@inco/lightning 0.9.0-devnet-test-10 → 0.10.0-devnet-1

package/src/libs/incoLightning_testnet_v2_889158349.sol

@@ -6,10 +6,11 @@
 pragma solidity ^0.8;
 
 import { IncoLightning } from "../IncoLightning.sol";
-import { ebool, euint256, eaddress, ETypes } from "../Types.sol";
-import { DecryptionAttestation } from "../lightning-parts/DecryptionAttester.types.sol";
+import { ebool, euint256, eaddress, ETypes, elist, IndexOutOfRange, InvalidRange, SliceOutOfRange, UnsupportedListType, HandleMismatch, InvalidTEEAttestation, UnexpectedDecryptedValue } from "../Types.sol";
+import { asBool } from "../shared/TypeUtils.sol";
+import { DecryptionAttestation, ElementAttestationWithProof } from "../lightning-parts/DecryptionAttester.types.sol";
 
-IncoLightning constant inco = IncoLightning(0x168FDc3Ae19A5d5b03614578C58974FF30FCBe92);
+IncoLightning constant inco = IncoLightning(payable(0x168FDc3Ae19A5d5b03614578C58974FF30FCBe92));
 address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
 
 /// @notice Returns the ETypes enum value encoded in a handle
@@ -687,13 +688,14 @@ library e {
     ///  @dev costs the inco fee
     ///  @return The encrypted random value
     function rand() internal returns (euint256) {
-        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.eRand.selector, ETypes.Uint256));
+        bytes32 boundHandle = euint256.unwrap(asEuint256(0));
+        bytes32 result = _callWithFeeRetry(abi.encodeWithSelector(inco.eRandBounded.selector, boundHandle, ETypes.Uint256));
         return euint256.wrap(result);
     }
 
     /// @notice Generates a random encrypted uint256 less than a plaintext upper bound (costs the inco fee)
     ///  @dev costs the inco fee
-    ///  @param upperBound The plaintext upper bound
+    ///  @param upperBound The plaintext upper bound (exclusive). If the upper bound is 0, the whole 256bit range is sampled, equivalent to providing type(uint256).max as upper bound.
     ///  @return The encrypted random value
     function randBounded(uint256 upperBound) internal returns (euint256) {
         bytes32 boundHandle = euint256.unwrap(asEuint256(upperBound));
@@ -703,7 +705,7 @@ library e {
 
     /// @notice Generates a random encrypted uint256 less than an encrypted upper bound (costs the inco fee)
     ///  @dev costs the inco fee
-    ///  @param upperBound The encrypted upper bound
+    ///  @param upperBound The encrypted upper bound (exclusive). If the upper bound is e(0), the whole 256bit range is sampled, equivalent to providing e(type(uint256).max) as upper bound.
     ///  @return The encrypted random value
     function randBounded(euint256 upperBound) internal returns (euint256) {
         bytes32 boundHandle = euint256.unwrap(s(upperBound));
@@ -732,13 +734,6 @@ library e {
         return inco.asEaddress(a);
     }
 
-    /// @notice Casts an encrypted uint256 to an encrypted bool
-    ///  @param a The encrypted uint256 value
-    ///  @return The encrypted bool value
-    function asEbool(euint256 a) internal returns (ebool) {
-        return ebool.wrap(inco.eCast(euint256.unwrap(a), ETypes.Bool));
-    }
-
     /// @notice Casts an encrypted bool to an encrypted uint256
     ///  @param a The encrypted bool value
     ///  @return The encrypted uint256 value
@@ -939,4 +934,290 @@ library e {
         }
         return abi.decode(result, (bytes32));
     }
+
+    /// @notice Returns the type of the elements contained within the list.
+    ///  @param handle EList handle to read container type from.
+    ///  @return ret Type of each element in the list.
+    function listTypeOf(elist handle) internal pure returns (ETypes ret) {
+        return ETypes(uint8(uint256(elist.unwrap(handle)) >> 16));
+    }
+
+    /// @notice Creates a new empty list. Type must be specified ahead of time and can not be changed.
+    ///  @param listType Type of each element in the list.
+    ///  @return ret A new elist handle
+    function newEList(ETypes listType) internal returns (elist ret) {
+        return inco.newEList(new bytes32[](0), listType);
+    }
+
+    /// @notice Creates a new list from existing array of handles.
+    ///  @param handles An array of handles to create a new list from
+    ///  @param listType Type of each element in the list.
+    ///  @return ret A new elist handle
+    function newEList(bytes32[] memory handles, ETypes listType) internal returns (elist ret) {
+        return inco.newEList{value: inco.getEListFee(uint16(handles.length), listType)}(handles, listType);
+    }
+
+    /// @notice Takes an array of user encrypted ciphertexts and returns a new elist handle.
+    ///  @param ciphertexts An array of encrypted user inputs
+    ///  @param listType Expected type of each element in the list.
+    ///  @param user Address of the user encrypting the ciphertexts.
+    ///  @return ret A new elist handle
+    ///  @dev each ciphertext costs the inco fee
+    function newEList(bytes[] memory ciphertexts, ETypes listType, address user) internal returns (elist ret) {
+        return inco.newEList{value: inco.getEListFee(uint16(ciphertexts.length), listType)}(ciphertexts, listType, user);
+    }
+
+    /// @notice Appends an ebool element at the end of a list.
+    ///  @param a An elist handle to append to.
+    ///  @param b Element value to be appended.
+    ///  @return ret A new elist handle with length len(a)+1.
+    function append(elist a, ebool b) internal returns (elist ret) {
+        return inco.listAppend{value: inco.getEListFee(length(a) + 1, listTypeOf(a))}(a, ebool.unwrap(s(b)));
+    }
+
+    /// @notice Appends an euint256 element at the end of a list.
+    ///  @param a An elist handle to append to.
+    ///  @param b Element value to be appended.
+    ///  @return ret A new elist handle with length len(a)+1.
+    function append(elist a, euint256 b) internal returns (elist ret) {
+        return inco.listAppend{value: inco.getEListFee(length(a) + 1, listTypeOf(a))}(a, euint256.unwrap(s(b)));
+    }
+
+    /// @notice Replaces an element at some hidden index "i" (ebool variant).
+    ///  @dev If the encrypted index is out of bounds, the operation is silently ignored
+    ///  and the returned list is identical to the input. This avoids leaking index validity.
+    ///  @param a EList handle to modify element in.
+    ///  @param i Hidden index position of an element to modify.
+    ///  @param b Element value to be changed.
+    ///  @return ret A new elist handle
+    function set(elist a, euint256 i, ebool b) internal returns (elist ret) {
+        return inco.listSet{value: inco.getEListFee(length(a), listTypeOf(a))}(a, euint256.unwrap(s(i)), ebool.unwrap(s(b)));
+    }
+
+    /// @notice Replaces an element at some hidden index "i" (euint256 variant).
+    ///  @dev If the encrypted index is out of bounds, the operation is silently ignored
+    ///  and the returned list is identical to the input. This avoids leaking index validity.
+    ///  @param a EList handle to modify element in.
+    ///  @param i Hidden index position of an element to modify.
+    ///  @param b Element value to be changed.
+    ///  @return ret A new elist handle
+    function set(elist a, euint256 i, euint256 b) internal returns (elist ret) {
+        return inco.listSet{value: inco.getEListFee(length(a), listTypeOf(a))}(a, euint256.unwrap(s(i)), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Replaces an element at plaintext index "i" (ebool variant). Reverts if out of range.
+    ///  @param a EList handle to modify element in.
+    ///  @param i Index position of element to modify.
+    ///  @param b Element value to be changed.
+    ///  @return ret A new elist handle
+    function set(elist a, uint16 i, ebool b) internal returns (elist ret) {
+        require(i < length(a), IndexOutOfRange(i, length(a)));
+        return inco.listSet{value: inco.getEListFee(length(a), listTypeOf(a))}(a, euint256.unwrap(asEuint256(uint256(i))), ebool.unwrap(s(b)));
+    }
+
+    /// @notice Replaces an element at plaintext index "i" (euint256 variant). Reverts if out of range.
+    ///  @param a EList handle to modify element in.
+    ///  @param i Index position of element to modify.
+    ///  @param b Element value to be changed.
+    ///  @return ret A new elist handle
+    function set(elist a, uint16 i, euint256 b) internal returns (elist ret) {
+        require(i < length(a), IndexOutOfRange(i, length(a)));
+        return inco.listSet{value: inco.getEListFee(length(a), listTypeOf(a))}(a, euint256.unwrap(asEuint256(uint256(i))), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Return hidden element at some hidden position (ebool variant).
+    ///  @param a EList handle to get element from.
+    ///  @param i Hidden index position to get element at.
+    ///  @param defaultValue A default element value returned if index is out of range.
+    ///  @return ret A new handle for the element or the defaultValue
+    function getOr(elist a, euint256 i, ebool defaultValue) internal returns (ebool ret) {
+        return ebool.wrap(inco.listGetOr(a, euint256.unwrap(s(i)), ebool.unwrap(s(defaultValue))));
+    }
+
+    /// @notice Return hidden element at some hidden position (euint256 variant).
+    ///  @param a EList handle to get element from.
+    ///  @param i Hidden index position to get element at.
+    ///  @param defaultValue A default element value returned if index is out of range.
+    ///  @return ret A new handle for the element or the defaultValue
+    function getOr(elist a, euint256 i, euint256 defaultValue) internal returns (euint256 ret) {
+        return euint256.wrap(inco.listGetOr(a, euint256.unwrap(s(i)), euint256.unwrap(s(defaultValue))));
+    }
+
+    /// @notice Return hidden element at a known position as ebool.
+    ///  @param a EList handle to get element from.
+    ///  @param i Index position to get element at.
+    ///  @return ret Returns a handle for the element.
+    function getEbool(elist a, uint16 i) internal returns (ebool ret) {
+        return ebool.wrap(inco.listGet(a, i));
+    }
+
+    /// @notice Return hidden element at a known position as euint256.
+    ///  @param a EList handle to get element from.
+    ///  @param i Index position to get element at.
+    ///  @return ret Returns a handle for the element.
+    function getEuint256(elist a, uint16 i) internal returns (euint256 ret) {
+        return euint256.wrap(inco.listGet(a, i));
+    }
+
+    /// @notice Inserts a hidden element at a desired hidden position (ebool, hidden index).
+    ///  @param a An elist handle to insert into.
+    ///  @param i Hidden index position to insert at.
+    ///  @param b Element value to be inserted.
+    ///  @return ret A new elist handle with length len(a)+1.
+    function insert(elist a, euint256 i, ebool b) internal returns (elist ret) {
+        return inco.listInsert{value: inco.getEListFee(length(a) + 1, listTypeOf(a))}(a, euint256.unwrap(s(i)), ebool.unwrap(s(b)));
+    }
+
+    /// @notice Inserts an ebool element at a known position. Reverts if out of range.
+    ///  @param a An elist handle to insert into.
+    ///  @param i Index position to insert at.
+    ///  @param b Element value to be inserted.
+    ///  @return ret A new elist handle with length len(a)+1.
+    function insert(elist a, uint16 i, ebool b) internal returns (elist ret) {
+        require(i < length(a), IndexOutOfRange(i, length(a)));
+        return inco.listInsert{value: inco.getEListFee(length(a) + 1, listTypeOf(a))}(a, euint256.unwrap(asEuint256(uint256(i))), ebool.unwrap(s(b)));
+    }
+
+    /// @notice Inserts a hidden element at a desired hidden position (euint256, hidden index).
+    ///  @param a An elist handle to insert into.
+    ///  @param i Hidden index position to insert at.
+    ///  @param b Element value to be inserted.
+    ///  @return ret A new elist handle with length len(a)+1.
+    function insert(elist a, euint256 i, euint256 b) internal returns (elist ret) {
+        return inco.listInsert{value: inco.getEListFee(length(a) + 1, listTypeOf(a))}(a, euint256.unwrap(s(i)), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Inserts a euint256 element at a known position. Reverts if out of range.
+    ///  @param a An elist handle to insert into.
+    ///  @param i Index position to insert at.
+    ///  @param b Element value to be inserted.
+    ///  @return ret A new elist handle with length len(a)+1.
+    function insert(elist a, uint16 i, euint256 b) internal returns (elist ret) {
+        require(i < length(a), IndexOutOfRange(i, length(a)));
+        return inco.listInsert{value: inco.getEListFee(length(a) + 1, listTypeOf(a))}(a, euint256.unwrap(asEuint256(uint256(i))), euint256.unwrap(s(b)));
+    }
+
+    /// @notice Concatenates two elists into one.
+    ///  @param a EList handle to be prepended
+    ///  @param b EList handle to be appended
+    ///  @return ret A new elist handle with length len(a)+len(b).
+    function concat(elist a, elist b) internal returns (elist ret) {
+        return inco.listConcat{value: inco.getEListFee(length(a) + length(b), listTypeOf(a))}(a, b);
+    }
+
+    /// @notice Slices a list from plaintext start to plaintext end.
+    ///  @param a EList handle to be sliced
+    ///  @param start Starting index (inclusive).
+    ///  @param end End index (exclusive). Must be >= start and within bounds.
+    ///  @return ret A new sliced list with length "end-start".
+    function slice(elist a, uint16 start, uint16 end) internal returns (elist ret) {
+        require(end >= start, InvalidRange(start, end));
+        require(end <= length(a), SliceOutOfRange(start, end, length(a)));
+        require(start < length(a), SliceOutOfRange(start, end, length(a)));
+        bytes32 defaultValue;
+        if (ETypes.Uint256 == listTypeOf(a)) {
+            defaultValue = euint256.unwrap(asEuint256(0));
+        } else if (ETypes.Bool == listTypeOf(a)) {
+            defaultValue = ebool.unwrap(asEbool(false));
+        } else {
+            revert UnsupportedListType(listTypeOf(a));
+        }
+        return inco.listSlice{value: inco.getEListFee(end - start, listTypeOf(a))}(a, euint256.unwrap(asEuint256(start)), end - start, defaultValue);
+    }
+
+    /// @notice Slices at a hidden index with a specified length (euint256 default).
+    ///  @param a EList handle to be sliced.
+    ///  @param start Hidden starting index.
+    ///  @param len Length of the desired slice.
+    ///  @param defaultValue Default value if out of range.
+    ///  @return ret A new sliced list with length "len".
+    function sliceLen(elist a, euint256 start, uint16 len, euint256 defaultValue) internal returns (elist ret) {
+        return inco.listSlice{value: inco.getEListFee(len, listTypeOf(a))}(a, euint256.unwrap(s(start)), len, euint256.unwrap(s(defaultValue)));
+    }
+
+    /// @notice Slices at a hidden index with a specified length (ebool default).
+    ///  @param a EList handle to be sliced.
+    ///  @param start Hidden starting index.
+    ///  @param len Length of the desired slice.
+    ///  @param defaultValue Default value if out of range.
+    ///  @return ret A new sliced list with length "len".
+    function sliceLen(elist a, euint256 start, uint16 len, ebool defaultValue) internal returns (elist ret) {
+        return inco.listSlice{value: inco.getEListFee(len, listTypeOf(a))}(a, euint256.unwrap(s(start)), len, ebool.unwrap(s(defaultValue)));
+    }
+
+    /// @notice Creates a new list populated with ordered values from within range.
+    ///  @param start Start value of the range, inclusive.
+    ///  @param end End of the range, exclusive. Must be >= start.
+    ///  @return ret A new elist handle with length "end-start"
+    function range(uint16 start, uint16 end, ETypes listType) internal returns (elist ret) {
+        return inco.listRange{value: inco.getEListFee(end - start, listType)}(start, end, listType);
+    }
+
+    /// @notice Deterministically shuffles elements within a list.
+    ///  @dev costs the inco fee
+    ///  @param a elist handle to be shuffled
+    ///  @return ret A new elist handle with elements shuffled
+    function shuffle(elist a) internal returns (elist ret) {
+        return inco.listShuffle{value: inco.getEListFee(length(a), listTypeOf(a))}(a);
+    }
+
+    /// @notice A convenience function equivalent to range() followed by shuffle().
+    ///  @dev costs the inco fee
+    ///  @param start Start value of the range, inclusive.
+    ///  @param end End of the range, exclusive. Must be >= start.
+    ///  @return ret A new elist handle in random order with length "end-start".
+    function shuffledRange(uint16 start, uint16 end, ETypes listType) internal returns (elist ret) {
+        uint256 fee = inco.getEListFee(end - start, listType);
+        elist rangeList = inco.listRange{value: fee}(start, end, listType);
+        return inco.listShuffle{value: fee}(rangeList);
+    }
+
+    /// @notice Reverses the order of elements in a list.
+    ///  @param a Elist handle to be reversed
+    ///  @return ret A new elist handle with elements in reverse order
+    function reverse(elist a) internal returns (elist ret) {
+        return inco.listReverse{value: inco.getEListFee(length(a), listTypeOf(a))}(a);
+    }
+
+    /// @notice Returns the length of the list in plaintext. Pure function, no gas cost.
+    ///  @param a EList handle to read the length from
+    ///  @return len The length of the list
+    function length(elist a) internal pure returns (uint16 len) {
+        return inco.lengthOf(elist.unwrap(a));
+    }
+
+    ///  @notice  verifyEListDecryption verifies elist decryption attestation and commitment proof. Each element can be either a pre-computed hash or a commitment-value pair.
+    ///  @param elistHandle The elist handle that was decrypted
+    ///  @param proofElements Array of proof elements. Each can provide either pairHash directly, or commitment+value to compute the pairHash
+    ///  @param proof The expected proof that should match keccak256 of all concatenated pair hashes
+    ///  @param signatures Array of signatures from attesters
+    ///  @return bool True if verification succeeds
+    ///  @dev For privacy, publish only pairHash. For transparency, publish commitment+value. Can mix both in the same array.
+    function verifyEListDecryption(elist elistHandle, ElementAttestationWithProof[] memory proofElements, bytes32 proof, bytes[] memory signatures) internal view returns (bool) {
+        return inco.incoVerifier().isValidEListDecryptionAttestation(elist.unwrap(elistHandle), proofElements, proof, signatures);
+    }
+
+    ///  @notice Checks a decryption attestation for an encrypted bool against an expected plaintext value
+    ///  @param handle The encrypted handle
+    ///  @param expected The expected plaintext value
+    ///  @param decryption The decryption attestation to verify
+    ///  @param signatures The covalidator signatures for the attestation
+    ///  @dev Reverts if the handle doesn't match, the decrypted value doesn't match the expected value, or the attestation is invalid
+    function requireEqual(ebool handle, bool expected, DecryptionAttestation memory decryption, bytes[] memory signatures) internal view {
+        require(ebool.unwrap(handle) == decryption.handle, HandleMismatch());
+        require(asBool(decryption.value) == expected, UnexpectedDecryptedValue());
+        require(inco.incoVerifier().isValidDecryptionAttestation(decryption, signatures), InvalidTEEAttestation());
+    }
+
+    ///  @notice Checks a decryption attestation for an encrypted uint256 against an expected plaintext value
+    ///  @param handle The encrypted handle
+    ///  @param expected The expected plaintext value
+    ///  @param decryption The decryption attestation to verify
+    ///  @param signatures The covalidator signatures for the attestation
+    ///  @dev Reverts if the handle doesn't match, the decrypted value doesn't match the expected value, or the attestation is invalid
+    function requireEqual(euint256 handle, uint256 expected, DecryptionAttestation memory decryption, bytes[] memory signatures) internal view {
+        require(euint256.unwrap(handle) == decryption.handle, HandleMismatch());
+        require(uint256(decryption.value) == expected, UnexpectedDecryptedValue());
+        require(inco.incoVerifier().isValidDecryptionAttestation(decryption, signatures), InvalidTEEAttestation());
+    }
 }

package/src/lightning-parts/AccessControl/AdvancedAccessControl.sol

@@ -106,6 +106,9 @@ abstract contract AdvancedAccessControl is
     /// @param activeSessionNonce The sharer's current active session nonce
     error InvalidVoucherSessionNonce(bytes32 providedSessionNonce, bytes32 activeSessionNonce);
 
+    /// @notice Thrown when a voucher's verifyingContract address is the zero address
+    error InvalidVerifyingContract();
+
     /// @notice Checks if an account is allowed to access a handle using a signed voucher proof
     /// @dev Intended for simulation/off-chain calls. Not a view function as it calls external contracts.
     ///      Verification steps:
@@ -118,6 +121,7 @@ abstract contract AdvancedAccessControl is
     /// @param proof The allowance proof containing voucher, signature, and requester data
     /// @return True if access is allowed, false or reverts otherwise
     function isAllowedWithProof(bytes32 handle, address account, AllowanceProof memory proof) public returns (bool) {
+        require(proof.voucher.verifyingContract != address(0), InvalidVerifyingContract());
         require(
             IBaseAccessControlList(incoLightningAddress).isAllowed(handle, proof.sharer),
             SharerNotAllowedForHandle(handle, proof.sharer)
@@ -150,12 +154,13 @@ abstract contract AdvancedAccessControl is
     }
 
     /// @notice Invalidates all previously signed vouchers by updating the session nonce
-    /// @dev Generates a new random nonce using the caller's address and block.prevrandao.
+    /// @dev Generates a new random nonce using the caller's address, block.prevrandao, block.number, block.timestamp, and an additional random value.
     ///      Any vouchers signed with the previous nonce become invalid immediately.
     ///      Call this if you suspect voucher compromise or want to revoke all delegations.
-    function updateActiveVouchersSessionNonce() external {
+    /// @param salt An additional random value to ensure nonce uniqueness (e.g., from an off-chain source)
+    function updateActiveVouchersSessionNonce(bytes32 salt) external {
         getAacStorage().activeVouchersSessionNonce[msg.sender] =
-            keccak256(abi.encodePacked(msg.sender, block.prevrandao));
+            keccak256(abi.encodePacked(msg.sender, block.prevrandao, block.number, block.timestamp, salt));
     }
 
 }

package/src/lightning-parts/AccessControl/BaseAccessControlList.sol

@@ -137,22 +137,6 @@ abstract contract BaseAccessControlList is
         return isAllowedTransient;
     }
 
-    /// @notice Clears all transient storage entries.
-    /// @dev Should be called at the end of a transaction to reset transient permissions.
-    /// Iterates through all stored keys and clears them.
-    function cleanTransientStorage() external {
-        assembly {
-            let length := tload(0)
-            tstore(0, 0)
-            let lengthPlusOne := add(length, 1)
-            for { let i := 1 } lt(i, lengthPlusOne) { i := add(i, 1) } {
-                let handle := tload(i)
-                tstore(i, 0)
-                tstore(handle, 0)
-            }
-        }
-    }
-
     /// @notice Claims access to a handle using a signed allowance proof.
     /// @dev Verifies the proof via IncoVerifier and grants persistent access if valid.
     /// @param handle The encrypted handle to claim access to.

package/src/lightning-parts/AccessControl/interfaces/IAdvancedAccessControl.sol

@@ -13,6 +13,6 @@ interface IAdvancedAccessControl is IVoucherEip712Checker {
 
     function isAllowedWithProof(bytes32 handle, address account, AllowanceProof memory proof) external returns (bool);
     function getActiveVouchersSessionNonce(address account) external view returns (bytes32);
-    function updateActiveVouchersSessionNonce() external;
+    function updateActiveVouchersSessionNonce(bytes32 salt) external;
 
 }

package/src/lightning-parts/AccessControl/interfaces/IBaseAccessControlList.sol

@@ -2,14 +2,15 @@
 pragma solidity ^0.8;
 
 import {IVerifierAddressGetter} from "../../primitives/interfaces/IVerifierAddressGetter.sol";
+import {IEventCounter} from "../../primitives/interfaces/IEventCounter.sol";
 import {AllowanceProof} from "../AdvancedAccessControl.types.sol";
 
-interface IBaseAccessControlList is IVerifierAddressGetter {
+interface IBaseAccessControlList is IVerifierAddressGetter, IEventCounter {
 
     function allow(bytes32 handle, address account) external;
+    function reveal(bytes32 handle) external;
     function allowTransient(bytes32 handle, address account) external;
     function allowedTransient(bytes32 handle, address account) external view returns (bool);
-    function cleanTransientStorage() external;
     function persistAllowed(bytes32 handle, address account) external view returns (bool);
     function isAllowed(bytes32 handle, address account) external view returns (bool);
     function claimHandle(bytes32 handle, AllowanceProof memory proof) external;

package/src/lightning-parts/AccessControl/test/TestAdvancedAccessControl.t.sol

@@ -88,6 +88,21 @@ contract TestAdvancedAccessControl is IncoTest {
         incoVerifier = inco.incoVerifier();
     }
 
+    function testAdvancedSharingWithInvalidVerifyingContract() public {
+        AllowanceVoucher memory invalidSessionVoucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(0),
+            callFunction: SessionVerifier.canUseSession.selector,
+            sharerArgData: abi.encode(Session({decrypter: bob, expiresAt: block.timestamp + 1 days}))
+        });
+        AllowanceProof memory bobsProof = getBobsProof(invalidSessionVoucher);
+        vm.expectRevert(abi.encodeWithSelector(AdvancedAccessControl.InvalidVerifyingContract.selector));
+        incoVerifier.isAllowedWithProof(secretHandle, bob, bobsProof);
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(AdvancedAccessControl.InvalidVerifyingContract.selector));
+        inco.claimHandle(secretHandle, bobsProof);
+    }
+
     function testAdvancedSharingWithSession() public {
         SessionVerifier sessionVerifier = new SessionVerifier("");
         assertFalse(inco.isAllowed(secretHandle, bob), "bob should't be allowed on secret yet");
@@ -134,7 +149,9 @@ contract TestAdvancedAccessControl is IncoTest {
         );
         incoVerifier.isAllowedWithProof(secretHandle, bob, invalidBobProof);
         vm.prank(alice);
-        incoVerifier.updateActiveVouchersSessionNonce();
+        bytes32 salt = keccak256(abi.encodePacked("some random value", block.timestamp));
+        // update the session nonce to invalidate all previous vouchers
+        incoVerifier.updateActiveVouchersSessionNonce(salt);
         bytes32 alicesNewNonce = incoVerifier.getActiveVouchersSessionNonce(alice);
         // previously valid voucher should now be invalid
         vm.expectRevert(

package/src/lightning-parts/AccessControl/test/TestBaseAccessControl.t.sol

@@ -53,30 +53,6 @@ contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
         inco.allowTransient(handle, carol);
     }
 
-    // ============ cleanTransientStorage Tests ============
-
-    function testCleanTransientStorage() public {
-        euint256 secret1 = inco.asEuint256(100);
-        euint256 secret2 = inco.asEuint256(200);
-        bytes32 handle1 = euint256.unwrap(secret1);
-        bytes32 handle2 = euint256.unwrap(secret2);
-
-        // Grant transient access
-        inco.allowTransient(handle1, bob);
-        inco.allowTransient(handle2, carol);
-
-        // Verify transient access is granted
-        assertTrue(inco.allowedTransient(handle1, bob));
-        assertTrue(inco.allowedTransient(handle2, carol));
-
-        // Clean transient storage
-        inco.cleanTransientStorage();
-
-        // Transient access should be revoked
-        assertFalse(inco.allowedTransient(handle1, bob));
-        assertFalse(inco.allowedTransient(handle2, carol));
-    }
-
     // ============ allowedTransient Direct Call Tests ============
 
     function testAllowedTransient_DirectCall() public {
@@ -227,25 +203,6 @@ contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
         assertEq(inco.isAllowed(handle, bob), expectedAllowed);
     }
 
-    /// @dev Fuzz test that cleaning transient storage removes transient access
-    function testFuzzCleanTransientStorageRemovesAccess(bytes32 randomSeed) public {
-        // Create a unique handle
-        euint256 secret = inco.asEuint256(uint256(randomSeed));
-        bytes32 handle = euint256.unwrap(secret);
-
-        // Grant transient access
-        inco.allowTransient(handle, bob);
-        assertTrue(inco.allowedTransient(handle, bob));
-        assertTrue(inco.isAllowed(handle, bob));
-
-        // Clean transient storage
-        inco.cleanTransientStorage();
-
-        // Transient access should be revoked
-        assertFalse(inco.allowedTransient(handle, bob));
-        assertFalse(inco.isAllowed(handle, bob));
-    }
-
     /// @dev Fuzz test multiple accounts with different access levels
     function testFuzzMultipleAccountsAccessLevels(bytes32 randomSeed) public {
         euint256 secret = inco.asEuint256(uint256(randomSeed));