UNPKG

@runonflux/aa-schnorr-multisig-sdk

Version:

Account Abstraction Schnorr Multi-Signatures SDK

github.com/RunOnFlux/account-abstraction

RunOnFlux/account-abstraction

96 lines (55 loc) ā€¢ 4.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Account Abstraction Schnorr Multi Signatures SDK A typescript library for creating ERC-4337 Account Abstraction which utilizes Schnorr Signatures for multi signatures. ## About Current library provide utilities to sign/send User Operation's with Schnorr Signer. [Alchemy Account Kit](https://accountkit.alchemy.com/) used to send User Operations. To better understand usage of library go to ***Examples*** section. ## āš ļø Critical Information ### Public Nonces Never reuse public nonces. Reusing them will cryptographically expose your private keys and lead to a loss of funds. Implement robust nonce management in your application is crucial for security, make sure to delete nonce after usage and never use it again. ### Salts Construction of multisignature address uses salts. Ensure salts are deterministic and consistent to maintain cross-wallet compatibility. Usage of different salts will lead to different multisignature address. Use the following salts that are used by SSP Wallet: - `accountSalt`: `aasalt` - `factorySalt`: `aafactorysalt` ## šŸ“¦ Installation Install via npm: ```bash npm install @runonflux/aa-schnorr-multisig-sdk ``` Or clone the repository: ```bash git clone https://github.com/RunOnFlux/account-abstraction.git cd account-abstraction/aa-schnorr-multisig-sdk npm i ``` ## šŸ› ļø Usage To get started, explore our examples and documentation. Ensure you have a `.env` file configured with the necessary environment variables as shown in `.env.sample`. ### Examples - **[Get Smart Account Address On-Chain/Off-Chain](./examples/account-address/account_address.md)** - **[Smart Account Deployment](./examples/account-deployment/account-deployment.md)** - **[Sign 3 of 3](./examples/sign_3_of_3/sign-3_of_3.md)** ## šŸ› Reporting Issues Found a bug? Please report it on our [issue tracker](https://github.com/RunOnFlux/account-abstraction/issues). ## šŸ“œ License This project is licensed under the MIT License. ## šŸŒ Associated Packages - **[MultiSig Smart Account - ERC-4337 Smart Contracts](https://www.npmjs.com/package/@runonflux/account-abstraction)** - **[Account Abstraction - Schnorr Multisig SDK](https://www.npmjs.com/package/@runonflux/aa-schnorr-multisig-sdk)** ## SSP Wallet SSP Wallet is a multi-signature multi-asset wallet that uses this AA Schnorr Multi-Signature SDK for EVM chains. Check out the SSP Wallet repository for more information and proper usage of the library - **[SSP Wallet Repository](https://github.com/RunOnFlux/ssp-wallet)** ## Inspiration, Credits & Acknowledgements - *This library is based on [Borislav Itskov research](https://hackmd.io/@0xbobby/rkIGEBVb2) and draws inspiration from the [schnorrkel.js](https://github.com/borislav-itskov/schnorrkel.js) implementation.* - *Account Abstraction ERC4337 [eth-infinitism/account-abstraction](https://github.com/eth-infinitism/account-abstraction)* ## Security Audits The smart contracts and SDK underwent a comprehensive security audit by [Halborn](https://halborn.com/) finalised in **February 2025**. ### Audit Reports šŸ“„ **Smart Contracts Audit** - **[Halborn Audit Report ā€“ Smart Contracts](https://github.com/RunOnFlux/account-abstraction/blob/main/Account_Abstraction_Schnorr_MultiSig_SmartContracts_SecAudit_HALBORN.pdf)** (GitHub) - **[Halborn Public Report ā€“ Smart Contracts](https://www.halborn.com/audits/influx-technologies/account-abstraction-schnorr-multisig)** (Halborn) šŸ“„ **SDK Audit** - **[Halborn Audit Report ā€“ SDK](https://github.com/RunOnFlux/account-abstraction/blob/main/Account_Abstraction_Schnorr_MultiSig_SDK_SecAudit_HALBORN.pdf)** (GitHub) - **[Halborn Public Report ā€“ SDK](https://www.halborn.com/audits/influx-technologies/account-abstraction-schnorr-signatures-sdk)** (Halborn) ### Findings & Notes - **Smart Contracts:** All findings were in **unused code**, which has been **removed** in the `main` branch. Contracts were **redeployed**, and the `main` branch is recommended for production while `master` branch is an archive where audits were assessed and perfectly safe to continue using. ([Fix PR](https://github.com/RunOnFlux/account-abstraction/pull/15)) - **SDK:** All important findigs were addressed in the `main` branch. Be noted that examples are using hard coded values, furthermore this library requires proper **nonce management** on the client side, and following a strict **error-throwing approach**. ([Fix PR](https://github.com/RunOnFlux/account-abstraction/pull/17))