From 6a2bec51437d961cde28af401708401c384a22e9 Mon Sep 17 00:00:00 2001
From: lakshmi kanth <kanth.explorer@gmail.com>
Date: Tue, 1 Oct 2024 11:28:38 +0530
Subject: [PATCH] Fix/sessionkey token validation (#40)

* fix: token validation while enabling sessionKey

* fix: validate token address call during sessionKey generation and rotation

* fix: ValidatorAddress validation and errorMessages during getNonce function call

* fix: update changeLog and version for sessionKeySDK changes

* chore: package lock updates with version changes

* fix: rename SessionKeyValidator-token validation function

* fix: SessionKeyValidator SDK - remove redundant validation check on token decimals

* fix: ChangeLog for the fix with version 2.0.5
---
 CHANGELOG.md                                  |  5 ++++
 package-lock.json                             |  7 ++++--
 package.json                                  |  2 +-
 .../SessionKeyValidator.ts                    | 25 ++++++++++++++++++-
 src/sdk/base/EtherspotWalletAPI.ts            | 16 +++++++++---
 5 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8367dc..8e58cba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,9 @@
 # Changelog
+## [2.0.5] - 2024-09-26
+### fix
+- validate the tokenAddress for `enableSessionKey` on `SessionKeyValidator` SDK instance
+- validate the validatorAddress being set in tne `key` during `estimate` call on ModularSDK
+
 ## [2.0.4] - 2024-09-04
 ### Breaking Changes
 - Static method `create` to initialize `SessionKeyValidator`
diff --git a/package-lock.json b/package-lock.json
index ec9d7eb..e7c2211 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@etherspot/modular-sdk",
-  "version": "2.0.3",
+  "version": "2.0.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@etherspot/modular-sdk",
-      "version": "2.0.3",
+      "version": "2.0.5",
       "license": "MIT",
       "dependencies": {
         "@lifi/sdk": "2.5.0",
@@ -768,6 +768,7 @@
       "version": "0.11.14",
       "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz",
       "integrity": "sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==",
+      "deprecated": "Use @eslint/config-array instead",
       "dev": true,
       "dependencies": {
         "@humanwhocodes/object-schema": "^2.0.2",
@@ -795,6 +796,7 @@
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz",
       "integrity": "sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==",
+      "deprecated": "Use @eslint/object-schema instead",
       "dev": true
     },
     "node_modules/@jridgewell/resolve-uri": {
@@ -1776,6 +1778,7 @@
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/@walletconnect/sign-client/-/sign-client-2.10.0.tgz",
       "integrity": "sha512-hbDljDS53kR/It3oXD91UkcOsT6diNnW5+Zzksm0YEfwww5dop/YfNlcdnc8+jKUhWOL/YDPNQCjzsCSNlVzbw==",
+      "deprecated": "Reliability and performance greatly improved - please see https://github.com/WalletConnect/walletconnect-monorepo/releases",
       "dependencies": {
         "@walletconnect/core": "2.10.0",
         "@walletconnect/events": "^1.0.1",
diff --git a/package.json b/package.json
index b39b5a9..ca631a8 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@etherspot/modular-sdk",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "description": "Etherspot Modular SDK - build with ERC-7579 smart accounts modules",
   "keywords": [
     "ether",
diff --git a/src/sdk/SessionKeyValidator/SessionKeyValidator.ts b/src/sdk/SessionKeyValidator/SessionKeyValidator.ts
index 9ffc75a..aead42a 100644
--- a/src/sdk/SessionKeyValidator/SessionKeyValidator.ts
+++ b/src/sdk/SessionKeyValidator/SessionKeyValidator.ts
@@ -1,4 +1,4 @@
-import { Contract, providers } from "ethers";
+import { Contract, ethers, providers } from "ethers";
 import { ModularSdk } from "../sdk";
 import { KeyStore, PERMISSIONS_URL } from "./constants";
 import { SessionKeyResponse, GenerateSessionKeyResponse, GetSessionKeyResponse, DeleteSessionKeyResponse, SessionData } from "./interfaces";
@@ -7,6 +7,7 @@ import { DEFAULT_ERC20_SESSION_KEY_VALIDATOR_ADDRESS, Networks } from "../networ
 import { MODULE_TYPE, UserOperation, deepHexlify } from "../common";
 import { resolveProperties } from "ethers/lib/utils";
 import * as ERC20SessionKeyValidatorABI from "../abi/ERC20SessionKeyValidator.json";
+import { ERC20_ABI } from "../helpers/abi/ERC20_ABI";
 
 export class SessionKeyValidator {
     private modularSdk: ModularSdk;
@@ -66,6 +67,12 @@ export class SessionKeyValidator {
                 throw new Error('Function Selector is required');
             }
 
+            const isValidTokenIndicator = await this.isValidToken(token);
+
+            if (!isValidTokenIndicator) {
+                throw new Error(`Token: ${token} is does not exist or is invalid`);
+            }
+
             const data = await this.generateSessionKeyData(
                 account,
                 this.chainId,
@@ -129,6 +136,12 @@ export class SessionKeyValidator {
             const apiKeyMatch = this.provider.connection.url.match(/api-key=([^&]+)/);
             const apiKey = apiKeyMatch ? apiKeyMatch[1] : null;
 
+            const isValidTokenIndicator = await this.isValidToken(token);
+
+            if (!isValidTokenIndicator) {
+                throw new Error(`Token: ${token} is does not exist or is invalid`);
+            }
+
             const data = await this.generateSessionKeyData(
                 account,
                 this.chainId,
@@ -460,4 +473,14 @@ export class SessionKeyValidator {
             throw new Error(err.message)
         }
     }
+
+    async isValidToken(token: string): Promise<boolean> {
+
+        const erc20 = new Contract(token, ERC20_ABI, this.provider);
+        const decimals = await erc20.decimals();
+        if (!decimals || decimals as number == 0) {
+            return false;
+        }
+        return true;
+    }
 }
diff --git a/src/sdk/base/EtherspotWalletAPI.ts b/src/sdk/base/EtherspotWalletAPI.ts
index 1373adf..944cdb8 100644
--- a/src/sdk/base/EtherspotWalletAPI.ts
+++ b/src/sdk/base/EtherspotWalletAPI.ts
@@ -289,10 +289,20 @@ export class EtherspotWalletAPI extends BaseAccountAPI {
 
   async getNonce(key: BigNumber = BigNumber.from(0)): Promise<BigNumber> {
     const accountAddress = await this.getAccountAddress();
-    const dummyKey = key.eq(0)
-      ? ethers.utils.getAddress(this.multipleOwnerECDSAValidatorAddress) + "00000000"
-      : ethers.utils.getAddress(key.toHexString()) + "00000000";
+    const nonceAddressPrefix =  key.eq(0) ? this.multipleOwnerECDSAValidatorAddress : key.toHexString();
 
+    // validate if the nonceAddressPrefix is a valid Address based on its size and also valid sequence of characters in it
+    if (!ethers.utils.isAddress(nonceAddressPrefix)) {
+      throw new Error(`Invalid Validator Address: ${nonceAddressPrefix}`);
+    }
+
+    const isValidatorInstalled : boolean = await this.isModuleInstalled(MODULE_TYPE.VALIDATOR, nonceAddressPrefix);
+
+    if(!isValidatorInstalled) {
+      throw new Error(`Validator: ${nonceAddressPrefix} is not installed in the wallet`);
+    }
+
+    const dummyKey = ethers.utils.getAddress(nonceAddressPrefix) + "00000000";
     return await this.entryPointView.getNonce(accountAddress, BigInt(dummyKey));
   }