSignerWithNodeInConfigTree(tree v3.WalletConfigTree) v3.WalletConfigTree {
-// 	if tree == nil {
-// 		return nil
-// 	}
-
-// 	switch node := tree.(type) {
-// 	case *v3.WalletConfigTreeNode:
-// 		// Recursively call on left and right children
-// 		left := replaceSapientSignerWithNodeInConfigTree(node.Left)
-// 		right := replaceSapientSignerWithNodeInConfigTree(node.Right)
-
-// 		if left == node.Left && right == node.Right {
-// 			return node
-// 		}
-// 		return &v3.WalletConfigTreeNode{Left: left, Right: right}
-
-// 	case *v3.WalletConfigTreeNestedLeaf:
-// 		// Recursively call on the inner tree
-// 		innerTree := replaceSapientSignerWithNodeInConfigTree(node.Tree)
-
-// 		if innerTree == node.Tree { // Check for pointer equality
-// 			return node // No change, return original
-// 		}
-// 		return &v3.WalletConfigTreeNestedLeaf{
-// 			Weight:    node.Weight,
-// 			Threshold: node.Threshold,
-// 			Tree:      innerTree,
-// 		}
-
-// 	case *v3.WalletConfigTreeSapientSignerLeaf:
-// 		// This is the target node type to replace
-// 		return &v3.WalletConfigTreeNodeLeaf{Node: node.ImageHash()}
-
-// 	default:
-// 		return tree
-// 	}
-// }

intent_config_test.go

@@ -940,6 +940,7 @@ func TestCreateIntentConfigurationWithMalleableSapient_ZeroAddressSkipsLeaf(t *t
 }
 
 func TestGetIntentConfigurationSignature(t *testing.T) {
+	ctx := context.Background()
 	// Create test wallets
 	eoa1, err := ethwallet.NewWalletFromRandomEntropy()
 	require.NoError(t, err)
@@ -967,7 +968,7 @@ func TestGetIntentConfigurationSignature(t *testing.T) {
 		require.NoError(t, err)
 
 		// Create the signature
-		signature, err := sequence.GetIntentConfigurationSignature(eoa1.Address(), []*v3.CallsPayload{&payload})
+		signature, err := sequence.GetIntentConfigurationSignature(ctx, config, nil)
 		require.NoError(t, err)
 
 		// fmt.Println("==> signature", common.Bytes2Hex(signature))
@@ -1042,10 +1043,14 @@ func TestGetIntentConfigurationSignature(t *testing.T) {
 		}, big.NewInt(0), big.NewInt(0))
 
 		// Create signatures for each payload as separate batches
-		sig1, err := sequence.GetIntentConfigurationSignature(eoa1.Address(), []*v3.CallsPayload{&payload1})
+		config1, err := sequence.CreateIntentConfiguration(eoa1.Address(), []*v3.CallsPayload{&payload1}, nil)
+		require.NoError(t, err)
+		sig1, err := sequence.GetIntentConfigurationSignature(ctx, config1, nil)
 		require.NoError(t, err)
 
-		sig2, err := sequence.GetIntentConfigurationSignature(eoa1.Address(), []*v3.CallsPayload{&payload2})
+		config2, err := sequence.CreateIntentConfiguration(eoa1.Address(), []*v3.CallsPayload{&payload2}, nil)
+		require.NoError(t, err)
+		sig2, err := sequence.GetIntentConfigurationSignature(ctx, config2, nil)
 		require.NoError(t, err)
 
 		// Verify signatures are different
@@ -1054,18 +1059,24 @@ func TestGetIntentConfigurationSignature(t *testing.T) {
 
 	t.Run("same transactions produce same signatures", func(t *testing.T) {
 		// Use the payload directly
-		sig1, err := sequence.GetIntentConfigurationSignature(eoa1.Address(), []*v3.CallsPayload{&payload})
+		config1, err := sequence.CreateIntentConfiguration(eoa1.Address(), []*v3.CallsPayload{&payload}, nil)
+		require.NoError(t, err)
+		sig1, err := sequence.GetIntentConfigurationSignature(ctx, config1, nil)
 		require.NoError(t, err)
 
-		sig2, err := sequence.GetIntentConfigurationSignature(eoa1.Address(), []*v3.CallsPayload{&payload})
+		config2, err := sequence.CreateIntentConfiguration(eoa1.Address(), []*v3.CallsPayload{&payload}, nil)
+		require.NoError(t, err)
+		sig2, err := sequence.GetIntentConfigurationSignature(ctx, config2, nil)
 		require.NoError(t, err)
 
-		// Verify signatures are the same
+		// Verify configs and signatures are the same
+		require.Equal(t, config1.Tree, config2.Tree, "same transactions should produce same configuration")
 		require.Equal(t, sig1, sig2, "same transactions should produce same signatures")
 	})
 }
 
 func TestGetIntentConfigurationSignature_MultipleTransactions(t *testing.T) {
+	ctx := context.Background()
 	// Create test wallets
 	eoa1, err := ethwallet.NewWalletFromRandomEntropy()
 	require.NoError(t, err)
@@ -1093,7 +1104,9 @@ func TestGetIntentConfigurationSignature_MultipleTransactions(t *testing.T) {
 	}, big.NewInt(0), big.NewInt(0))
 
 	// Create a signature
-	sig, err := sequence.GetIntentConfigurationSignature(eoa1.Address(), []*v3.CallsPayload{&payload1})
+	config, err := sequence.CreateIntentConfiguration(eoa1.Address(), []*v3.CallsPayload{&payload1}, nil)
+	require.NoError(t, err)
+	sig, err := sequence.GetIntentConfigurationSignature(ctx, config, nil)
 	require.NoError(t, err)
 
 	// Convert the full signature into a hex string.
@@ -1104,6 +1117,7 @@ func TestGetIntentConfigurationSignature_MultipleTransactions(t *testing.T) {
 }
 
 func TestIntentTransactionToGuestModuleDeployAndCall(t *testing.T) {
+	ctx := context.Background()
 	// Create normal txn of: callmockContract.testCall(55, 0x112255)
 	callmockContract := testChain.UniDeploy(t, "WALLET_CALL_RECV_MOCK", 0)
 	calldata1, err := callmockContract.Encode("setRevertFlag", false)
@@ -1164,7 +1178,9 @@ func TestIntentTransactionToGuestModuleDeployAndCall(t *testing.T) {
 	require.NotZero(t, mainSigner)
 
 	// Generate a configuration signature for the batch.
-	intentConfigSig, err := sequence.GetIntentConfigurationSignature(mainSigner, []*v3.CallsPayload{&payload})
+	config, err := sequence.CreateIntentConfiguration(mainSigner, []*v3.CallsPayload{&payload}, nil)
+	require.NoError(t, err)
+	intentConfigSig, err := sequence.GetIntentConfigurationSignature(ctx, config, nil)
 	require.NoError(t, err)
 
 	// fmt.Println("==> bundle.Digest", bundle.Digest().Hash)
@@ -1238,6 +1254,7 @@ func TestIntentTransactionToGuestModuleDeployAndCall(t *testing.T) {
 }
 
 func TestIntentTransactionToGuestModuleDeployAndCallMultiplePayloads(t *testing.T) {
+	ctx := context.Background()
 	// Create normal txn of: callmockContract.testCall(55, 0x112255) for first chain
 	callmockContract := testChain.UniDeploy(t, "WALLET_CALL_RECV_MOCK", 0)
 	calldata1, err := callmockContract.Encode("setRevertFlag", false)
@@ -1322,7 +1339,9 @@ func TestIntentTransactionToGuestModuleDeployAndCallMultiplePayloads(t *testing.
 	require.NotZero(t, mainSigner)
 
 	// Generate a configuration signature for both batches
-	intentConfigSig, err := sequence.GetIntentConfigurationSignature(mainSigner, payloads)
+	config, err := sequence.CreateIntentConfiguration(mainSigner, payloads, nil)
+	require.NoError(t, err)
+	intentConfigSig, err := sequence.GetIntentConfigurationSignature(ctx, config, nil)
 	require.NoError(t, err)
 	fmt.Printf("--- Intent Config Signature (for all payloads) ---\n%s\n", common.Bytes2Hex(intentConfigSig))