@account-kit/smart-contracts 4.25.0 → 4.25.1

package/src/ma-v2/actions/deferralActions.ts

@@ -51,11 +51,6 @@ export type CreateDeferredActionTypedDataParams = {
   nonce: bigint;
 };
 
-export type BuildDeferredActionDigestParams = {
-  fullPreSignatureDeferredActionDigest: Hex;
-  sig: Hex;
-};
-
 export type BuildPreSignatureDeferredActionDigestParams = {
   typedData: DeferredActionTypedData;
 };
@@ -77,7 +72,6 @@ export type DeferralActions = {
   createDeferredActionTypedDataObject: (
     args: CreateDeferredActionTypedDataParams
   ) => Promise<DeferredActionReturnData>;
-  buildDeferredActionDigest: (args: BuildDeferredActionDigestParams) => Hex;
   buildPreSignatureDeferredActionDigest: (
     args: BuildPreSignatureDeferredActionDigestParams
   ) => Hex;
@@ -135,30 +129,6 @@ export const deferralActions: (
     };
   };
 
-  /**
-   * Creates the digest which must be prepended to the userOp signature.
-   *
-   * Assumption: The client this extends is used to sign the typed data.
-   *
-   * @param {object} args The argument object containing the following:
-   * @param {Hex} args.fullPreSignatureDeferredActionDigest The The data to append the signature and length to
-   * @param {Hex} args.sig The signature to include in the digest
-   * @returns {Hex} The encoded digest to be prepended to the userOp signature
-   */
-  const buildDeferredActionDigest = ({
-    fullPreSignatureDeferredActionDigest,
-    sig,
-  }: BuildDeferredActionDigestParams): Hex => {
-    const sigLength = size(sig);
-
-    const encodedData = concatHex([
-      fullPreSignatureDeferredActionDigest,
-      toHex(sigLength, { size: 4 }),
-      sig,
-    ]);
-    return encodedData;
-  };
-
   const buildPreSignatureDeferredActionDigest = ({
     typedData,
   }: BuildPreSignatureDeferredActionDigestParams): Hex => {
@@ -270,7 +240,6 @@ export const deferralActions: (
 
   return {
     createDeferredActionTypedDataObject,
-    buildDeferredActionDigest,
     buildPreSignatureDeferredActionDigest,
     buildUserOperationWithDeferredAction,
     getEntityIdAndNonce,

package/src/ma-v2/index.ts

@@ -24,6 +24,7 @@ export type * from "./actions/deferralActions.js";
 export { deferralActions } from "./actions/deferralActions.js";
 export type * from "./permissionBuilder.js";
 export { PermissionBuilder, PermissionType } from "./permissionBuilder.js";
+export * from "./permissionBuilderErrors.js";
 
 export {
   getDefaultAllowlistModuleAddress,
@@ -33,7 +34,7 @@ export {
   getDefaultTimeRangeModuleAddress,
   getDefaultWebauthnValidationModuleAddress,
 } from "./modules/utils.js";
-export { buildFullNonceKey } from "./utils.js";
+export { buildFullNonceKey, buildDeferredActionDigest } from "./utils.js";
 export { allowlistModuleAbi } from "./modules/allowlist-module/abis/allowlistModuleAbi.js";
 export { AllowlistModule } from "./modules/allowlist-module/module.js";
 export { nativeTokenLimitModuleAbi } from "./modules/native-token-limit-module/abis/nativeTokenLimitModuleAbi.js";

package/src/ma-v2/permissionBuilder.ts

@@ -1,4 +1,4 @@
-import { toHex, zeroAddress, type Address, type Hex } from "viem";
+import { maxUint48, toHex, zeroAddress, type Address, type Hex } from "viem";
 import {
   HookType,
   type HookConfig,
@@ -23,6 +23,19 @@ import {
 import { SingleSignerValidationModule } from "./modules/single-signer-validation/module.js";
 import { AllowlistModule } from "./modules/allowlist-module/module.js";
 import { TimeRangeModule } from "./modules/time-range-module/module.js";
+import {
+  AccountAddressAsTargetError,
+  DeadlineOverLimitError,
+  DuplicateTargetAddressError,
+  ExpiredDeadlineError,
+  MultipleGasLimitError,
+  MultipleNativeTokenTransferError,
+  NoFunctionsProvidedError,
+  RootPermissionOnlyError,
+  UnsupportedPermissionTypeError,
+  ValidationConfigUnsetError,
+  ZeroAddressError,
+} from "./permissionBuilderErrors.js";
 
 // We use this to offset the ERC20 spend limit entityId
 const HALF_UINT32 = 2147483647;
@@ -257,9 +270,7 @@ export class PermissionBuilder {
     // Check 1: If we're adding root, we can't have any other permissions
     if (permission.type === PermissionType.ROOT) {
       if (this.permissions.length !== 0) {
-        throw new Error(
-          "PERMISSION: ROOT: Cannot add ROOT permission with other permissions"
-        );
+        throw new RootPermissionOnlyError(permission);
       }
       this.permissions.push(permission);
       // Set isGlobal to true
@@ -272,9 +283,7 @@ export class PermissionBuilder {
     // NOTE: Technically this could be replaced by checking permissions[0] since it should not be possible
     // to have >1 permission with root among them
     if (this.permissions.find((p) => p.type === PermissionType.ROOT)) {
-      throw new Error(
-        `PERMISSION: ${permission.type} => Cannot add permissions with ROOT enabled`
-      );
+      throw new RootPermissionOnlyError(permission);
     }
 
     // Check 3: If the permission is either CONTRACT_ACCESS or FUNCTIONS_ON_CONTRACT, ensure it doesn't collide with another like it.
@@ -284,9 +293,7 @@ export class PermissionBuilder {
     ) {
       // Check 3.1: address must not be the account address, or the user should use the ACCOUNT_FUNCTIONS permission
       if (permission.data.address === this.client.account.address) {
-        throw new Error(
-          `PERMISSION: ${permission.type} => Account address as target, use ACCOUNT_FUNCTIONS for account address`
-        );
+        throw new AccountAddressAsTargetError(permission);
       }
 
       // Check 3.2: there must not be an existing permission with this address as a target
@@ -302,20 +309,19 @@ export class PermissionBuilder {
       );
 
       if (existingPermissionWithSameAddress) {
-        throw new Error(
-          `PERMISSION: ${permission.type} => Address ${targetAddress} already has a permission. Cannot add multiple CONTRACT_ACCESS or FUNCTIONS_ON_CONTRACT permissions for the same target address.`
-        );
+        throw new DuplicateTargetAddressError(permission, targetAddress);
       }
     }
 
     // Check 4: If the permission is ACCOUNT_FUNCTIONS, add selectors
     if (permission.type === PermissionType.ACCOUNT_FUNCTIONS) {
+      if (permission.data.functions.length === 0) {
+        throw new NoFunctionsProvidedError(permission);
+      }
       this.selectors = [...this.selectors, ...permission.data.functions];
-      return this;
     }
 
     this.permissions.push(permission);
-
     return this;
   }
 
@@ -336,16 +342,16 @@ export class PermissionBuilder {
     // Add time range module hook via expiry
     if (this.deadline !== 0) {
       if (this.deadline < Date.now() / 1000) {
-        throw new Error(
-          `PERMISSION: compileDeferred(): deadline ${
-            this.deadline
-          } cannot be before now (${Date.now() / 1000})`
-        );
+        throw new ExpiredDeadlineError(this.deadline, Date.now() / 1000);
+      }
+      if (this.deadline > maxUint48) {
+        throw new DeadlineOverLimitError(this.deadline);
       }
+
       this.hooks.push(
         TimeRangeModule.buildHook(
           {
-            entityId: this.validationConfig.entityId, // will be timerange entityId
+            entityId: this.validationConfig.entityId,
             validUntil: this.deadline,
             validAfter: 0,
           },
@@ -420,9 +426,7 @@ export class PermissionBuilder {
       this.validationConfig.isGlobal === false &&
       this.selectors.length === 0
     ) {
-      throw new Error(
-        "Validation config unset, use permissionBuilder.configure(...)"
-      );
+      throw new ValidationConfigUnsetError();
     }
   }
 
@@ -441,9 +445,7 @@ export class PermissionBuilder {
         case PermissionType.NATIVE_TOKEN_TRANSFER:
           // Should never be added twice, check is on addPermission(s) too
           if (rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER] !== undefined) {
-            throw new Error(
-              "PERMISSION: NATIVE_TOKEN_TRANSFER => Must have at most ONE native token transfer permission"
-            );
+            throw new MultipleNativeTokenTransferError(permission);
           }
           rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER] = {
             hookConfig: {
@@ -464,9 +466,7 @@ export class PermissionBuilder {
           break;
         case PermissionType.ERC20_TOKEN_TRANSFER:
           if (permission.data.address === zeroAddress) {
-            throw new Error(
-              "PERMISSION: ERC20_TOKEN_TRANSFER => Zero address provided"
-            );
+            throw new ZeroAddressError(permission);
           }
           rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER] = {
             hookConfig: {
@@ -522,9 +522,7 @@ export class PermissionBuilder {
         case PermissionType.GAS_LIMIT:
           // Should only ever be added once, check is also on addPermission(s)
           if (rawHooks[HookIdentifier.GAS_LIMIT] !== undefined) {
-            throw new Error(
-              "PERMISSION: GAS_LIMIT => Must have at most ONE gas limit permission"
-            );
+            throw new MultipleGasLimitError(permission);
           }
           rawHooks[HookIdentifier.GAS_LIMIT] = {
             hookConfig: {
@@ -544,9 +542,7 @@ export class PermissionBuilder {
           break;
         case PermissionType.CONTRACT_ACCESS:
           if (permission.data.address === zeroAddress) {
-            throw new Error(
-              "PERMISSION: CONTRACT_ACCESS => Zero address provided"
-            );
+            throw new ZeroAddressError(permission);
           }
           rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {
             hookConfig: {
@@ -574,17 +570,11 @@ export class PermissionBuilder {
           };
           break;
         case PermissionType.ACCOUNT_FUNCTIONS:
-          if (permission.data.functions.length === 0) {
-            throw new Error(
-              "PERMISSION: ACCOUNT_FUNCTION => No functions provided"
-            ); // should be in add perm
-          }
+          // This is handled in add permissions
           break;
         case PermissionType.FUNCTIONS_ON_ALL_CONTRACTS:
           if (permission.data.functions.length === 0) {
-            throw new Error(
-              "PERMISSION: FUNCTIONS_ON_ALL_CONTRACTS => No functions provided"
-            );
+            throw new NoFunctionsProvidedError(permission);
           }
           rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {
             hookConfig: {
@@ -613,14 +603,10 @@ export class PermissionBuilder {
           break;
         case PermissionType.FUNCTIONS_ON_CONTRACT:
           if (permission.data.functions.length === 0) {
-            throw new Error(
-              "PERMISSION: FUNCTIONS_ON_CONTRACT => No functions provided"
-            );
+            throw new NoFunctionsProvidedError(permission);
           }
           if (permission.data.address === zeroAddress) {
-            throw new Error(
-              "PERMISSION: FUNCTIONS_ON_CONTRACT => Zero address provided"
-            );
+            throw new ZeroAddressError(permission);
           }
           rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {
             hookConfig: {
@@ -651,9 +637,7 @@ export class PermissionBuilder {
           // Root permission handled in addPermission
           break;
         default:
-          throw new Error(
-            `Unsupported permission type: ${(permission as any).type}`
-          );
+          assertNever(permission);
       }
 
       // isGlobal guaranteed to be false since it's only set with root permissions,
@@ -714,3 +698,7 @@ export class PermissionBuilder {
     }
   }
 }
+
+export function assertNever(_valid: never): never {
+  throw new UnsupportedPermissionTypeError();
+}

package/src/ma-v2/permissionBuilderErrors.ts

@@ -0,0 +1,153 @@
+import { BaseError, type Address } from "@aa-sdk/core";
+import type { Permission } from "./permissionBuilder";
+
+export class RootPermissionOnlyError extends BaseError {
+  override name = "PermissionBuilder: RootPermissionOnlyError";
+
+  /**
+   * Constructor for initializing an error message indicating that an account could not be found to execute the specified action.
+   *
+   * @param {Permission} permission The permission trying to be added atop the root permission
+   */
+  constructor(permission: Permission) {
+    super(`Adding ${permission}: Cannot add permissions with ROOT permission`);
+  }
+}
+
+export class AccountAddressAsTargetError extends BaseError {
+  override name = "PermissionBuilder: AccountAddressAsTargetError";
+
+  /**
+   * Constructor for initializing an error message indicating that account address is used as target.
+   *
+   * @param {Permission} permission The permission with account address as target
+   */
+  constructor(permission: Permission) {
+    super(
+      `${permission.type}: Account address as target, use ACCOUNT_FUNCTIONS for account address`
+    );
+  }
+}
+
+export class DuplicateTargetAddressError extends BaseError {
+  override name = "PermissionBuilder: DuplicateTargetAddressError";
+
+  /**
+   * Constructor for initializing an error message indicating duplicate target address in permissions.
+   *
+   * @param {Permission} permission The permission with duplicate target address
+   * @param {Address} targetAddress The duplicate target address
+   */
+  constructor(permission: Permission, targetAddress: Address) {
+    super(
+      `${permission.type}: Address ${targetAddress} already has a permission. Cannot add multiple CONTRACT_ACCESS or FUNCTIONS_ON_CONTRACT permissions for the same target address.`
+    );
+  }
+}
+
+export class NoFunctionsProvidedError extends BaseError {
+  override name = "PermissionBuilder: NoFunctionsProvidedError";
+
+  /**
+   * Constructor for initializing an error message indicating no functions were provided.
+   *
+   * @param {Permission} permission The permission missing functions
+   */
+  constructor(permission: Permission) {
+    super(`${permission.type}: No functions provided`);
+  }
+}
+
+export class ExpiredDeadlineError extends BaseError {
+  override name = "PermissionBuilder: ExpiredDeadlineError";
+
+  /**
+   * Constructor for initializing an error message indicating the deadline has expired.
+   *
+   * @param {number} deadline The expired deadline timestamp
+   * @param {number} currentTime The current timestamp
+   */
+  constructor(deadline: number, currentTime: number) {
+    super(
+      `compileDeferred(): deadline ${deadline} cannot be before now (${currentTime})`
+    );
+  }
+}
+
+export class DeadlineOverLimitError extends BaseError {
+  override name = "PermissionBuilder: DeadlineOverLimitError";
+
+  /**
+   * Constructor for initializing an error message indicating the deadline has expired.
+   *
+   * @param {number} deadline The expired deadline timestamp
+   */
+  constructor(deadline: number) {
+    super(
+      `compileDeferred(): deadline ${deadline} cannot be > max uint48 (2^48 - 1)`
+    );
+  }
+}
+
+export class ValidationConfigUnsetError extends BaseError {
+  override name = "PermissionBuilder: ValidationConfigUnsetError";
+
+  /**
+   * Constructor for initializing an error message indicating the validation config is unset.
+   */
+  constructor() {
+    super("Validation config unset, use permissionBuilder.configure(...)");
+  }
+}
+
+export class MultipleNativeTokenTransferError extends BaseError {
+  override name = "PermissionBuilder: MultipleNativeTokenTransferError";
+
+  /**
+   * Constructor for initializing an error message indicating multiple native token transfer permissions.
+   *
+   * @param {Permission} permission The duplicate native token transfer permission
+   */
+  constructor(permission: Permission) {
+    super(
+      `${permission.type}: Must have at most ONE native token transfer permission`
+    );
+  }
+}
+
+export class ZeroAddressError extends BaseError {
+  override name = "PermissionBuilder: ZeroAddressError";
+
+  /**
+   * Constructor for initializing an error message indicating zero address was provided.
+   *
+   * @param {Permission} permission The permission with zero address
+   */
+  constructor(permission: Permission) {
+    super(`${permission.type}: Zero address provided`);
+  }
+}
+
+export class MultipleGasLimitError extends BaseError {
+  override name = "PermissionBuilder: MultipleGasLimitError";
+
+  /**
+   * Constructor for initializing an error message indicating multiple gas limit permissions.
+   *
+   * @param {Permission} permission The duplicate gas limit permission
+   */
+  constructor(permission: Permission) {
+    super(`${permission.type}: Must have at most ONE gas limit permission`);
+  }
+}
+
+export class UnsupportedPermissionTypeError extends BaseError {
+  override name = "PermissionBuilder: UnsupportedPermissionTypeError";
+
+  /**
+   * Constructor for initializing an error message indicating an unsupported permission type.
+   */
+  constructor() {
+    super(`Unsupported permission type`);
+  }
+}

package/src/ma-v2/utils.ts

@@ -8,6 +8,8 @@ import {
   type Address,
   type Transport,
   parseAbi,
+  size,
+  concatHex,
 } from "viem";
 import {
   arbitrum,
@@ -278,3 +280,31 @@ export const parseDeferredAction = (
     hasAssociatedExecHooks: deferredAction[3] === "1",
   };
 };
+export type BuildDeferredActionDigestParams = {
+  fullPreSignatureDeferredActionDigest: Hex;
+  sig: Hex;
+};
+
+/**
+ * Creates the digest which must be prepended to the userOp signature.
+ *
+ * Assumption: The client this extends is used to sign the typed data.
+ *
+ * @param {object} args The argument object containing the following:
+ * @param {Hex} args.fullPreSignatureDeferredActionDigest The The data to append the signature and length to
+ * @param {Hex} args.sig The signature to include in the digest
+ * @returns {Hex} The encoded digest to be prepended to the userOp signature
+ */
+export const buildDeferredActionDigest = ({
+  fullPreSignatureDeferredActionDigest,
+  sig,
+}: BuildDeferredActionDigestParams): Hex => {
+  const sigLength = size(sig);
+
+  const encodedData = concatHex([
+    fullPreSignatureDeferredActionDigest,
+    toHex(sigLength, { size: 4 }),
+    sig,
+  ]);
+  return encodedData;
+};