@pafi-dev/core 0.5.16 → 0.5.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +77 -1
  2. package/package.json +12 -12
package/README.md CHANGED
@@ -15,6 +15,10 @@ Core TypeScript SDK for the PAFI point token system. Covers EIP-712 signing, con
15
15
  - TypeScript >= 5.0
16
16
  - `viem` ^2.0.0 (peer dependency)
17
17
 
18
+ > **Latest:** `0.5.16` — ERC-4337 v0.8 hash + EIP-712 signing fixes for the
19
+ > EIP-7702 mobile flow. See [Changelog](#changelog) for the full breakdown
20
+ > of the AA24/AA23 bugs this release closes.
21
+
18
22
  ---
19
23
 
20
24
  ## Installation
@@ -62,11 +66,21 @@ POINT_TOKEN_FACTORY_ADDRESSES[8453] // "0x36c0BAb2faBE45EfA6d13001143e43A266Af67
62
66
  Protocol constants (same on all EVM chains):
63
67
 
64
68
  ```ts
65
- import { ENTRY_POINT_V07, PERMIT2_ADDRESS } from "@pafi-dev/core";
69
+ import {
70
+ ENTRY_POINT_V07,
71
+ ENTRY_POINT_V08,
72
+ PERMIT2_ADDRESS,
73
+ } from "@pafi-dev/core";
66
74
  // ENTRY_POINT_V07 "0x0000000071727De22E5E9d8BAf0edAc6f37da032"
75
+ // ENTRY_POINT_V08 "0x4337084d9e255ff0702461cf8895ce9e3b5ff108"
67
76
  // PERMIT2_ADDRESS "0x000000000022D473030F116dDEE9F6B43aC78BA3"
68
77
  ```
69
78
 
79
+ For Pimlico's `Simple7702Account` (the EIP-7702 delegate target you get
80
+ when using Privy embedded wallets) you **must** use `ENTRY_POINT_V08`.
81
+ Mixing v0.7 with a v0.8 account reverts with `AA23 reverted account: not
82
+ from EntryPoint`.
83
+
70
84
  ---
71
85
 
72
86
  ## EIP-712 signing
@@ -255,6 +269,68 @@ const userOp = buildPerpDepositWithGasDeduction({
255
269
 
256
270
  ## Changelog
257
271
 
272
+ ### 0.5.16
273
+
274
+ ERC-4337 v0.8 + EIP-7702 mobile flow correctness fixes.
275
+
276
+ **Why this release.** The mobile prepare/submit flow (issuer backend computes
277
+ the userOpHash, mobile client signs it, backend submits to the bundler)
278
+ was reverting on Pimlico with `AA24 signature error` even though the same
279
+ UserOp validated cleanly on the web flow via `permissionless`. Three
280
+ distinct bugs stacked on top of each other; this release fixes them.
281
+
282
+ **1. `computeUserOpHash` now produces the EIP-712 typed digest used by
283
+ EntryPoint v0.8.** Previous versions hashed via the v0.7 scheme
284
+ (`keccak256(packed userOp || entryPoint || chainId)`), which produces a
285
+ totally different hash than what Pimlico's `Simple7702Account` (impl
286
+ `0xe6Cae8…`, `entryPoint() = 0x4337084d…`) actually validates against.
287
+ Symptom: `AA24` on every mobile UserOp.
288
+
289
+ **2. `buildUserOpTypedData()` exposed for client-side signing.** The
290
+ deployed Pimlico `Simple7702Account` validates the user signature with
291
+ `SignatureCheckerLib.isValidSignatureNow(address(this), userOpHash, sig)`
292
+ — **no EIP-191 prefix wrapping.** That means
293
+ `personal_sign` / `signMessage({ raw: userOpHash })` produces a signature
294
+ that `ecrecover`s to the wrong address; AA24 again. The new helper returns
295
+ `{ domain, types, primaryType, message }` ready to pass straight into
296
+ `walletClient.signTypedData(...)`. Because `userOpHash` IS the EIP-712
297
+ digest of `PackedUserOperation`, signing the typed data yields a
298
+ signature that recovers the EOA from the raw userOpHash — which is what
299
+ the contract checks.
300
+
301
+ ```ts
302
+ import { buildUserOpTypedData, computeUserOpHash } from "@pafi-dev/core";
303
+
304
+ // Backend (gg56-backend, claim/prepare):
305
+ const typedData = buildUserOpTypedData(userOpWithPaymaster, chainId);
306
+ const userOpHash = computeUserOpHash(userOpWithPaymaster, chainId);
307
+ return { lockId, userOpHash, typedData /* serialise bigints */ };
308
+
309
+ // Client (Privy embedded wallet):
310
+ const signature = await walletClient.signTypedData({
311
+ domain: typedData.domain,
312
+ types: typedData.types,
313
+ primaryType: typedData.primaryType,
314
+ message: typedData.message,
315
+ });
316
+ // Submit { lockId, signature } to /claim/submit. AA24 stays away.
317
+ ```
318
+
319
+ **Do NOT use `signMessage({ raw })` or `personal_sign` to sign a v0.8
320
+ userOpHash for `Simple7702Account`** — that path is a foot-gun the SDK
321
+ intentionally no longer offers a helper for.
322
+
323
+ **3. `ENTRY_POINT_V08` constant added.** v0.7 EntryPoint
324
+ (`0x0000000071727De22E5E9d8BAf0edAc6f37da032`) is incompatible with
325
+ v0.8 accounts — calling `pm_sponsorUserOperation` with v0.7 reverts
326
+ inside `_validateUserOp` with `"AA23 reverted account: not from
327
+ EntryPoint"` because `msg.sender (v0.7 EP) ≠ account.entryPoint() (v0.8 EP)`.
328
+
329
+ ```ts
330
+ import { ENTRY_POINT_V08 } from "@pafi-dev/core";
331
+ // 0x4337084d9e255ff0702461cf8895ce9e3b5ff108
332
+ ```
333
+
258
334
  ### 0.4.0
259
335
  - `sponsorAuth` module added — `signSponsorAuth`, `verifySponsorAuth`, `computeCallDataHash`
260
336
  - `PERMIT2_ADDRESS` and `ENTRY_POINT_V07` centralised in `constants.ts`
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pafi-dev/core",
3
- "version": "0.5.16",
3
+ "version": "0.5.17",
4
4
  "description": "EIP-712 signing, contract interaction, and Relay calldata for the PAFI point token system",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -91,15 +91,6 @@
91
91
  "files": [
92
92
  "dist"
93
93
  ],
94
- "scripts": {
95
- "generate": "tsx scripts/generate-abis.ts",
96
- "build": "tsup",
97
- "test": "vitest run",
98
- "test:watch": "vitest",
99
- "test:integration": "vitest run --config vitest.integration.config.ts",
100
- "test:fork": "vitest run --config vitest.fork.config.ts",
101
- "typecheck": "tsc --noEmit"
102
- },
103
94
  "peerDependencies": {
104
95
  "viem": "^2.0.0"
105
96
  },
@@ -110,5 +101,14 @@
110
101
  "tsup": "^8.0.0",
111
102
  "vitest": "^2.0.0"
112
103
  },
113
- "license": "Apache-2.0"
114
- }
104
+ "license": "Apache-2.0",
105
+ "scripts": {
106
+ "generate": "tsx scripts/generate-abis.ts",
107
+ "build": "tsup",
108
+ "test": "vitest run",
109
+ "test:watch": "vitest",
110
+ "test:integration": "vitest run --config vitest.integration.config.ts",
111
+ "test:fork": "vitest run --config vitest.fork.config.ts",
112
+ "typecheck": "tsc --noEmit"
113
+ }
114
+ }