UNPKG

@runonflux/account-abstraction

Version:

Account Abstraction Schnorr Multi-Signatures

github.com/RunOnFlux/account-abstraction

RunOnFlux/account-abstraction

125 lines (77 loc) ā€¢ 5.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# Account Abstraction Schnorr MultiSig Account Abstraction - Schnorr Multi Signature ERC-4337 compliant smart contracts. ## Overview This package provides a robust implementation of ERC-4337 Account Abstraction using Schnorr Multi-Signatures. It includes two main smart contracts: - **MultiSigSmartAccount**: Implements the ERC-4337 Account Abstraction. - **MultiSigSmartAccountFactory**: A factory contract for creating account abstractions. The contracts are designed to be [UUPS Upgradeable Proxies](https://docs.openzeppelin.com/contracts/5.x/api/proxy#UUPSUpgradeable), allowing upgrades by the Owner. The Owner role is assigned to the combined public address (`combinedAddress`) during account initialization, ensuring that critical functions like upgrades or withdrawals require Schnorr Multi-signature authorization. ## Key Features - **Secure Multi-Signature Transactions**: Utilizes Schnorr signatures for enhanced security. - **Upgradeable Contracts**: Supports UUPS proxy pattern for contract upgrades. - **ERC-4337 Compliance**: Adheres to the latest Ethereum standards for account abstraction. ## Requirements - **Node.js**: Version >=18 - **npm**: Version >=9 ## Installation NPM package ```bash npm install @runonflux/account-abstraction ``` Clone the repository and install dependencies: ```bash git clone https://github.com/RunOnFlux/account-abstraction.git cd account-abstraction npm install ``` ## Testing Run the test suite using: ```bash npm run test ``` ## Deployments Refer to the [Deployments](./deployments.md) for information about deployed contracts. Deploy the MultiSigSmartAccount Factory on Ethereum Sepolia Testnet: ```bash npm run deploy:sepolia ``` For other supported networks, use: ```bash npx hardhat deploy --network <NETWORK_NAME> --tags ACCOUNT_FACTORY ``` Supported networks include: - mainnet - sepolia - polygon-mainnet ## Build Package Build the package with: ```bash npm run prebuild npm run build ``` The package includes: - `abi`: Generated ABI JSON files for smart contracts. - `deployments`: Addresses of deployed contracts for each supported network. - `typechain`: TypeScript typings generated from ABI files. ## Associated Packages - **[MultiSig Schnorr Signature SDK](https://www.npmjs.com/package/@runonflux/aa-schnorr-multisig-sdk)**: A TypeScript library for creating ERC-4337 Account Abstractions with Schnorr Signatures. Refer to the [SDK README](https://github.com/RunOnFlux/account-abstraction/tree/main/aa-schnorr-multisig-sdk) for usage guides and examples. ## SSP Wallet The SSP Wallet is a multi-signature, multi-asset wallet leveraging this SDK for EVM chains. For more information and usage examples, visit the [SSP Wallet Repository](https://github.com/RunOnFlux/ssp-wallet). ## License This project is licensed under the MIT License. See the [LICENSE](./LICENSE) file for details. ## Reporting Issues Found a bug? Please report it on our [issue tracker](https://github.com/RunOnFlux/account-abstraction/issues). ## Inspiration, Credits & Acknowledgements - *This library is based on [Borislav Itskov research](https://hackmd.io/@0xbobby/rkIGEBVb2) and draws inspiration from the [schnorrkel.js](https://github.com/borislav-itskov/schnorrkel.js) implementation.* - *Account Abstraction ERC4337 [eth-infinitism/account-abstraction](https://github.com/eth-infinitism/account-abstraction)* ## Security Audits The smart contracts and SDK underwent a comprehensive security audit by [Halborn](https://halborn.com/) finalised in **February 2025**. ### Audit Reports šŸ“„ **Smart Contracts Audit** - **[Halborn Audit Report ā€“ Smart Contracts](https://github.com/RunOnFlux/account-abstraction/blob/main/Account_Abstraction_Schnorr_MultiSig_SmartContracts_SecAudit_HALBORN.pdf)** (GitHub) - **[Halborn Public Report ā€“ Smart Contracts](https://www.halborn.com/audits/influx-technologies/account-abstraction-schnorr-multisig)** (Halborn) šŸ“„ **SDK Audit** - **[Halborn Audit Report ā€“ SDK](https://github.com/RunOnFlux/account-abstraction/blob/main/Account_Abstraction_Schnorr_MultiSig_SDK_SecAudit_HALBORN.pdf)** (GitHub) - **[Halborn Public Report ā€“ SDK](https://www.halborn.com/audits/influx-technologies/account-abstraction-schnorr-signatures-sdk)** (Halborn) ### Findings & Notes - **Smart Contracts:** All findings were in **unused code**, which has been **removed** in the `main` branch. Contracts were **redeployed**, and the `main` branch is recommended for production while `master` branch is an archive where audits were assessed and perfectly safe to continue using. ([Fix PR](https://github.com/RunOnFlux/account-abstraction/pull/15)) - **SDK:** All important findigs were addressed in the `main` branch. Be noted that examples are using hard coded values, furthermore this library requires proper **nonce management** on the client side, and following a strict **error-throwing approach**. ([Fix PR](https://github.com/RunOnFlux/account-abstraction/pull/17))