Fix smart wallet signing / email + sw / multithreading

Author: 0xFirekeeper

Assets/Thirdweb/Core/Scripts/AccountAbstraction/Core/BundlerClient.cs

@@ -52,7 +52,7 @@ private static async Task<RpcResponseMessage> BundlerRequest(string url, string
                 {
                     httpRequestMessage.Headers.Add("x-client-id", ThirdwebManager.Instance.SDK.session.Options.clientId);
                     if (!Utils.IsWebGLBuild())
-                        httpRequestMessage.Headers.Add("x-bundle-id", Utils.GetBundleId());
+                        httpRequestMessage.Headers.Add("x-bundle-id", ThirdwebManager.Instance.SDK.session.BundleId);
                 }
 
                 var httpResponse = await client.SendAsync(httpRequestMessage);

Assets/Thirdweb/Core/Scripts/AccountAbstraction/Core/SmartWallet.cs

@@ -12,6 +12,8 @@
 using FactoryContract = Thirdweb.Contracts.AccountFactory.ContractDefinition;
 using UnityEngine;
 using Nethereum.Contracts;
+using Nethereum.Hex.HexConvertors.Extensions;
+using Nethereum.Util;
 
 namespace Thirdweb.AccountAbstraction
 {
@@ -37,8 +39,19 @@ public class SmartWallet
         public Web3 PersonalWeb3 { get; internal set; }
         public ThirdwebSDK.SmartWalletConfig Config { get; internal set; }
 
-        private bool _initialized;
         private bool _deployed;
+        public bool IsDeployed
+        {
+            get { return _deployed; }
+        }
+
+        private bool _deploying;
+        public bool IsDeploying
+        {
+            get { return _deploying; }
+        }
+
+        private bool _initialized;
 
         public SmartWallet(Web3 personalWeb3, ThirdwebSDK.SmartWalletConfig config)
         {
@@ -54,6 +67,7 @@ public SmartWallet(Web3 personalWeb3, ThirdwebSDK.SmartWalletConfig config)
 
             _deployed = false;
             _initialized = false;
+            _deploying = false;
         }
 
         internal async Task<string> GetPersonalAddress()
@@ -89,6 +103,28 @@ internal async Task UpdateDeploymentStatus()
             _deployed = bytecode != "0x";
         }
 
+        internal async Task ForceDeploy()
+        {
+            if (_deployed)
+                return;
+
+            _deploying = true;
+            var input = new TransactionInput("0x", Accounts[0], new HexBigInteger(0));
+            var txHash = await Request(new RpcRequestMessage(1, "eth_sendTransaction", input));
+            await Transaction.WaitForTransactionResult(txHash.Result.ToString());
+            await UpdateDeploymentStatus();
+            _deploying = false;
+        }
+
+        internal async Task<bool> VerifySignature(byte[] hash, byte[] signature)
+        {
+            var verifyRes = await TransactionManager.ThirdwebRead<AccountContract.IsValidSignatureFunction, AccountContract.IsValidSignatureOutputDTO>(
+                Accounts[0],
+                new AccountContract.IsValidSignatureFunction() { Hash = hash, Signature = signature }
+            );
+            return verifyRes.MagicValue.ToHex(true) == new byte[] { 0x16, 0x26, 0xba, 0x7e }.ToHex(true);
+        }
+
         internal async Task<(byte[] initCode, BigInteger gas)> GetInitCode()
         {
             if (_deployed)
@@ -153,7 +189,7 @@ private async Task<RpcResponseMessage> CreateUserOpAndSend(RpcRequestMessage req
                 Nonce = await GetNonce(),
                 InitCode = initData.initCode,
                 CallData = executeInput.Data.HexStringToByteArray(),
-                CallGasLimit = transactionInput.Gas.Value,
+                CallGasLimit = transactionInput.Gas != null ? (transactionInput.Gas.Value < 21000 ? 100000 : transactionInput.Gas.Value) : 100000,
                 VerificationGasLimit = 100000 + initData.gas,
                 PreVerificationGas = 21000,
                 MaxFeePerGas = latestBlock.BaseFeePerGas.Value * 2 + BigInteger.Parse("1500000000"),
@@ -164,13 +200,8 @@ private async Task<RpcResponseMessage> CreateUserOpAndSend(RpcRequestMessage req
             partialUserOp.PreVerificationGas = partialUserOp.CalcPreVerificationGas();
             var partialUserOpHexified = partialUserOp.EncodeUserOperation();
 
-            // Update gas estimates and paymaster data if any
-
-            var gasEstimates = await BundlerClient.EthEstimateUserOperationGas(Config.bundlerUrl, apiKey, requestMessage.Id, partialUserOpHexified, Config.entryPointAddress);
+            // Update paymaster data if any
 
-            partialUserOp.PreVerificationGas = new HexBigInteger(gasEstimates.PreVerificationGas).Value;
-            partialUserOp.CallGasLimit = new HexBigInteger(gasEstimates.CallGasLimit).Value;
-            partialUserOp.VerificationGasLimit = new HexBigInteger(gasEstimates.VerificationGas).Value;
             partialUserOp.PaymasterAndData = await GetPaymasterAndData(requestMessage.Id, partialUserOpHexified, apiKey);
 
             // Hash, sign and encode the user operation
@@ -188,7 +219,7 @@ private async Task<RpcResponseMessage> CreateUserOpAndSend(RpcRequestMessage req
             // Wait for the transaction to be mined
 
             string txHash = null;
-            while (txHash == null && Application.isPlaying)
+            while (txHash == null)
             {
                 var getUserOpResponse = await BundlerClient.EthGetUserOperationByHash(Config.bundlerUrl, apiKey, requestMessage.Id, userOpHash);
                 txHash = getUserOpResponse?.transactionHash;

Assets/Thirdweb/Core/Scripts/AccountAbstraction/Core/UserOpUtils.cs

@@ -15,7 +15,7 @@ public static async Task<byte[]> HashAndSignUserOp(this EntryPointContract.UserO
             );
 
             var smartWallet = ThirdwebManager.Instance.SDK.session.ActiveWallet;
-            if (smartWallet.GetSignerProvider() == WalletProvider.LocalWallet)
+            if (smartWallet.GetLocalAccount() != null)
             {
                 var localWallet = smartWallet.GetLocalAccount();
                 return new EthereumMessageSigner().Sign(userOpHash.ReturnValue1, new EthECKey(localWallet.PrivateKey)).HexStringToByteArray();

Assets/Thirdweb/Core/Scripts/Storage/StorageUploader.cs

@@ -45,7 +45,7 @@ public async Task<IPFSUploadResult> UploadFromPath(string path)
             {
                 pinReq.SetRequestHeader("x-client-id", ThirdwebManager.Instance.SDK.storage.ClientId);
                 if (!Utils.IsWebGLBuild())
-                    pinReq.SetRequestHeader("x-bundle-id", Utils.GetBundleId());
+                    pinReq.SetRequestHeader("x-bundle-id", ThirdwebManager.Instance.SDK.session.BundleId);
 
                 await pinReq.SendWebRequest();
 

Assets/Thirdweb/Core/Scripts/ThirdwebInterceptor.cs

@@ -2,7 +2,6 @@
 using System.Threading.Tasks;
 using Nethereum.JsonRpc.Client;
 using Nethereum.Signer;
-using Newtonsoft.Json;
 using Thirdweb.Wallets;
 
 namespace Thirdweb

Assets/Thirdweb/Core/Scripts/ThirdwebSession.cs

@@ -29,6 +29,8 @@ public class ThirdwebSession
 
         public static int Nonce = 0;
 
+        public string BundleId { get; private set; }
+
         #endregion
 
         #region Constructors
@@ -41,6 +43,7 @@ public ThirdwebSession(ThirdwebSDK.Options options, BigInteger chainId, string r
             SiweSession = new SiweMessageService();
             Web3 = new Web3(rpcUrl);
             CurrentChainData = options.supportedChains.ToList().Find(x => x.chainId == new HexBigInteger(chainId).HexValue);
+            BundleId = Utils.GetBundleId();
         }
 
         #endregion

Assets/Thirdweb/Core/Scripts/Utils.cs

@@ -388,9 +388,10 @@ public static string GetBundleId()
 
         public static string AppendBundleIdQueryParam(this string uri)
         {
-            string bundleId = GetBundleId();
-            if (!Utils.IsWebGLBuild())
-                uri += $"?bundleId={bundleId}";
+            if (Utils.IsWebGLBuild())
+                return uri;
+
+            uri += $"?bundleId={ThirdwebManager.Instance?.SDK?.session?.BundleId ?? GetBundleId()}";
             return uri;
         }
 

Assets/Thirdweb/Core/Scripts/Wallet.cs

@@ -96,7 +96,7 @@ public async Task<LoginPayload> Authenticate(string domain)
                     Resources = new List<string>(),
                     Uri = $"https://{domain}",
                     Statement = "Please ensure that the domain above matches the URL of the current website.",
-                    Address = await GetSignerAddress(),
+                    Address = await GetAddress(),
                     Domain = domain,
                     ChainId = (await GetChainId()).ToString(),
                     Version = "1",
@@ -166,9 +166,13 @@ public async Task<string> Verify(LoginPayload payload)
                 };
                 var signature = payload.signature;
                 var validUser = await siwe.IsUserAddressRegistered(siweMessage);
+                var msg = SiweMessageStringBuilder.BuildMessage(siweMessage);
                 if (validUser)
                 {
-                    if (await siwe.IsMessageSignatureValid(siweMessage, signature))
+                    string recoveredAddress = await RecoverAddress(msg, signature);
+                    Debug.Log($"Recovered address: {recoveredAddress}");
+                    Debug.Log($"Message address: {siweMessage.Address}");
+                    if (recoveredAddress == siweMessage.Address)
                     {
                         if (siwe.IsMessageTheSameAsSessionStored(siweMessage))
                         {
@@ -376,12 +380,25 @@ public async Task<TransactionResult> Transfer(string to, string amount, string c
         /// <returns>The signature of the message as a string.</returns>
         public async Task<string> Sign(string message)
         {
+            if (!await IsConnected())
+                throw new Exception("No account connected!");
+
             if (Utils.IsWebGLBuild())
             {
                 return await Bridge.InvokeRoute<string>(getRoute("sign"), Utils.ToJsonStringArray(message));
             }
             else
             {
+                if (ThirdwebManager.Instance.SDK.session.ActiveWallet.GetProvider() == WalletProvider.SmartWallet)
+                {
+                    var sw = ThirdwebManager.Instance.SDK.session.ActiveWallet as Wallets.ThirdwebSmartWallet;
+                    if (!sw.SmartWallet.IsDeployed && !sw.SmartWallet.IsDeploying)
+                    {
+                        Debug.Log("SmartWallet not deployed, deploying before signing...");
+                        await sw.SmartWallet.ForceDeploy();
+                    }
+                }
+
                 return await ThirdwebManager.Instance.SDK.session.Request<string>("personal_sign", message, await GetSignerAddress());
             }
         }
@@ -397,7 +414,20 @@ public async Task<string> Sign(string message)
         public async Task<string> SignTypedDataV4<T, TDomain>(T data, TypedData<TDomain> typedData)
             where TDomain : IDomain
         {
-            if (ThirdwebManager.Instance.SDK.session.ActiveWallet.GetSignerProvider() == WalletProvider.LocalWallet)
+            if (!await IsConnected())
+                throw new Exception("No account connected!");
+
+            if (ThirdwebManager.Instance.SDK.session.ActiveWallet.GetProvider() == WalletProvider.SmartWallet)
+            {
+                var sw = ThirdwebManager.Instance.SDK.session.ActiveWallet as Wallets.ThirdwebSmartWallet;
+                if (!sw.SmartWallet.IsDeployed && !sw.SmartWallet.IsDeploying)
+                {
+                    Debug.Log("SmartWallet not deployed, deploying before signing...");
+                    await sw.SmartWallet.ForceDeploy();
+                }
+            }
+
+            if (ThirdwebManager.Instance.SDK.session.ActiveWallet.GetLocalAccount() != null)
             {
                 var signer = new Eip712TypedDataSigner();
                 var key = new EthECKey(ThirdwebManager.Instance.SDK.session.ActiveWallet.GetLocalAccount().PrivateKey);
@@ -441,6 +471,15 @@ public async Task<string> RecoverAddress(string message, string signature)
             else
             {
                 var signer = new EthereumMessageSigner();
+                if (ThirdwebManager.Instance.SDK.session.ActiveWallet.GetProvider() == WalletProvider.SmartWallet)
+                {
+                    var sw = ThirdwebManager.Instance.SDK.session.ActiveWallet as Wallets.ThirdwebSmartWallet;
+                    bool isSigValid = await sw.SmartWallet.VerifySignature(signer.HashPrefixedMessage(System.Text.Encoding.UTF8.GetBytes(message)), signature.HexStringToByteArray());
+                    if (isSigValid)
+                    {
+                        return await GetAddress();
+                    }
+                }
                 var addressRecovered = signer.EncodeUTF8AndEcRecover(message, signature);
                 return addressRecovered;
             }
@@ -463,9 +502,9 @@ public async Task<TransactionResult> SendRawTransaction(TransactionRequest trans
                     transactionRequest.data,
                     transactionRequest.to,
                     transactionRequest.from,
-                    new Nethereum.Hex.HexTypes.HexBigInteger(BigInteger.Parse(transactionRequest.gasLimit)),
-                    new Nethereum.Hex.HexTypes.HexBigInteger(BigInteger.Parse(transactionRequest.gasPrice)),
-                    new Nethereum.Hex.HexTypes.HexBigInteger(transactionRequest.value)
+                    new HexBigInteger(BigInteger.Parse(transactionRequest.gasLimit)),
+                    new HexBigInteger(BigInteger.Parse(transactionRequest.gasPrice)),
+                    new HexBigInteger(transactionRequest.value)
                 );
                 var receipt = await ThirdwebManager.Instance.SDK.session.Web3.Eth.TransactionManager.SendTransactionAndWaitForReceiptAsync(input);
                 return receipt.ToTransactionResult();

Assets/Thirdweb/Core/Scripts/Wallets/ThirdwebPaper.cs

@@ -31,7 +31,7 @@ public async Task<string> Connect(WalletConnection walletConnection, string rpc)
             }
 
             _account = (await PaperUI.Instance.Connect(_paper, walletConnection.email)).Account;
-            _web3 = new Web3(_account, ThirdwebManager.Instance.SDK.session.RPC);
+            _web3 = new Web3(_account, rpc);
 
             return await GetAddress();
         }

Assets/Thirdweb/Core/Scripts/Wallets/ThirdwebSmartWallet.cs

@@ -8,11 +8,16 @@ namespace Thirdweb.Wallets
 {
     public class ThirdwebSmartWallet : IThirdwebWallet
     {
+        private SmartWallet _smartWallet;
+        public SmartWallet SmartWallet
+        {
+            get { return _smartWallet; }
+        }
+
         private Web3 _web3;
         private WalletProvider _provider;
         private WalletProvider _signerProvider;
         private IThirdwebWallet _personalWallet;
-        private SmartWallet _smartWallet;
         private ThirdwebSDK.SmartWalletConfig _config;
 
         public ThirdwebSmartWallet(IThirdwebWallet personalWallet, ThirdwebSDK.SmartWalletConfig config)