@inco/lightning 0.8.0-devnet-2 → 0.8.0-devnet-3

package/README.md

@@ -1,8 +1,8 @@
-# Inco lite
+# Inco Lightning
 
-![coverage](./coverage.svg)
+The core Inco Lightning smart contracts library for building confidential applications on EVM chains.
 
-<!-- todo #1035 upgrade deployment and upgrade documentation now outdated @silasdavis -->
+![coverage](./coverage.svg)
 
 ## Install dependencies
 
@@ -12,7 +12,7 @@ bun install
 
 ## Build
 
-Use [forge](https://book.getfoundry.sh/getting-started/installation) version 1.0 or higher
+See [Foundry version requirements](../README.md#foundry-version-requirements) for version guidance.
 
 ```sh
 forge build
@@ -36,58 +36,32 @@ make coverage
 
 > This generates an lcov report, filters out `node_modules`, autogenerated contracts and other contracts that we don't want to include in the report (`Lib.XXXnet.sol`, etc.). Eventually, it `genhtml` the filtered lcov in `coverage` and a `lcov-badge` visible in this readme. You can check the latest coverage stats [here](./coverage/index.html).
 
-> Note: You need `lcov` for the `make coverage` to work
-> For MacOS - `brew install lcov`
-
-## Deploy
-
-### One-time key import
-
-1. Import key into Foundry cast wallet using [`make import_sepolia_deployer`](./Makefile)
-
-### Deploy new IncoLite contracts
-
-Targest for deploying the contracts are in the [Makefile](./Makefile). There are separate targtes for each chain and a target that deploys to all of them.
-
-The version of the contracts that will be deployed is defined by the current working directory and it will be deployed to an address that is deterministically calculated based on:
-
-- The contract name
-- The contract version
-- The deployer address
-- An optional deploy-time 'pepper'
-
-The contract name and version are constants in [IncoLightningConfig.sol](./src/version/IncoLightningConfig.sol) and the deployer address is the address of the wallet that is used to deploy the contracts. The optional deploy-time 'pepper' is a deployment-time string that can be chosen to alter the contract address for each deployment in the case where you what to differentiate a deployment from others.
-
-The point of the deterministic address is that holding the values above constant we can obtain a consistent canonical deployment address across all chains.
-
-#### Deployment process
-
-1. Bump IncoLite version in [IncoLightningConfig.sol](./src/version/IncoLightningConfig.sol)
-2. Run [`make deploy_multichain`](./Makefile) - this will update the manifest with the new release
-3. Run [`make deploy_test_contracts_multichain`](./Makefile)
+> **Note:** Coverage requires `lcov` (`brew install lcov` on macOS) and Foundry v1.3.6. See [Foundry version requirements](../README.md#foundry-version-requirements).
 
-##### Providing a pepper
+## Directory Structure
 
-If you want to provide a pepper then use `make deploy_multichain INCO_LITE_PEPPER=<pepper>` where `pepper` is the string you want to use. This will be used to calculate the contract address and will be included in the manifest.
+| Directory      | Description                                        |
+| -------------- | -------------------------------------------------- |
+| `src/`         | Main contract source code                          |
+| `src/libs/`    | Release libraries that link to versioned executors |
+| `src/version/` | Version configuration (`IncoLightningConfig.sol`)  |
+| `test/`        | Unit tests                                         |
+| `script/`      | Utility scripts                                    |
 
-## Defining a release without explicit deployment
+## Makefile Commands
 
-The deployment machinery is currently in a halfway house whereby we capture releases at the same time as performing smart contract deployments locally. In the future we expect the contract deployment (and later upgrade) processes to be run by CI or a by a covalidator initialisation container. At that point rather than the manifest being an artefact of record it will be a declaration of intent. At the moment it serves both purposes, but will be refactored to remove the deployment log capture element.
+| Command         | Description                          |
+| --------------- | ------------------------------------ |
+| `make build`    | Build contracts with Foundry         |
+| `make test`     | Run unit tests                       |
+| `make coverage` | Generate coverage report (uses lcov) |
+| `make lint`     | Lint Solidity files                  |
 
-With a nod to the future we provide the `make release` target which performs a simulated deploy, updates the manifest with a dummy deployment, and declares a release.
-
-## Deploy NPM modules
-
-1. Bump contracts NPM version in [package.json](./package.json)
-2. Bump JS NPM version in [package.json](../js/package.json)
-3. Publish contracts `npm publish:github`
-4. Build JS [`make build`](../js/Makefile) (depends on contract deployment being done first)
-5. Publish js `npm publish:github`
+## Deploy
 
-## Build covalidator docker images
+For comprehensive deployment and upgrade instructions, see [`lightning-deployment/`](../lightning-deployment/README.md).
 
-1. PR to main
-2. Manually grab hash from dockerhub which is also `git describe --tags --always --dirty`
+Contract version is defined in [`IncoLightningConfig.sol`](./src/version/IncoLightningConfig.sol).
 
 ## Manifest file
 
@@ -102,21 +76,3 @@ incoLightning_<major>_<minor>_<patch>__<salt>
 ```
 
 The salt is derived from the version and additional value called the `pepper`. The salt determines the on-chain address of the release, whence the pepper can be used to for releases of the same contract versions with separate state and addresses (e.g. for testing purposes).
-
-## Deployment dumps
-
-In [`dumps`](./dumps) you can find a sequence of pairs of files named with the following format:
-
-```
-<release_name>.dump.json
-```
-
-Contains an [Anvil](https://book.getfoundry.sh/anvil/) state dump that can be loaded with `anvil --load-state <state-dump-file>`, which you see used in our local node [`docker-compose`](../../docker-compose.yaml) setup.
-
-```
-<release_name>.env
-```
-
-Is a dump parameters file, it contains a set of private and public keys, configuration for a covalidator, utility addresss, and the executor address as it exists in the particular state dump.
-
-Everything require to run a local covalidator (in docker or otherwise), to encrypt values and communicate with the executor contract of the dump, is included within this parameters file. The secrets are generated for each dump.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/lightning",
-  "version": "0.8.0-devnet-2",
+  "version": "0.8.0-devnet-3",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "files": [
     "src/",

package/src/lightning-parts/AccessControl/test/TestAdvancedAccessControl.t.sol

@@ -4,11 +4,12 @@ pragma solidity ^0.8;
 import {IncoTest} from "../../../test/IncoTest.sol";
 import {SessionVerifier, Session} from "../../../periphery/SessionVerifier.sol";
 import {AllowanceVoucher, AllowanceProof} from "../AdvancedAccessControl.sol";
-import {euint256} from "../../../Types.sol";
+import {euint256, SharerNotAllowedForHandle} from "../../../Types.sol";
 import {e, inco} from "../../../Lib.sol";
 import {AdvancedAccessControl} from "../AdvancedAccessControl.sol";
 import {ALLOWANCE_GRANTED_MAGIC_VALUE} from "../../../Types.sol";
 import {IIncoVerifier} from "../../../interfaces/IIncoVerifier.sol";
+import {BaseAccessControlList} from "../BaseAccessControlList.sol";
 
 contract SomeContractWithConfidentialData {
 
@@ -192,4 +193,77 @@ contract TestAdvancedAccessControl is IncoTest {
         return getSignatureForDigest(incoVerifier.allowanceVoucherDigest(voucher), alicePrivKey);
     }
 
+    /// @notice Test SharerNotAllowedForHandle error when sharer is not allowed
+    function testIsAllowedWithProofSharerNotAllowed() public {
+        DoesNotVerifyAnything verifier = new DoesNotVerifyAnything();
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: ""
+        });
+        // Use bob as sharer, but bob is NOT allowed on the secret (only alice is)
+        AllowanceProof memory proof = AllowanceProof({
+            sharer: bob,
+            voucher: voucher,
+            voucherSignature: getSignatureForDigest(incoVerifier.allowanceVoucherDigest(voucher), bobPrivKey),
+            requesterArgData: ""
+        });
+        vm.expectRevert(abi.encodeWithSelector(SharerNotAllowedForHandle.selector, secretHandle, bob));
+        incoVerifier.isAllowedWithProof(secretHandle, carol, proof);
+    }
+
+    /// @notice Test InvalidVoucherSignature error when signature is invalid
+    function testIsAllowedWithProofInvalidSignature() public {
+        DoesNotVerifyAnything verifier = new DoesNotVerifyAnything();
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: ""
+        });
+        // Alice is the sharer (and is allowed), but we sign with Bob's key
+        bytes memory wrongSignature = getSignatureForDigest(incoVerifier.allowanceVoucherDigest(voucher), bobPrivKey);
+        AllowanceProof memory proof =
+            AllowanceProof({sharer: alice, voucher: voucher, voucherSignature: wrongSignature, requesterArgData: ""});
+        bytes32 voucherDigest = incoVerifier.allowanceVoucherDigest(voucher);
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                AdvancedAccessControl.InvalidVoucherSignature.selector, alice, voucherDigest, wrongSignature
+            )
+        );
+        incoVerifier.isAllowedWithProof(secretHandle, bob, proof);
+    }
+
+    /// @notice Test claimHandle fails when proof verification fails (line 107)
+    function testClaimHandleProofVerificationFailed() public {
+        SomeVerifier verifier = new SomeVerifier();
+        // Create a voucher that will be valid signature-wise but the verifier will return false
+        // because we pass wrong requesterArgData (not 0xbeef)
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob}))
+        });
+        AllowanceProof memory proof = AllowanceProof({
+            sharer: alice, // alice IS allowed on the secret
+            voucher: voucher,
+            voucherSignature: getAliceSig(voucher),
+            requesterArgData: abi.encode(SomeVerifier.RequesterArg({mustBeBeef: bytes2(0x1234)})) // WRONG! Not 0xbeef
+        });
+
+        // isAllowedWithProof should return false (not revert), then claimHandle should revert
+        vm.prank(bob);
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                BaseAccessControlList.ProofVerificationFailed.selector,
+                address(verifier),
+                verifier.someCheck.selector,
+                abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob}))
+            )
+        );
+        inco.claimHandle(secretHandle, proof);
+    }
+
 }

package/src/lightning-parts/AccessControl/test/TestBaseAccessControl.t.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8;
 import {BaseAccessControlList} from "../BaseAccessControlList.sol";
 import {VerifierAddressGetter} from "../../primitives/VerifierAddressGetter.sol";
 import {euint256, inco} from "../../../Lib.sol";
+import {SenderNotAllowedForHandle} from "../../../Types.sol";
 import {IncoTest} from "../../../test/IncoTest.sol";
 
 contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
@@ -25,4 +26,248 @@ contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
         assert(inco.isAllowed(euint256.unwrap(secret), alice));
     }
 
+    // ============ allowTransient Tests ============
+
+    function testAllowTransient() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially bob is not allowed
+        assertFalse(inco.isAllowed(handle, bob));
+
+        // Allow transient access from this contract (which is allowed)
+        inco.allowTransient(handle, bob);
+
+        // Bob should now have transient access
+        assertTrue(inco.allowedTransient(handle, bob));
+        assertTrue(inco.isAllowed(handle, bob));
+    }
+
+    function testAllowTransient_RevertsWhenSenderNotAllowed() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Try to allow transient from an account that doesn't have access
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, handle, bob));
+        inco.allowTransient(handle, carol);
+    }
+
+    // ============ cleanTransientStorage Tests ============
+
+    function testCleanTransientStorage() public {
+        euint256 secret1 = inco.asEuint256(100);
+        euint256 secret2 = inco.asEuint256(200);
+        bytes32 handle1 = euint256.unwrap(secret1);
+        bytes32 handle2 = euint256.unwrap(secret2);
+
+        // Grant transient access
+        inco.allowTransient(handle1, bob);
+        inco.allowTransient(handle2, carol);
+
+        // Verify transient access is granted
+        assertTrue(inco.allowedTransient(handle1, bob));
+        assertTrue(inco.allowedTransient(handle2, carol));
+
+        // Clean transient storage
+        inco.cleanTransientStorage();
+
+        // Transient access should be revoked
+        assertFalse(inco.allowedTransient(handle1, bob));
+        assertFalse(inco.allowedTransient(handle2, carol));
+    }
+
+    // ============ allowedTransient Direct Call Tests ============
+
+    function testAllowedTransient_DirectCall() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Direct call should return false initially
+        assertFalse(inco.allowedTransient(handle, bob));
+
+        // After allowing, direct call should return true
+        inco.allowTransient(handle, bob);
+        assertTrue(inco.allowedTransient(handle, bob));
+    }
+
+    // ============ isRevealed Direct Call Tests ============
+
+    function testIsRevealed_DirectCall() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Direct call should return false initially
+        assertFalse(inco.isRevealed(handle));
+
+        // After reveal, direct call should return true
+        inco.reveal(handle);
+        assertTrue(inco.isRevealed(handle));
+    }
+
+    // ============ allow Revert Tests ============
+
+    function testAllow_RevertsWhenSenderNotAllowed() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Try to allow from an account that doesn't have access
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, handle, bob));
+        inco.allow(handle, carol);
+    }
+
+    // ============ reveal Revert Tests ============
+
+    function testReveal_RevertsWhenSenderNotAllowed() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Try to reveal from an account that doesn't have access
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, handle, bob));
+        inco.reveal(handle);
+    }
+
+    // ============ Fuzz Tests for isAllowed ============
+
+    /// @dev Fuzz test that isAllowed returns true when handle is revealed (regardless of account)
+    function testFuzzIsAllowedWhenRevealed(bytes32 randomSeed, address randomAccount) public {
+        vm.assume(randomAccount != address(0));
+
+        // Create a unique handle using the random seed
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially, random account should not have access (unless it's this contract)
+        if (randomAccount != address(this)) {
+            assertFalse(inco.isAllowed(handle, randomAccount));
+        }
+
+        // Reveal the handle
+        inco.reveal(handle);
+
+        // Now any account should have access
+        assertTrue(inco.isAllowed(handle, randomAccount));
+        assertTrue(inco.isRevealed(handle));
+    }
+
+    /// @dev Fuzz test that isAllowed returns true when persistAllowed is set
+    function testFuzzIsAllowedWhenPersisted(bytes32 randomSeed, address allowedAccount) public {
+        vm.assume(allowedAccount != address(0));
+        vm.assume(allowedAccount != address(this));
+
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially not allowed
+        assertFalse(inco.isAllowed(handle, allowedAccount));
+
+        // Allow the account (from this contract which has access)
+        inco.allow(handle, allowedAccount);
+
+        // Now should be allowed
+        assertTrue(inco.isAllowed(handle, allowedAccount));
+        assertTrue(inco.persistAllowed(handle, allowedAccount));
+    }
+
+    /// @dev Fuzz test that isAllowed returns true when transient access is granted
+    function testFuzzIsAllowedWhenTransient(bytes32 randomSeed, address allowedAccount) public {
+        vm.assume(allowedAccount != address(0));
+        vm.assume(allowedAccount != address(this));
+
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially not allowed
+        assertFalse(inco.isAllowed(handle, allowedAccount));
+
+        // Allow transient access
+        inco.allowTransient(handle, allowedAccount);
+
+        // Should be allowed via transient
+        assertTrue(inco.isAllowed(handle, allowedAccount));
+        assertTrue(inco.allowedTransient(handle, allowedAccount));
+        // But not persisted
+        assertFalse(inco.persistAllowed(handle, allowedAccount));
+    }
+
+    /// @dev Fuzz test the OR logic: isAllowed = transient OR persisted OR revealed
+    function testFuzzIsAllowedOrLogic(bytes32 randomSeed, uint8 accessMode) public {
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // accessMode determines which access type to grant:
+        // 0 = none, 1 = transient, 2 = persisted, 3 = revealed, 4+ = combinations
+        uint8 mode = accessMode % 8;
+
+        bool grantTransient = (mode & 1) != 0;
+        bool grantPersisted = (mode & 2) != 0;
+        bool grantRevealed = (mode & 4) != 0;
+
+        // Initially bob has no access
+        assertFalse(inco.isAllowed(handle, bob));
+
+        // Grant access based on mode
+        if (grantTransient) {
+            inco.allowTransient(handle, bob);
+        }
+        if (grantPersisted) {
+            inco.allow(handle, bob);
+        }
+        if (grantRevealed) {
+            inco.reveal(handle);
+        }
+
+        // isAllowed should be true if ANY access was granted
+        bool expectedAllowed = grantTransient || grantPersisted || grantRevealed;
+        assertEq(inco.isAllowed(handle, bob), expectedAllowed);
+    }
+
+    /// @dev Fuzz test that cleaning transient storage removes transient access
+    function testFuzzCleanTransientStorageRemovesAccess(bytes32 randomSeed) public {
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Grant transient access
+        inco.allowTransient(handle, bob);
+        assertTrue(inco.allowedTransient(handle, bob));
+        assertTrue(inco.isAllowed(handle, bob));
+
+        // Clean transient storage
+        inco.cleanTransientStorage();
+
+        // Transient access should be revoked
+        assertFalse(inco.allowedTransient(handle, bob));
+        assertFalse(inco.isAllowed(handle, bob));
+    }
+
+    /// @dev Fuzz test multiple accounts with different access levels
+    function testFuzzMultipleAccountsAccessLevels(bytes32 randomSeed) public {
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Grant different access types to different accounts
+        inco.allowTransient(handle, bob);
+        inco.allow(handle, carol);
+        // dave gets no access
+
+        // Verify access levels
+        assertTrue(inco.isAllowed(handle, bob));
+        assertTrue(inco.allowedTransient(handle, bob));
+        assertFalse(inco.persistAllowed(handle, bob));
+
+        assertTrue(inco.isAllowed(handle, carol));
+        assertFalse(inco.allowedTransient(handle, carol));
+        assertTrue(inco.persistAllowed(handle, carol));
+
+        assertFalse(inco.isAllowed(handle, dave));
+        assertFalse(inco.allowedTransient(handle, dave));
+        assertFalse(inco.persistAllowed(handle, dave));
+    }
+
 }

package/src/lightning-parts/EncryptedOperations.sol

@@ -61,11 +61,6 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
         _;
     }
 
-    modifier checkedHandle(euint256 handle) {
-        checkInput(euint256.unwrap(handle), typeToBitMask(ETypes.Uint256));
-        _;
-    }
-
     function checkInput(bytes32 input, bytes32 requiredTypes) internal view {
         require(isAllowed(input, msg.sender), SenderNotAllowedForHandle(input, msg.sender));
         require(requiredTypes & typeToBitMask(typeOf(input)) != 0, UnexpectedType(typeOf(input), requiredTypes));
@@ -279,6 +274,7 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     }
 
     function eCast(bytes32 ct, ETypes toType) external returns (bytes32 result) {
+        checkInput(ct, SUPPORTED_TYPES_MASK);
         require(isTypeSupported(toType), UnsupportedType(toType));
         result = createResultHandle(EOps.Cast, toType, abi.encodePacked(ct));
         allowTransientInternal(result, msg.sender);

package/src/lightning-parts/TrivialEncryption.sol

@@ -7,24 +7,53 @@ import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
 import {ITrivialEncryption} from "./interfaces/ITrivialEncryption.sol";
 
+/// @title TrivialEncryption
+/// @notice Provides functions to create encrypted handles from plaintext values.
+/// @dev Trivial encryption wraps plaintext values as encrypted handles. The plaintext is visible
+/// on-chain (emitted in events), so this should only be used for values that are already public.
+/// Common use cases include initializing encrypted state with known values or creating encrypted
+/// constants. The resulting handles are granted transient access to the caller.
 abstract contract TrivialEncryption is ITrivialEncryption, EventCounter, BaseAccessControlList, HandleGeneration {
 
+    /// @notice Emitted when a trivial encryption is performed.
+    /// @param result The handle representing the encrypted value.
+    /// @param plainTextBytes The plaintext value that was encrypted (visible on-chain).
+    /// @param handleType The type of the encrypted value.
+    /// @param eventId The unique event ID for ordering and verification.
     event TrivialEncrypt(bytes32 indexed result, bytes32 plainTextBytes, ETypes handleType, uint256 eventId);
 
+    /// @notice Creates an encrypted uint256 handle from a plaintext value.
+    /// @dev The plaintext value is visible on-chain. Use this for public values only.
+    /// @param value The plaintext uint256 value to encrypt.
+    /// @return newEuint256 The encrypted handle representing the value.
     function asEuint256(uint256 value) external returns (euint256 newEuint256) {
         return euint256.wrap(newTrivialEncrypt(bytes32(value), ETypes.Uint256));
     }
 
+    /// @notice Creates an encrypted boolean handle from a plaintext value.
+    /// @dev The plaintext value is visible on-chain. Use this for public values only.
+    /// @param value The plaintext boolean value to encrypt.
+    /// @return newEbool The encrypted handle representing the value.
     function asEbool(bool value) external returns (ebool newEbool) {
         bytes32 castedValue = bytes32(uint256(value ? 1 : 0));
         return ebool.wrap(newTrivialEncrypt(castedValue, ETypes.Bool));
     }
 
+    /// @notice Creates an encrypted address handle from a plaintext value.
+    /// @dev The plaintext value is visible on-chain. Use this for public values only.
+    /// @param value The plaintext address value to encrypt.
+    /// @return newEaddress The encrypted handle representing the value.
     function asEaddress(address value) external returns (eaddress newEaddress) {
         bytes32 castedValue = bytes32(uint256(uint160(value)));
         return eaddress.wrap(newTrivialEncrypt(castedValue, ETypes.AddressOrUint160OrBytes20));
     }
 
+    /// @notice Internal function that performs the trivial encryption.
+    /// @dev Generates a deterministic handle, grants transient access to the caller,
+    /// emits the TrivialEncrypt event, and updates the digest for verification.
+    /// @param plainTextBytes The plaintext value as bytes32.
+    /// @param handleType The type of encrypted value being created.
+    /// @return newHandle The generated handle for the encrypted value.
     function newTrivialEncrypt(bytes32 plainTextBytes, ETypes handleType) internal returns (bytes32 newHandle) {
         newHandle = getTrivialEncryptHandle(plainTextBytes, handleType);
         allowTransientInternal(newHandle, msg.sender);

package/src/lightning-parts/primitives/SignatureVerifier.sol

@@ -34,7 +34,6 @@ abstract contract SignatureVerifier is ISignatureVerifier, OwnableUpgradeable, S
     error SignerNotFound(address signerAddress);
     error SignerAlreadyAdded(address signerAddress);
     error InvalidThreshold(uint256 threshold, uint256 nbOfSigners);
-    error SignersNotInAscendingOrder(address currentSigner, address lastSigner);
 
     event AddedSignatureVerifier(address signerAddress);
     event RemovedSignatureVerifier(address signerAddress);
@@ -95,8 +94,23 @@ abstract contract SignatureVerifier is ISignatureVerifier, OwnableUpgradeable, S
         return getSigVerifierStorage().signers.length;
     }
 
-    /// @dev signature signers MUST be in ascending order, reverts with SignersNotInAscendingOrder if not
-    /// @dev signatures beyond the threshold are ignored
+    /// @notice Verifies that a digest has been signed by at least `threshold` authorized signers
+    /// @dev Duplicate detection is optimized when signatures are sorted by signer address (ascending)
+    /// @dev Behavior notes:
+    ///      - Returns false if threshold is 0 (not yet configured)
+    ///      - Returns false if fewer signatures provided than threshold
+    ///      - Invalid/malformed signatures are skipped (not counted, don't cause failure)
+    ///      - If all signatures are invalid/malformed, returns false (no valid signatures can reach the threshold)
+    ///      - Duplicate signers cause immediate rejection (returns false)
+    ///      - Valid signatures from non-authorized addresses are skipped
+    ///      - Processing stops early once threshold is reached (remaining signatures ignored)
+    /// @dev Gas considerations:
+    ///      - O(n) when signatures are sorted by signer address (ascending) - recommended
+    ///      - O(n²) worst case when signatures are in reverse order (fallback duplicate detection)
+    ///      - Callers should provide signatures in ascending signer address order for optimal gas usage
+    /// @param digest The message digest (hash) that was signed
+    /// @param signatures Array of ECDSA signatures
+    /// @return bool True if at least `threshold` unique authorized signers signed the digest
     function isValidSignature(bytes32 digest, bytes[] memory signatures) public view returns (bool) {
         StorageForSigVerifier storage $ = getSigVerifierStorage();
         uint256 threshold = $.threshold;
@@ -107,22 +121,39 @@ abstract contract SignatureVerifier is ISignatureVerifier, OwnableUpgradeable, S
             return false;
         }
 
+        // Track recovered signers for duplicate detection (only need signaturesLength slots max)
+        address[] memory recoveredSigners = new address[](signaturesLength);
         address lastSigner = address(0);
         uint256 correctSignaturesCount = 0;
-        uint256 i = 0;
+        uint256 validCount = 0; // Track number of valid (non-malformed) signatures processed
 
-        while (correctSignaturesCount < threshold && i < signaturesLength) {
-            address currentSigner = digest.recover(signatures[i]);
+        for (uint256 i = 0; i < signaturesLength && correctSignaturesCount < threshold; i++) {
+            (address currentSigner, ECDSA.RecoverError err,) = ECDSA.tryRecover(digest, signatures[i]);
 
-            // Ensure signers are in ascending order to prevent duplicates
-            // Revert is used instead of return false to signal the user/developer an error (call malformed) is on his side
-            require(currentSigner > lastSigner, SignersNotInAscendingOrder(currentSigner, lastSigner));
-            lastSigner = currentSigner;
+            // Skip invalid signatures (malformed, wrong length, etc.)
+            if (err != ECDSA.RecoverError.NoError) {
+                continue;
+            }
+
+            // Optimistic duplicate detection (OZ pattern)
+            if (currentSigner > lastSigner) {
+                // Fast path: signer is in ascending order
+                lastSigner = currentSigner;
+            } else {
+                // Fallback: check all previous valid signers for duplicates
+                for (uint256 j = 0; j < validCount; ++j) {
+                    if (currentSigner == recoveredSigners[j]) {
+                        return false; // Duplicate signer found
+                    }
+                }
+            }
+
+            recoveredSigners[validCount] = currentSigner;
+            validCount++;
 
             if (isSigner(currentSigner)) {
                 correctSignaturesCount++;
             }
-            i++;
         }
 
         return correctSignaturesCount >= threshold;