@inco/lightning 0.8.0-devnet-8 → 0.8.0-devnet-9

package/manifest.yaml

@@ -1,3 +1,25 @@
+incoLightning_devnet_v5_203964628:
+  executor:
+    name: incoLightning_devnet_v5_203964628
+    majorVersion: 5
+    deployer: "0x8202D2D747784Cb7D48868E44C42C4bf162a70BC"
+    pepper: devnet
+    executorAddress: "0x8D5D75CC00E2Fc84ec4dE085aE1708223591c6b6"
+    salt: "0x8202d2d747784cb7d48868e44c42c4bf162a70bc00c573fb2bf617e75b6210d4"
+  deployments:
+    - name: incoLightningPreview_5_0_0__203964628
+      chainId: "84532"
+      chainName: Base Sepolia
+      version:
+        major: 5
+        minor: 0
+        patch: 0
+        shortSalt: "203964628"
+      blockNumber: "37431152"
+      deployDate: 2026-02-09T09:49:55.326Z
+      commit: v0.8.0-devnet-8-8-ge2e37e00
+      active: true
+      includesPreviewFeatures: true
 incoLightning_devnet_v4_409204766:
   executor:
     name: incoLightning_devnet_v4_409204766

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/lightning",
-  "version": "0.8.0-devnet-8",
+  "version": "0.8.0-devnet-9",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "files": [
     "src/",

package/src/CreateXHelper.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.10;
+pragma solidity ^0.8;
 
 import {CreateX} from "./pasted-dependencies/CreateX.sol";
 

package/src/IncoLightning.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: No License
-pragma solidity ^0.8;
+pragma solidity ^0.8.29;
 
 import {IIncoLightning} from "./interfaces/IIncoLightning.sol";
 import {CONTRACT_NAME, MAJOR_VERSION, MINOR_VERSION, PATCH_VERSION} from "./version/IncoLightningConfig.sol";
@@ -35,10 +35,10 @@ contract IncoLightning is
     /// @notice Initializes the IncoLightning contract with deployment configuration
     /// @dev The salt embeds the deployer address, contract name, version, and pepper for deterministic deployment.
     ///      This constructor is called once during proxy implementation deployment.
-    /// @param salt Unique salt used for deterministic deployment via CreateX
+    /// @param _salt Unique salt used for deterministic deployment via CreateX
     /// @param _incoVerifier The verifier contract address for attestation validation
-    constructor(bytes32 salt, IIncoVerifier _incoVerifier)
-        Version(MAJOR_VERSION, MINOR_VERSION, PATCH_VERSION, salt, CONTRACT_NAME)
+    constructor(bytes32 _salt, IIncoVerifier _incoVerifier)
+        Version(MAJOR_VERSION, MINOR_VERSION, PATCH_VERSION, _salt, CONTRACT_NAME)
         VerifierAddressGetter(address(_incoVerifier))
     {}
 
@@ -51,9 +51,9 @@ contract IncoLightning is
     /// @notice Initializes the proxy with an owner address
     /// @dev Must be called immediately after proxy deployment. Can only be called once.
     ///      This sets up the Ownable state for the proxy instance.
-    /// @param owner The address that will own this contract and can authorize upgrades
-    function initialize(address owner) public initializer {
-        __Ownable_init(owner);
+    /// @param _owner The address that will own this contract and can authorize upgrades
+    function initialize(address _owner) public initializer {
+        __Ownable_init(_owner);
         _setAcceptedVersion(2, true);
     }
 

package/src/IncoVerifier.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: No License
-pragma solidity ^0.8;
+pragma solidity ^0.8.29;
 
 import {AdvancedAccessControl} from "./lightning-parts/AccessControl/AdvancedAccessControl.sol";
 import {DecryptionAttester} from "./lightning-parts/DecryptionAttester.sol";

package/src/Lib.devnet.sol

@@ -9,7 +9,7 @@ import { IncoLightning } from "./IncoLightning.sol";
 import { ebool, euint256, eaddress, ETypes } from "./Types.sol";
 import { DecryptionAttestation } from "./lightning-parts/DecryptionAttester.types.sol";
 
-IncoLightning constant inco = IncoLightning(0x4046b737B454b0430FBF29cea070e3337AdE95aD);
+IncoLightning constant inco = IncoLightning(0x8D5D75CC00E2Fc84ec4dE085aE1708223591c6b6);
 address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
 
 /// @notice Returns the ETypes enum value encoded in a handle

package/src/Lib.sol

@@ -9,7 +9,7 @@ import { IncoLightning } from "./IncoLightning.sol";
 import { ebool, euint256, eaddress, ETypes } from "./Types.sol";
 import { DecryptionAttestation } from "./lightning-parts/DecryptionAttester.types.sol";
 
-IncoLightning constant inco = IncoLightning(0x4046b737B454b0430FBF29cea070e3337AdE95aD);
+IncoLightning constant inco = IncoLightning(0x8D5D75CC00E2Fc84ec4dE085aE1708223591c6b6);
 address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
 
 /// @notice Returns the ETypes enum value encoded in a handle

package/src/interfaces/automata-interfaces/BELE.sol

@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity ^0.8.0;
+pragma solidity ^0.8;
 
 /**
  * @notice Converts a little-endian encoded bytes to a big-endian uint256 integer

package/src/interfaces/automata-interfaces/IPCCSRouter.sol

@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity >=0.8.0;
+pragma solidity ^0.8;
 
 import {IdentityObj, EnclaveId, CA, TcbLevelsObj, TcbId, TdxModule, TdxModuleIdentity} from "./Types.sol";
 

package/src/interfaces/automata-interfaces/IPcsDao.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.0;
+pragma solidity ^0.8;
 
 import {CA} from "./Types.sol";
 

package/src/interfaces/automata-interfaces/IQuoteVerifier.sol

@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity >=0.8.0;
+pragma solidity ^0.8;
 
 import {IPCCSRouter} from "./IPCCSRouter.sol";
 import {Header} from "./Types.sol";

package/src/interfaces/automata-interfaces/Types.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.0;
+pragma solidity ^0.8;
 
 // https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/e7604e02331b3377f3766ed3653250e03af72d45/QuoteVerification/QVL/Src/AttestationLibrary/src/CertVerification/X509Constants.h#L64
 uint256 constant TCB_CPUSVN_SIZE = 16;

package/src/libs/incoLightning_devnet_v5_203964628.sol

@@ -0,0 +1,942 @@
+// AUTOGENERATED FILE. DO NOT EDIT.
+// This file was generated by the IncoLightning library generator.
+// The original template is located at Lib.template.sol
+
+/// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import { IncoLightning } from "../IncoLightning.sol";
+import { ebool, euint256, eaddress, ETypes } from "../Types.sol";
+import { DecryptionAttestation } from "../lightning-parts/DecryptionAttester.types.sol";
+
+IncoLightning constant inco = IncoLightning(0x8D5D75CC00E2Fc84ec4dE085aE1708223591c6b6);
+address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
+
+/// @notice Returns the ETypes enum value encoded in a handle
+///  @param handle The handle to decode
+///  @return The ETypes value
+function typeOf(bytes32 handle) pure returns (ETypes) {
+    return ETypes(uint8(uint256(handle) >> 8));
+}
+
+library e {
+    error CallFailedAfterFeeRefresh();
+
+    /// @dev slot to store the fee for inco operations
+    bytes32 private constant FEE_SLOT = keccak256("inco.fee");
+
+    /// @notice Returns a sanitized euint256, replacing zero with asEuint256(0)
+    ///  @param a The euint256 to sanitize
+    ///  @return The sanitized euint256
+    function sanitize(euint256 a) internal returns (euint256) {
+        if (euint256.unwrap(a) == bytes32(0)) {
+            return asEuint256(0);
+        }
+        return a;
+    }
+
+    /// @notice Returns a sanitized ebool, replacing zero with asEbool(false)
+    ///  @param a The ebool to sanitize
+    ///  @return The sanitized ebool
+    function sanitize(ebool a) internal returns (ebool) {
+        if (ebool.unwrap(a) == bytes32(0)) {
+            return asEbool(false);
+        }
+        return a;
+    }
+
+    /// @notice Returns a sanitized eaddress, replacing zero with asEaddress(address(0))
+    ///  @param a The eaddress to sanitize
+    ///  @return The sanitized eaddress
+    function sanitize(eaddress a) internal returns (eaddress) {
+        if (eaddress.unwrap(a) == bytes32(0)) {
+            return asEaddress(address(0));
+        }
+        return a;
+    }
+
+    /// @notice Alias for sanitize(euint256)
+    ///  @param a The euint256 to sanitize
+    ///  @return The sanitized euint256
+    function s(euint256 a) internal returns (euint256) {
+        return sanitize(a);
+    }
+
+    /// @notice Alias for sanitize(ebool)
+    ///  @param a The ebool to sanitize
+    ///  @return The sanitized ebool
+    function s(ebool a) internal returns (ebool) {
+        return sanitize(a);
+    }
+
+    /// @notice Alias for sanitize(eaddress)
+    ///  @param a The eaddress to sanitize
+    ///  @return The sanitized eaddress
+    function s(eaddress a) internal returns (eaddress) {
+        return sanitize(a);
+    }
+
+    /// @notice Adds two encrypted uint256 values
+    ///  @param a First operand
+    ///  @param b Second operand
+    ///  @return The encrypted sum
+    function add(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eAdd(s(a), s(b));
+    }
+
+    /// @notice Adds an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted sum
+    function add(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eAdd(s(a), asEuint256(b));
+    }
+
+    /// @notice Adds a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted sum
+    function add(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eAdd(asEuint256(a), s(b));
+    }
+
+    /// @notice Subtracts two encrypted uint256 values
+    ///  @param a Encrypted minuend
+    ///  @param b Encrypted subtrahend
+    ///  @return The encrypted difference
+    function sub(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eSub(s(a), s(b));
+    }
+
+    /// @notice Subtracts a plaintext uint256 from an encrypted uint256
+    ///  @param a Encrypted minuend
+    ///  @param b Plaintext subtrahend
+    ///  @return The encrypted difference
+    function sub(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eSub(s(a), asEuint256(b));
+    }
+
+    /// @notice Subtracts an encrypted uint256 from a plaintext uint256
+    ///  @param a Plaintext minuend
+    ///  @param b Encrypted subtrahend
+    ///  @return The encrypted difference
+    function sub(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eSub(asEuint256(a), s(b));
+    }
+
+    /// @notice Multiplies two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted product
+    function mul(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMul(s(a), s(b));
+    }
+
+    /// @notice Multiplies an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted product
+    function mul(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMul(s(a), asEuint256(b));
+    }
+
+    /// @notice Multiplies a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted product
+    function mul(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMul(asEuint256(a), s(b));
+    }
+
+    /// @notice Divides two encrypted uint256 values
+    ///  @param a Encrypted Dividend
+    ///  @param b Encrypted Divisor
+    ///  @return The encrypted quotient
+    function div(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eDiv(s(a), s(b));
+    }
+
+    /// @notice Divides an encrypted uint256 by a plaintext uint256
+    ///  @param a Encrypted dividend
+    ///  @param b Plaintext divisor
+    ///  @return The encrypted quotient
+    function div(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eDiv(s(a), asEuint256(b));
+    }
+
+    /// @notice Divides a plaintext uint256 by an encrypted uint256
+    ///  @param a Plaintext dividend
+    ///  @param b Encrypted divisor
+    ///  @return The encrypted quotient
+    function div(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eDiv(asEuint256(a), s(b));
+    }
+
+    /// @notice Remainder of two encrypted uint256 values
+    ///  @param a Encrypted dividend
+    ///  @param b Encrypted divisor
+    ///  @return The encrypted remainder
+    function rem(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRem(s(a), s(b));
+    }
+
+    /// @notice Remainder of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted dividend
+    ///  @param b Plaintext divisor
+    ///  @return The encrypted remainder
+    function rem(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRem(s(a), asEuint256(b));
+    }
+
+    /// @notice Remainder of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext dividend
+    ///  @param b Encrypted divisor
+    ///  @return The encrypted remainder
+    function rem(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRem(asEuint256(a), s(b));
+    }
+
+    /// @notice Bitwise AND of two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function and(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise AND of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted result
+    function and(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    /// @notice Bitwise AND of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function and(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise AND of two encrypted bool values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function and(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise AND of an encrypted bool and a plaintext bool
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted result
+    function and(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    /// @notice Bitwise AND of a plaintext bool and an encrypted bool
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function and(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise OR of two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function or(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise OR of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted result
+    function or(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    /// @notice Bitwise OR of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function or(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise OR of two encrypted bool values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function or(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise OR of an encrypted bool and a plaintext bool
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted result
+    function or(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    /// @notice Bitwise OR of a plaintext bool and an encrypted bool
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function or(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise XOR of two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function xor(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise XOR of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted result
+    function xor(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    /// @notice Bitwise XOR of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function xor(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise XOR of two encrypted bool values
+    ///  @param a First operand
+    ///  @param b Second operand
+    ///  @return The encrypted result
+    function xor(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    /// @notice Bitwise XOR of an encrypted bool and a plaintext bool
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted result
+    function xor(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    /// @notice Bitwise XOR of a plaintext bool and an encrypted bool
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted result
+    function xor(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    /// @notice Left shift of two encrypted uint256 values
+    ///  @param a Encrypted value to shift
+    ///  @param b Encrypted shift amount
+    ///  @return The encrypted result
+    function shl(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShl(s(a), s(b));
+    }
+
+    /// @notice Left shift of an encrypted uint256 by a plaintext uint256
+    ///  @param a Encrypted value to shift
+    ///  @param b Plaintext shift amount
+    ///  @return The encrypted result
+    function shl(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eShl(s(a), asEuint256(b));
+    }
+
+    /// @notice Left shift of a plaintext uint256 by an encrypted uint256
+    ///  @param a Plaintext value to shift
+    ///  @param b Encrypted shift amount
+    ///  @return The encrypted result
+    function shl(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShl(asEuint256(a), s(b));
+    }
+
+    /// @notice Right shift of two encrypted uint256 values
+    ///  @param a Encrypted value to shift
+    ///  @param b Encrypted shift amount
+    ///  @return The encrypted result
+    function shr(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShr(s(a), s(b));
+    }
+
+    /// @notice Right shift of an encrypted uint256 by a plaintext uint256
+    ///  @param a Encrypted value to shift
+    ///  @param b Plaintext shift amount
+    ///  @return The encrypted result
+    function shr(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eShr(s(a), asEuint256(b));
+    }
+
+    /// @notice Right shift of a plaintext uint256 by an encrypted uint256
+    ///  @param a Plaintext value to shift
+    ///  @param b Encrypted shift amount
+    ///  @return The encrypted result
+    function shr(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShr(asEuint256(a), s(b));
+    }
+
+    /// @notice Left rotate of two encrypted uint256 values
+    ///  @param a Encrypted value to rotate
+    ///  @param b Encrypted rotate amount
+    ///  @return The encrypted result
+    function rotl(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotl(s(a), s(b));
+    }
+
+    /// @notice Left rotate of an encrypted uint256 by a plaintext uint256
+    ///  @param a Encrypted value to rotate
+    ///  @param b Plaintext rotate amount
+    ///  @return The encrypted result
+    function rotl(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRotl(s(a), asEuint256(b));
+    }
+
+    /// @notice Left rotate of a plaintext uint256 by an encrypted uint256
+    ///  @param a Plaintext value to rotate
+    ///  @param b Encrypted rotate amount
+    ///  @return The encrypted result
+    function rotl(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotl(asEuint256(a), s(b));
+    }
+
+    /// @notice Right rotate of two encrypted uint256 values
+    ///  @param a Encrypted value to rotate
+    ///  @param b Encrypted rotate amount
+    ///  @return The encrypted result
+    function rotr(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotr(s(a), s(b));
+    }
+
+    /// @notice Right rotate of an encrypted uint256 by a plaintext uint256
+    ///  @param a Encrypted value to rotate
+    ///  @param b Plaintext rotate amount
+    ///  @return The encrypted result
+    function rotr(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRotr(s(a), asEuint256(b));
+    }
+
+    /// @notice Right rotate of a plaintext uint256 by an encrypted uint256
+    ///  @param a Plaintext value to rotate
+    ///  @param b Encrypted rotate amount
+    ///  @return The encrypted result
+    function rotr(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotr(asEuint256(a), s(b));
+    }
+
+    /// @notice Checks equality of two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function eq(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(s(a)), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Checks equality of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function eq(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b)));
+    }
+
+    /// @notice Checks equality of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function eq(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Checks equality of an encrypted address and a plaintext address
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function eq(eaddress a, address b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(s(a)), eaddress.unwrap(asEaddress(b)));
+    }
+
+    /// @notice Checks equality of two encrypted addresses
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function eq(eaddress a, eaddress b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(s(a)), eaddress.unwrap(s(b)));
+    }
+
+    /// @notice Checks equality of a plaintext address and an encrypted address
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function eq(address a, eaddress b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(asEaddress(a)), eaddress.unwrap(s(b)));
+    }
+
+    /// @notice Checks inequality of two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function ne(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(s(a)), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Checks inequality of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function ne(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b)));
+    }
+
+    /// @notice Checks inequality of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function ne(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Checks inequality of two encrypted addresses
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function ne(eaddress a, eaddress b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(s(a)), eaddress.unwrap(s(b)));
+    }
+
+    /// @notice Checks inequality of an encrypted address and a plaintext address
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function ne(eaddress a, address b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(s(a)), eaddress.unwrap(asEaddress(b)));
+    }
+
+    /// @notice Checks inequality of a plaintext address and an encrypted address
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function ne(address a, eaddress b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(asEaddress(a)), eaddress.unwrap(s(b)));
+    }
+
+    /// @notice Checks if one encrypted uint256 is greater than or equal to another
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function ge(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGe(s(a), s(b));
+    }
+
+    /// @notice Checks if an encrypted uint256 is greater than or equal to a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function ge(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eGe(s(a), asEuint256(b));
+    }
+
+    /// @notice Checks if a plaintext uint256 is greater than or equal to an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function ge(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGe(asEuint256(a), s(b));
+    }
+
+    /// @notice Checks if one encrypted uint256 is greater than another
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function gt(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGt(s(a), s(b));
+    }
+
+    /// @notice Checks if an encrypted uint256 is greater than a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function gt(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eGt(s(a), asEuint256(b));
+    }
+
+    /// @notice Checks if a plaintext uint256 is greater than an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function gt(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGt(asEuint256(a), s(b));
+    }
+
+    /// @notice Checks if one encrypted uint256 is less than or equal to another
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function le(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLe(s(a), s(b));
+    }
+
+    /// @notice Checks if an encrypted uint256 is less than or equal to a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function le(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eLe(s(a), asEuint256(b));
+    }
+
+    /// @notice Checks if a plaintext uint256 is less than or equal to an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function le(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLe(asEuint256(a), s(b));
+    }
+
+    /// @notice Checks if one encrypted uint256 is less than another
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function lt(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLt(s(a), s(b));
+    }
+
+    /// @notice Checks if an encrypted uint256 is less than a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted bool result
+    function lt(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eLt(s(a), asEuint256(b));
+    }
+
+    /// @notice Checks if a plaintext uint256 is less than an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted bool result
+    function lt(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLt(asEuint256(a), s(b));
+    }
+
+    /// @notice Returns the minimum of two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted minimum
+    function min(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMin(s(a), s(b));
+    }
+
+    /// @notice Returns the minimum of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted minimum
+    function min(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMin(s(a), asEuint256(b));
+    }
+
+    /// @notice Returns the minimum of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted minimum
+    function min(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMin(asEuint256(a), s(b));
+    }
+
+    /// @notice Returns the maximum of two encrypted uint256 values
+    ///  @param a Encrypted operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted maximum
+    function max(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMax(s(a), s(b));
+    }
+
+    /// @notice Returns the maximum of an encrypted uint256 and a plaintext uint256
+    ///  @param a Encrypted operand
+    ///  @param b Plaintext operand
+    ///  @return The encrypted maximum
+    function max(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMax(s(a), asEuint256(b));
+    }
+
+    /// @notice Returns the maximum of a plaintext uint256 and an encrypted uint256
+    ///  @param a Plaintext operand
+    ///  @param b Encrypted operand
+    ///  @return The encrypted maximum
+    function max(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMax(asEuint256(a), s(b));
+    }
+
+    /// @notice Bitwise NOT of an encrypted bool
+    ///  @param a Encrypted operand
+    ///  @return The encrypted result
+    function not(ebool a) internal returns (ebool) {
+        return inco.eNot(s(a));
+    }
+
+    /// @notice Generates a random encrypted uint256 (costs the inco fee)
+    ///  @dev costs the inco fee
+    ///  @return The encrypted random value
+    function rand() internal returns (euint256) {
+        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.eRand.selector, ETypes.Uint256));
+        return euint256.wrap(result);
+    }
+
+    /// @notice Generates a random encrypted uint256 less than a plaintext upper bound (costs the inco fee)
+    ///  @dev costs the inco fee
+    ///  @param upperBound The plaintext upper bound
+    ///  @return The encrypted random value
+    function randBounded(uint256 upperBound) internal returns (euint256) {
+        bytes32 boundHandle = euint256.unwrap(asEuint256(upperBound));
+        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.eRandBounded.selector, boundHandle, ETypes.Uint256));
+        return euint256.wrap(result);
+    }
+
+    /// @notice Generates a random encrypted uint256 less than an encrypted upper bound (costs the inco fee)
+    ///  @dev costs the inco fee
+    ///  @param upperBound The encrypted upper bound
+    ///  @return The encrypted random value
+    function randBounded(euint256 upperBound) internal returns (euint256) {
+        bytes32 boundHandle = euint256.unwrap(s(upperBound));
+        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.eRandBounded.selector, boundHandle, ETypes.Uint256));
+        return euint256.wrap(result);
+    }
+
+    /// @notice Casts a plaintext uint256 to an encrypted uint256
+    ///  @param a The plaintext value
+    ///  @return The encrypted value
+    function asEuint256(uint256 a) internal returns (euint256) {
+        return inco.asEuint256(a);
+    }
+
+    /// @notice Casts a plaintext bool to an encrypted bool
+    ///  @param a The plaintext value
+    ///  @return The encrypted value
+    function asEbool(bool a) internal returns (ebool) {
+        return inco.asEbool(a);
+    }
+
+    /// @notice Casts a plaintext address to an encrypted address
+    ///  @param a The plaintext value
+    ///  @return The encrypted value
+    function asEaddress(address a) internal returns (eaddress) {
+        return inco.asEaddress(a);
+    }
+
+    /// @notice Casts an encrypted uint256 to an encrypted bool
+    ///  @param a The encrypted uint256 value
+    ///  @return The encrypted bool value
+    function asEbool(euint256 a) internal returns (ebool) {
+        return ebool.wrap(inco.eCast(euint256.unwrap(a), ETypes.Bool));
+    }
+
+    /// @notice Casts an encrypted bool to an encrypted uint256
+    ///  @param a The encrypted bool value
+    ///  @return The encrypted uint256 value
+    function asEuint256(ebool a) internal returns (euint256) {
+        return euint256.wrap(inco.eCast(ebool.unwrap(a), ETypes.Uint256));
+    }
+
+    /// @notice Creates a new encrypted uint256 assuming msg.sender is the user
+    ///  @dev costs the inco fee
+    function newEuint256(bytes memory ciphertext) internal returns (euint256) {
+        return newEuint256(ciphertext, msg.sender);
+    }
+
+    /// @notice Creates a new encrypted uint256 for the given user.
+    ///  @dev costs the inco fee
+    function newEuint256(bytes memory ciphertext, address user) internal returns (euint256) {
+        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.newEuint256.selector, ciphertext, user));
+        return euint256.wrap(result);
+    }
+
+    /// @notice Creates a new encrypted bool assuming msg.sender is the user
+    ///  @dev costs the inco fee
+    function newEbool(bytes memory ciphertext) internal returns (ebool) {
+        return newEbool(ciphertext, msg.sender);
+    }
+
+    /// @notice Creates a new encrypted bool for the given user.
+    ///  @dev costs the inco fee
+    function newEbool(bytes memory ciphertext, address user) internal returns (ebool) {
+        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.newEbool.selector, ciphertext, user));
+        return ebool.wrap(result);
+    }
+
+    /// @notice Creates a new encrypted address assuming msg.sender is the user
+    ///  @dev costs the inco fee
+    function newEaddress(bytes memory ciphertext) internal returns (eaddress) {
+        return newEaddress(ciphertext, msg.sender);
+    }
+
+    /// @notice Creates a new encrypted address for the given user.
+    ///  @dev costs the inco fee
+    function newEaddress(bytes memory ciphertext, address user) internal returns (eaddress) {
+        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.newEaddress.selector, ciphertext, user));
+        return eaddress.wrap(result);
+    }
+
+    /// @notice Allows an address to access an encrypted uint256
+    ///  @param a The encrypted uint256
+    ///  @param to The address to allow
+    function allow(euint256 a, address to) internal {
+        inco.allow(euint256.unwrap(a), to);
+    }
+
+    /// @notice Allows an address to access an encrypted bool
+    ///  @param a The encrypted bool
+    ///  @param to The address to allow
+    function allow(ebool a, address to) internal {
+        inco.allow(ebool.unwrap(a), to);
+    }
+
+    /// @notice Allows an address to access an encrypted address
+    ///  @param a The encrypted address
+    ///  @param to The address to allow
+    function allow(eaddress a, address to) internal {
+        inco.allow(eaddress.unwrap(a), to);
+    }
+
+    /// @notice Reveals an encrypted uint256
+    ///  @param a The encrypted uint256
+    function reveal(euint256 a) internal {
+        inco.reveal(euint256.unwrap(a));
+    }
+
+    /// @notice Reveals an encrypted bool
+    ///  @param a The encrypted bool
+    function reveal(ebool a) internal {
+        inco.reveal(ebool.unwrap(a));
+    }
+
+    /// @notice Reveals an encrypted address
+    ///  @param a The encrypted address
+    function reveal(eaddress a) internal {
+        inco.reveal(eaddress.unwrap(a));
+    }
+
+    /// @notice Verifies a decryption attestation for a euint256
+    ///  @param handle The encrypted handle
+    ///  @param value The claimed decrypted value
+    ///  @param signatures The covalidator signatures
+    ///  @return True if the attestation is valid
+    function verifyDecryption(euint256 handle, uint256 value, bytes[] memory signatures) internal view returns (bool) {
+        DecryptionAttestation memory attestation = DecryptionAttestation({handle: euint256.unwrap(handle), value: bytes32(value)});
+        return inco.incoVerifier().isValidDecryptionAttestation(attestation, signatures);
+    }
+
+    /// @notice Verifies a decryption attestation for an ebool
+    ///  @param handle The encrypted handle
+    ///  @param value The claimed decrypted value
+    ///  @param signatures The covalidator signatures
+    ///  @return True if the attestation is valid
+    function verifyDecryption(ebool handle, bool value, bytes[] memory signatures) internal view returns (bool) {
+        DecryptionAttestation memory attestation = DecryptionAttestation({handle: ebool.unwrap(handle), value: value ? bytes32(uint256(1)) : bytes32(0)});
+        return inco.incoVerifier().isValidDecryptionAttestation(attestation, signatures);
+    }
+
+    /// @notice Allows this contract to access an encrypted uint256
+    ///  @param a The encrypted uint256
+    function allowThis(euint256 a) internal {
+        allow(a, address(this));
+    }
+
+    /// @notice Allows this contract to access an encrypted bool
+    ///  @param a The encrypted bool
+    function allowThis(ebool a) internal {
+        allow(a, address(this));
+    }
+
+    /// @notice Allows this contract to access an encrypted address
+    ///  @param a The encrypted address
+    function allowThis(eaddress a) internal {
+        allow(a, address(this));
+    }
+
+    /// @notice Checks if a user is allowed to access an encrypted uint256
+    ///  @param user The address to check
+    ///  @param a The encrypted uint256
+    ///  @return True if allowed, false otherwise
+    function isAllowed(address user, euint256 a) internal view returns (bool) {
+        return inco.isAllowed(euint256.unwrap(a), user);
+    }
+
+    /// @notice Selects between two encrypted uint256 values based on an encrypted bool
+    ///  @param control The encrypted bool condition
+    ///  @param ifTrue Value if control is true
+    ///  @param ifFalse Value if control is false
+    ///  @return The selected encrypted uint256
+    function select(ebool control, euint256 ifTrue, euint256 ifFalse) internal returns (euint256) {
+        return euint256.wrap(inco.eIfThenElse(s(control), euint256.unwrap(s(ifTrue)), euint256.unwrap(s(ifFalse))));
+    }
+
+    /// @notice Selects between two encrypted bool values based on an encrypted bool
+    ///  @param control The encrypted bool condition
+    ///  @param ifTrue Value if control is true
+    ///  @param ifFalse Value if control is false
+    ///  @return The selected encrypted bool
+    function select(ebool control, ebool ifTrue, ebool ifFalse) internal returns (ebool) {
+        return ebool.wrap(inco.eIfThenElse(s(control), ebool.unwrap(s(ifTrue)), ebool.unwrap(s(ifFalse))));
+    }
+
+    /// @notice Selects between two encrypted addresses based on an encrypted bool
+    ///  @param control The encrypted bool condition
+    ///  @param ifTrue Value if control is true
+    ///  @param ifFalse Value if control is false
+    ///  @return The selected encrypted address
+    function select(ebool control, eaddress ifTrue, eaddress ifFalse) internal returns (eaddress) {
+        return eaddress.wrap(inco.eIfThenElse(s(control), eaddress.unwrap(s(ifTrue)), eaddress.unwrap(s(ifFalse))));
+    }
+
+    /// @dev Store fee in the custom slot
+    ///  @param _fee The fee to store
+    function _setFee(uint256 _fee) private {
+        bytes32 slot = FEE_SLOT;
+        assembly {
+            sstore(slot, _fee)
+        }
+    }
+
+    /// @dev Retrieve fee from the custom slot
+    ///  @return fee The stored fee
+    function _getFee() private view returns (uint256 fee) {
+        bytes32 slot = FEE_SLOT;
+        assembly {
+            fee := sload(slot)
+        }
+    }
+
+    /// @dev Get current fee with fallback to inco.getFee() if not cached
+    function getCurrentFee() private returns (uint256) {
+        uint256 cachedFee = _getFee();
+        if (cachedFee == 0) {
+            cachedFee = inco.getFee();
+            _setFee(cachedFee);
+        }
+        return cachedFee;
+    }
+
+    /// @dev Execute a call to inco with fee, retrying with fresh fee if it fails
+    ///  @param callData The encoded function call (use abi.encodeWithSelector)
+    ///  @return result The bytes32 result from the call
+    function _callWithFeeRetry(bytes memory callData) private returns (bytes32) {
+        uint256 fee = getCurrentFee();
+        (bool success, bytes memory result) = address(inco).call{value: fee}(callData);
+        if (!success) {
+            fee = inco.getFee();
+            _setFee(fee);
+            (success, result) = address(inco).call{value: fee}(callData);
+            require(success, CallFailedAfterFeeRefresh());
+        }
+        return abi.decode(result, (bytes32));
+    }
+}

package/src/lightning-parts/AccessControl/AdvancedAccessControl.sol

@@ -106,6 +106,9 @@ abstract contract AdvancedAccessControl is
     /// @param activeSessionNonce The sharer's current active session nonce
     error InvalidVoucherSessionNonce(bytes32 providedSessionNonce, bytes32 activeSessionNonce);
 
+    /// @notice Thrown when a voucher's verifyingContract address is the zero address
+    error InvalidVerifyingContract();
+
     /// @notice Checks if an account is allowed to access a handle using a signed voucher proof
     /// @dev Intended for simulation/off-chain calls. Not a view function as it calls external contracts.
     ///      Verification steps:
@@ -118,6 +121,7 @@ abstract contract AdvancedAccessControl is
     /// @param proof The allowance proof containing voucher, signature, and requester data
     /// @return True if access is allowed, false or reverts otherwise
     function isAllowedWithProof(bytes32 handle, address account, AllowanceProof memory proof) public returns (bool) {
+        require(proof.voucher.verifyingContract != address(0), InvalidVerifyingContract());
         require(
             IBaseAccessControlList(incoLightningAddress).isAllowed(handle, proof.sharer),
             SharerNotAllowedForHandle(handle, proof.sharer)

package/src/lightning-parts/AccessControl/test/TestAdvancedAccessControl.t.sol

@@ -88,6 +88,21 @@ contract TestAdvancedAccessControl is IncoTest {
         incoVerifier = inco.incoVerifier();
     }
 
+    function testAdvancedSharingWithInvalidVerifyingContract() public {
+        AllowanceVoucher memory invalidSessionVoucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(0),
+            callFunction: SessionVerifier.canUseSession.selector,
+            sharerArgData: abi.encode(Session({decrypter: bob, expiresAt: block.timestamp + 1 days}))
+        });
+        AllowanceProof memory bobsProof = getBobsProof(invalidSessionVoucher);
+        vm.expectRevert(abi.encodeWithSelector(AdvancedAccessControl.InvalidVerifyingContract.selector));
+        incoVerifier.isAllowedWithProof(secretHandle, bob, bobsProof);
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(AdvancedAccessControl.InvalidVerifyingContract.selector));
+        inco.claimHandle(secretHandle, bobsProof);
+    }
+
     function testAdvancedSharingWithSession() public {
         SessionVerifier sessionVerifier = new SessionVerifier("");
         assertFalse(inco.isAllowed(secretHandle, bob), "bob should't be allowed on secret yet");

package/src/lightning-parts/TEELifecycle.sol

@@ -1,4 +1,4 @@
-pragma solidity ^0.8.19;
+pragma solidity ^0.8;
 
 import {BootstrapResult, UpgradeResult, AddNodeResult} from "./TEELifecycle.types.sol";
 import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

package/src/lightning-parts/TEELifecycle.types.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: No License
-pragma solidity ^0.8.19;
+pragma solidity ^0.8;
 
 /**
  * @notice A struct representing what the TDX EOA signs during the bootstrap process.

package/src/lightning-parts/interfaces/ITEELifecycle.sol

@@ -1,5 +1,5 @@
 /// SPDX-License-Identifier: No License
-pragma solidity ^0.8.19;
+pragma solidity ^0.8;
 
 import {BootstrapResult, UpgradeResult, AddNodeResult} from "../TEELifecycle.types.sol";
 import {IQuoteVerifier} from "../../interfaces/automata-interfaces/IQuoteVerifier.sol";

package/src/pasted-dependencies/ICreateX.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: AGPL-3.0-only
-pragma solidity ^0.8.4;
+pragma solidity ^0.8;
 
 /**
  * @title CreateX Factory Interface Definition

package/src/periphery/SessionVerifier.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: No License
-pragma solidity ^0.8;
+pragma solidity ^0.8.29;
 
 import {UUPSUpgradeable} from "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
 import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
@@ -38,13 +38,13 @@ struct Session {
 contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
 
     /// @notice Initializes the SessionVerifier with version information
-    /// @param salt Unique salt used for deterministic deployment via CreateX
-    constructor(bytes32 salt)
+    /// @param _salt Unique salt used for deterministic deployment via CreateX
+    constructor(bytes32 _salt)
         Version(
             SESSION_VERIFIER_MAJOR_VERSION,
             SESSION_VERIFIER_MINOR_VERSION,
             SESSION_VERIFIER_PATCH_VERSION,
-            salt,
+            _salt,
             SESSION_VERIFIER_NAME
         )
     {}

package/src/shared/IOwnable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.0;
+pragma solidity ^0.8;
 
 // OpenZeppelin doesn't export any interfaces for ownable so we define our own
 

package/src/shared/IUUPSUpgradable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.0;
+pragma solidity ^0.8;
 
 // OpenZeppelin doesn't export any interfaces for uupsUpgradeable so we define our own
 

package/src/test/TEELifecycle/TEELifecycleMockTest.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: UNLICENSED
-pragma solidity ^0.8.0;
+pragma solidity ^0.8;
 
 import {TEELifecycle} from "../../lightning-parts/TEELifecycle.sol";
 import {BootstrapResult, AddNodeResult, UpgradeResult} from "../../lightning-parts/TEELifecycle.types.sol";

package/src/test/TestUpgrade.t.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: No License
-pragma solidity ^0.8.20;
+pragma solidity ^0.8;
 
 import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
 import {Safe} from "safe-smart-account/Safe.sol";

package/src/version/IncoLightningConfig.sol

@@ -7,7 +7,7 @@ pragma solidity ^0.8;
 // UPDATE the CHANGELOG on new versions
 
 string constant CONTRACT_NAME = "incoLightning";
-uint8 constant MAJOR_VERSION = 4;
+uint8 constant MAJOR_VERSION = 5;
 uint8 constant MINOR_VERSION = 0;
 // whenever a new version is deployed, we need to pump this up
 // otherwise make test_upgrade will fail