[SDK] EIP-7702 Session Keys

Author: 0xFirekeeper

packages/thirdweb/src/extensions/erc7702/account/createSessionKey.ts

@@ -0,0 +1,128 @@
+import { randomBytesHex } from "../../../utils/random.js";
+import type { BaseTransactionOptions } from "../../../transaction/types.js";
+import type { Account } from "../../../wallets/interfaces/wallet.js";
+import { CallSpecRequest, ConstraintRequest, SessionSpecRequest, TransferSpecRequest, UsageLimitRequest, type CallSpecInput, type TransferSpecInput } from "./types.js";
+import { isCreateSessionWithSigSupported, createSessionWithSig } from "../__generated__/MinimalAccount/write/createSessionWithSig.js";
+
+/**
+ * @extension ERC7702
+ */
+export type CreateSessionKeyOptions = {
+  /**
+   * The admin account that will perform the operation.
+   */
+  account: Account;
+  /**
+   * The address to add as a session key.
+   */
+  sessionKeyAddress: `0x${string}`;
+  /**
+   * How long the session key should be valid for, in seconds.
+   */
+  durationInSeconds: number;
+  /**
+   * Whether to grant full execution permissions to the session key.
+   */
+  grantFullPermissions?: boolean;
+  /**
+   * Smart contract interaction policies to apply to the session key, ignored if grantFullPermissions is true.
+   */
+  callPolicies?: CallSpecInput[];
+  /**
+   * Value transfer policies to apply to the session key, ignored if grantFullPermissions is true.
+   */
+  transferPolicies?: TransferSpecInput[];
+};
+
+/**
+ * Creates  session key permissions for a specified address.
+ * @param options - The options for the createSessionKey function.
+ * @param {Contract} options.contract - The EIP-7702 smart EOA contract to create the session key from
+ * @returns The transaction object to be sent.
+ * @example
+ * ```ts
+ * import { createSessionKey } from 'thirdweb/extensions/7702';
+ * import { sendTransaction } from 'thirdweb';
+ *
+ * const transaction = createSessionKey({
+ *  account: account,
+ *  contract: accountContract,
+ *  sessionKeyAddress: TEST_ACCOUNT_A.address,
+ *  durationInSeconds: 86400, // 1 day
+ *  grantFullPermissions: true
+ *})
+ *
+ * await sendTransaction({ transaction, account });
+ * ```
+ * @extension ERC7702
+ */
+export function createSessionKey(
+  options: BaseTransactionOptions<CreateSessionKeyOptions>,
+) {
+  const { contract, account, sessionKeyAddress, durationInSeconds, grantFullPermissions, callPolicies, transferPolicies } = options;
+
+  return createSessionWithSig({
+    async asyncParams() {
+      const req = {
+        signer: sessionKeyAddress,
+        isWildcard: grantFullPermissions ?? true,
+        expiresAt: BigInt(Math.floor(Date.now() / 1000) + durationInSeconds),
+        callPolicies: (callPolicies || []).map(policy => ({
+          target: policy.target,
+          selector: policy.selector,
+          maxValuePerUse: policy.maxValuePerUse || BigInt(0),
+          valueLimit: policy.valueLimit || { limitType: 0, limit: BigInt(0), period: BigInt(0) },
+          constraints: (policy.constraints || []).map(constraint => ({
+            condition: constraint.condition,
+            index: constraint.index || BigInt(0),
+            refValue: constraint.refValue || "0x",
+            limit: constraint.limit || { limitType: 0, limit: BigInt(0), period: BigInt(0) }
+          }))
+        })),
+        transferPolicies: (transferPolicies || []).map(policy => ({
+          target: policy.target,
+          maxValuePerUse: policy.maxValuePerUse || BigInt(0),
+          valueLimit: policy.valueLimit || { limitType: 0, limit: BigInt(0), period: BigInt(0) }
+        })),
+        uid: await randomBytesHex(),
+      };
+
+      const signature = await account.signTypedData({
+        domain: {
+          chainId: contract.chain.id,
+          name: "MinimalAccount",
+          verifyingContract: contract.address,
+          version: "1",
+        },
+        message: req,
+        primaryType: "SessionSpec",
+        types: {
+          SessionSpec: SessionSpecRequest,
+          CallSpec: CallSpecRequest,
+          Constraint: ConstraintRequest,
+          TransferSpec: TransferSpecRequest,
+          UsageLimit: UsageLimitRequest,
+        },
+      });
+
+      return { sessionSpec: req, signature };
+    },
+    contract,
+  });
+}
+
+/**
+ * Checks if the `isCreateSessionKeySupported` method is supported by the given contract.
+ * @param availableSelectors An array of 4byte function selectors of the contract. You can get this in various ways, such as using "whatsabi" or if you have the ABI of the contract available you can use it to generate the selectors.
+ * @returns A boolean indicating if the `isAddSessionKeySupported` method is supported.
+ * @extension ERC7702
+ * @example
+ * ```ts
+ * import { isCreateSessionKeySupported } from "thirdweb/extensions/erc7702";
+ *
+ * const supported = isCreateSessionKeySupported(["0x..."]);
+ * ```
+ */
+export function isCreateSessionKeySupported(availableSelectors: string[]) {
+  return isCreateSessionWithSigSupported(availableSelectors);
+}

packages/thirdweb/src/extensions/erc7702/account/sessionkey.test.ts

@@ -0,0 +1,123 @@
+import { beforeAll, describe, expect, it } from "vitest";
+import { TEST_CLIENT } from "../../../../test/src/test-clients.js";
+import {
+  TEST_ACCOUNT_A,
+  TEST_ACCOUNT_B,
+} from "../../../../test/src/test-wallets.js";
+import { ZERO_ADDRESS } from "../../../constants/addresses.js";
+import {
+  getContract,
+  type ThirdwebContract,
+} from "../../../contract/contract.js";
+import { parseEventLogs } from "../../../event/actions/parse-logs.js";
+import { sendAndConfirmTransaction } from "../../../transaction/actions/send-and-confirm-transaction.js";
+import { sessionCreatedEvent } from "../__generated__/MinimalAccount/events/SessionCreated.js";
+import { createSessionKey } from "./createSessionKey.js";
+import { inAppWallet } from "src/wallets/in-app/web/in-app.js";
+import { prepareTransaction } from "src/transaction/prepare-transaction.js";
+import type { Account } from "src/wallets/interfaces/wallet.js";
+import { defineChain } from "src/chains/utils.js";
+
+describe.runIf(process.env.TW_SECRET_KEY)("Session Key Behavior", {
+    retry: 0,
+    timeout: 240_000,
+  },() => {
+  let chainId = 11155111;
+  let account: Account;
+  let accountContract: ThirdwebContract;
+
+  beforeAll(async () => {
+    // Create 7702 Smart EOA
+    const wallet = inAppWallet({
+      executionMode: {
+        mode: "EIP7702",
+        sponsorGas: true,
+      },
+    });
+    account = await wallet.connect({
+      chain: defineChain(chainId),
+      client: TEST_CLIENT,
+      strategy: "guest",
+    })
+
+    // Send a null tx to trigger deploy/upgrade
+    await sendAndConfirmTransaction({
+      account: account,
+      transaction: prepareTransaction({
+        to: account.address,
+        chain: defineChain(chainId),
+        client: TEST_CLIENT,
+        value: 0n,
+      }),
+    });
+
+    // Will auto resolve abi since it's deployed
+    accountContract = getContract({
+      address: account.address,
+      chain: defineChain(chainId),
+      client: TEST_CLIENT,
+    });
+  }, 120_000);
+
+  it("should allow adding adminlike session keys", async () => {
+    const receipt = await sendAndConfirmTransaction({
+      account: account,
+      transaction: createSessionKey({
+        account: account,
+        contract: accountContract,
+        sessionKeyAddress: TEST_ACCOUNT_A.address,
+        durationInSeconds: 86400, // 1 day
+        grantFullPermissions: true
+      }),
+    });
+    const logs = parseEventLogs({
+      events: [sessionCreatedEvent()],
+      logs: receipt.logs,
+    });
+    expect(logs[0]?.args.signer).toBe(TEST_ACCOUNT_A.address);
+  });
+
+  it("should allow adding granular session keys", async () => {
+    const receipt = await sendAndConfirmTransaction({
+      account: account,
+      transaction: createSessionKey({
+        account: account,
+        contract: accountContract,
+        sessionKeyAddress: TEST_ACCOUNT_A.address,
+        durationInSeconds: 86400, // 1 day
+        grantFullPermissions: false,
+        callPolicies: [
+          {
+            target: ZERO_ADDRESS,
+            selector: "0x00000000",
+            maxValuePerUse: 0n,
+            valueLimit: {
+              limitType: 0,
+              limit: 0n,
+              period: 0n,
+            },
+            constraints: [],
+          },
+        ],
+        transferPolicies: [
+          {
+            target: ZERO_ADDRESS,
+            maxValuePerUse: 0n,
+            valueLimit: {
+              limitType: 0,
+              limit: 0n,
+              period: 0n,
+            },
+          },
+        ],
+      }),
+    });
+    const logs = parseEventLogs({
+      events: [sessionCreatedEvent()],
+      logs: receipt.logs,
+    });
+    expect(logs[0]?.args.signer).toBe(TEST_ACCOUNT_A.address);
+    expect(logs[0]?.args.sessionSpec.callPolicies).toHaveLength(1);
+    expect(logs[0]?.args.sessionSpec.transferPolicies).toHaveLength(1);
+  });
+});

packages/thirdweb/src/extensions/erc7702/account/types.ts

@@ -0,0 +1,85 @@
+
+/* ────────────────────────────────
+   Input types
+   ──────────────────────────────── */
+
+/* ---------- UsageLimit ---------- */
+export interface UsageLimitInput {
+  limitType: number;
+  limit: bigint;
+  period: bigint;
+}
+
+/* ---------- Constraint ---------- */
+export interface ConstraintInput {
+  condition: number;
+  index: bigint;
+  refValue: `0x${string}`;
+  limit?: UsageLimitInput;
+}
+
+/* ---------- CallSpec ---------- */
+export interface CallSpecInput {
+  target: `0x${string}`;
+  selector: `0x${string}`;
+  maxValuePerUse?: bigint;
+  valueLimit?: UsageLimitInput;
+  constraints?: ConstraintInput[];
+}
+
+/* ---------- TransferSpec ---------- */
+export interface TransferSpecInput {
+  target: `0x${string}`;
+  maxValuePerUse?: bigint;
+  valueLimit?: UsageLimitInput;
+}
+
+/* ---------- SessionSpec ---------- */
+export interface SessionSpecInput {
+  signer: `0x${string}`;
+  isWildcard?: boolean;
+  expiresAt?: bigint;
+  callPolicies?: CallSpecInput[];
+  transferPolicies?: TransferSpecInput[];
+  uid: `0x${string}`;
+}
+
+/* ────────────────────────────────
+   EIP-712 structs
+   ──────────────────────────────── */
+
+export const UsageLimitRequest = [
+  { name: "limitType", type: "uint8" },
+  { name: "limit", type: "uint256" },
+  { name: "period", type: "uint256" },
+] as const;
+
+export const ConstraintRequest = [
+  { name: "condition", type: "uint8" },
+  { name: "index", type: "uint64" },
+  { name: "refValue", type: "bytes32" },
+  { name: "limit", type: "UsageLimit" },
+] as const;
+
+export const CallSpecRequest = [
+  { name: "target", type: "address" },
+  { name: "selector", type: "bytes4" },
+  { name: "maxValuePerUse", type: "uint256" },
+  { name: "valueLimit", type: "UsageLimit" },
+  { name: "constraints", type: "Constraint[]" },
+] as const;
+
+export const TransferSpecRequest = [
+  { name: "target", type: "address" },
+  { name: "maxValuePerUse", type: "uint256" },
+  { name: "valueLimit", type: "UsageLimit" },
+] as const;
+
+export const SessionSpecRequest = [
+  { name: "signer", type: "address" },
+  { name: "isWildcard", type: "bool" },
+  { name: "expiresAt", type: "uint256" },
+  { name: "callPolicies", type: "CallSpec[]" },
+  { name: "transferPolicies", type: "TransferSpec[]" },
+  { name: "uid", type: "bytes32" },
+] as const;

packages/thirdweb/src/wallets/in-app/core/eip7702/minimal-account.ts

@@ -24,7 +24,7 @@ import {
 import type { BundlerOptions } from "../../../smart/types.js";
 
 const MINIMAL_ACCOUNT_IMPLEMENTATION_ADDRESS =
-  "0xbaC7e770af15d130Cd72838ff386f14FBF3e9a3D";
+  "0xD6999651Fc0964B9c6B444307a0ab20534a66560";
 
 export const create7702MinimalAccount = (args: {
   client: ThirdwebClient;