tempo_alloy/rpc/

reth_compat.rs

use crate::rpc::{TempoHeaderResponse, TempoTransactionRequest};
use alloy_consensus::{EthereumTxEnvelope, TxEip4844, error::ValueError};
use alloy_network::{NetworkTransactionBuilder, TxSigner};
use alloy_primitives::{Address, B256, Bytes, Signature};
use core::num::NonZeroU64;
use reth_evm::EvmEnv;
use reth_primitives_traits::SealedHeader;
use reth_rpc_convert::{
    FromConsensusHeader, SignTxRequestError, SignableTxRequest, TryIntoSimTx, TryIntoTxEnv,
};
use reth_rpc_eth_types::EthApiError;
use tempo_chainspec::hardfork::TempoHardfork;
use tempo_evm::TempoBlockEnv;
use tempo_primitives::{
    SignatureType, TempoHeader, TempoSignature, TempoTxEnvelope, TempoTxType,
    transaction::{Call, RecoveredTempoAuthorization},
};
use tempo_revm::{TempoBatchCallEnv, TempoTxEnv};

/// Non-zero transaction identifier used only for RPC simulations.
///
/// RPC requests are not final signed transactions, so gas filling and other request normalization
/// can make a simulated signing payload differ from the eventual submitted transaction. Use a
/// fixed sentinel instead of deriving a misleading future channel id from the simulated payload.
const RPC_SIMULATION_UNIQUE_TX_IDENTIFIER: B256 = B256::new(*b"TEMPO_RPC_SIMULATION_MPP_CONTEXT");

impl TryIntoSimTx<TempoTxEnvelope> for TempoTransactionRequest {
    fn try_into_sim_tx(self) -> Result<TempoTxEnvelope, ValueError<Self>> {
        match self.output_tx_type() {
            TempoTxType::AA => {
                let tx = self.build_aa()?;

                // Create an empty signature for the transaction.
                let signature = TempoSignature::default();

                Ok(tx.into_signed(signature).into())
            }
            TempoTxType::Legacy
            | TempoTxType::Eip2930
            | TempoTxType::Eip1559
            | TempoTxType::Eip7702 => {
                let Self {
                    inner,
                    fee_token,
                    nonce_key,
                    calls,
                    key_type,
                    key_data,
                    key_id,
                    tempo_authorization_list,
                    key_authorization,
                    valid_before,
                    valid_after,
                    fee_payer_signature,
                } = self;
                let envelope = match TryIntoSimTx::<EthereumTxEnvelope<TxEip4844>>::try_into_sim_tx(
                    inner.clone(),
                ) {
                    Ok(inner) => inner,
                    Err(e) => {
                        return Err(e.map(|inner| Self {
                            inner,
                            fee_token,
                            nonce_key,
                            calls,
                            key_type,
                            key_data,
                            key_id,
                            tempo_authorization_list,
                            key_authorization,
                            valid_before,
                            valid_after,
                            fee_payer_signature,
                        }));
                    }
                };

                Ok(envelope.try_into().map_err(
                    |e: ValueError<EthereumTxEnvelope<TxEip4844>>| {
                        e.map(|_inner| Self {
                            inner,
                            fee_token,
                            nonce_key,
                            calls,
                            key_type,
                            key_data,
                            key_id,
                            tempo_authorization_list,
                            key_authorization,
                            valid_before,
                            valid_after,
                            fee_payer_signature,
                        })
                    },
                )?)
            }
        }
    }
}

impl TryIntoTxEnv<TempoTxEnv, TempoHardfork, TempoBlockEnv> for TempoTransactionRequest {
    type Err = EthApiError;

    fn try_into_tx_env(
        self,
        evm_env: &EvmEnv<TempoHardfork, TempoBlockEnv>,
    ) -> Result<TempoTxEnv, Self::Err> {
        let caller_addr = self.inner.from.unwrap_or_default();

        let fee_payer = if self.fee_payer_signature.is_some() {
            // Try to recover the fee payer address from the signature.
            // If recovery fails (e.g. dummy signature during gas estimation / fill),
            // keep it unresolved so estimation/fill can continue with sender-paid semantics.
            let recovered = self
                .clone()
                .build_aa()
                .ok()
                .and_then(|tx| tx.recover_fee_payer(caller_addr).ok());
            Some(recovered)
        } else {
            None
        };

        let Self {
            inner,
            fee_token,
            calls,
            key_type,
            key_data,
            key_id,
            tempo_authorization_list,
            nonce_key,
            key_authorization,
            valid_before,
            valid_after,
            fee_payer_signature: _,
        } = self;

        Ok(TempoTxEnv {
            fee_token,
            is_system_tx: false,
            unique_tx_identifier: Some(RPC_SIMULATION_UNIQUE_TX_IDENTIFIER),
            fee_payer,
            tempo_tx_env: if !calls.is_empty()
                || !tempo_authorization_list.is_empty()
                || nonce_key.is_some()
                || key_authorization.is_some()
                || key_id.is_some()
                || fee_payer.is_some()
                || valid_before.is_some()
                || valid_after.is_some()
            {
                // Create mock signature for gas estimation
                // If key_type is not provided, default to secp256k1
                // For Keychain signatures, use the caller's address as the root key address
                let key_type = key_type.unwrap_or(SignatureType::Secp256k1);
                let mock_signature = create_mock_tempo_sig(
                    &key_type,
                    key_data.as_ref(),
                    key_id,
                    caller_addr,
                    evm_env.spec_id().is_t1c(),
                );

                let mut calls = calls;
                if let Some(to) = &inner.to {
                    calls.push(Call {
                        to: *to,
                        value: inner.value.unwrap_or_default(),
                        input: inner.input.clone().into_input().unwrap_or_default(),
                    });
                }
                if calls.is_empty() {
                    return Err(EthApiError::InvalidParams("empty calls list".to_string()));
                }

                Some(Box::new(TempoBatchCallEnv {
                    aa_calls: calls,
                    signature: mock_signature,
                    tempo_authorization_list: tempo_authorization_list
                        .into_iter()
                        .map(RecoveredTempoAuthorization::new)
                        .collect(),
                    nonce_key: nonce_key.unwrap_or_default(),
                    key_authorization,
                    signature_hash: B256::ZERO,
                    tx_hash: B256::ZERO,
                    valid_before: valid_before.map(NonZeroU64::get),
                    valid_after: valid_after.map(NonZeroU64::get),
                    subblock_transaction: false,
                    override_key_id: key_id,
                    expiring_nonce_idx: None,
                }))
            } else {
                None
            },
            inner: inner.try_into_tx_env(evm_env)?,
        })
    }
}

/// Creates a mock AA signature for gas estimation based on key type hints
///
/// - `key_type`: The primitive signature type (secp256k1, P256, WebAuthn)
/// - `key_data`: Type-specific data (e.g., WebAuthn size)
/// - `key_id`: If Some, wraps the signature in a Keychain wrapper (+3,000 gas for key validation)
/// - `caller_addr`: The transaction caller address (used as root key address for Keychain)
/// - `is_t1c`: Whether T1C is active — determines keychain signature version (V1 pre-T1C, V2 post-T1C)
fn create_mock_tempo_sig(
    key_type: &SignatureType,
    key_data: Option<&Bytes>,
    key_id: Option<Address>,
    caller_addr: alloy_primitives::Address,
    is_t1c: bool,
) -> TempoSignature {
    use tempo_primitives::transaction::tt_signature::{KeychainSignature, TempoSignature};

    let inner_sig = create_mock_primitive_signature(key_type, key_data.cloned());

    if key_id.is_some() {
        // For Keychain signatures, the root_key_address is the caller (account owner).
        let keychain_sig = if is_t1c {
            KeychainSignature::new(caller_addr, inner_sig)
        } else {
            KeychainSignature::new_v1(caller_addr, inner_sig)
        };
        TempoSignature::Keychain(keychain_sig)
    } else {
        TempoSignature::Primitive(inner_sig)
    }
}

/// Creates a mock primitive signature for gas estimation
fn create_mock_primitive_signature(
    sig_type: &SignatureType,
    key_data: Option<Bytes>,
) -> tempo_primitives::transaction::tt_signature::PrimitiveSignature {
    use tempo_primitives::transaction::tt_signature::{
        P256SignatureWithPreHash, PrimitiveSignature, WebAuthnSignature,
    };

    match sig_type {
        SignatureType::Secp256k1 => {
            // Create a dummy secp256k1 signature (65 bytes)
            PrimitiveSignature::Secp256k1(Signature::new(
                alloy_primitives::U256::ZERO,
                alloy_primitives::U256::ZERO,
                false,
            ))
        }
        SignatureType::P256 => {
            // Create a dummy P256 signature
            PrimitiveSignature::P256(P256SignatureWithPreHash {
                r: alloy_primitives::B256::ZERO,
                s: alloy_primitives::B256::ZERO,
                pub_key_x: alloy_primitives::B256::ZERO,
                pub_key_y: alloy_primitives::B256::ZERO,
                pre_hash: false,
            })
        }
        SignatureType::WebAuthn => {
            // Create a dummy WebAuthn signature with the specified size
            // key_data contains the total size of webauthn_data (excluding 128 bytes for public keys)
            // Default: 800 bytes if no key_data provided

            // Base clientDataJSON template (50 bytes): {"type":"webauthn.get","challenge":"","origin":""}
            // Authenticator data (37 bytes): 32 rpIdHash + 1 flags + 4 signCount
            // Minimum total: 87 bytes
            const BASE_CLIENT_JSON: &str = r#"{"type":"webauthn.get","challenge":"","origin":""}"#;
            const AUTH_DATA_SIZE: usize = 37;
            const MIN_WEBAUTHN_SIZE: usize = AUTH_DATA_SIZE + BASE_CLIENT_JSON.len(); // 87 bytes
            const DEFAULT_WEBAUTHN_SIZE: usize = 800; // Default when no key_data provided
            const MAX_WEBAUTHN_SIZE: usize = 8192; // Maximum realistic WebAuthn signature size

            // Parse size from key_data, or use default
            let size = if let Some(data) = key_data.as_ref() {
                match data.len() {
                    1 => data[0] as usize,
                    2 => u16::from_be_bytes([data[0], data[1]]) as usize,
                    4 => u32::from_be_bytes([data[0], data[1], data[2], data[3]]) as usize,
                    _ => DEFAULT_WEBAUTHN_SIZE, // Fallback default
                }
            } else {
                DEFAULT_WEBAUTHN_SIZE // Default size when no key_data provided
            };

            // Clamp size to safe bounds to prevent DoS via unbounded allocation
            let size = size.clamp(MIN_WEBAUTHN_SIZE, MAX_WEBAUTHN_SIZE);

            // Construct authenticatorData (37 bytes)
            let mut webauthn_data = vec![0u8; AUTH_DATA_SIZE];
            webauthn_data[32] = 0x01; // UP flag set

            // Construct clientDataJSON with padding in origin field if needed
            let additional_bytes = size - MIN_WEBAUTHN_SIZE;
            let client_json = if additional_bytes > 0 {
                // Add padding bytes to origin field
                // {"type":"webauthn.get","challenge":"","origin":"XXXXX"}
                let padding = "x".repeat(additional_bytes);
                format!(r#"{{"type":"webauthn.get","challenge":"","origin":"{padding}"}}"#,)
            } else {
                BASE_CLIENT_JSON.to_string()
            };

            webauthn_data.extend_from_slice(client_json.as_bytes());
            let webauthn_data = Bytes::from(webauthn_data);

            PrimitiveSignature::WebAuthn(WebAuthnSignature {
                webauthn_data,
                r: alloy_primitives::B256::ZERO,
                s: alloy_primitives::B256::ZERO,
                pub_key_x: alloy_primitives::B256::ZERO,
                pub_key_y: alloy_primitives::B256::ZERO,
            })
        }
    }
}

impl SignableTxRequest<TempoTxEnvelope> for TempoTransactionRequest {
    async fn try_build_and_sign(
        self,
        signer: impl TxSigner<Signature> + Send,
    ) -> Result<TempoTxEnvelope, SignTxRequestError> {
        if self.output_tx_type() == TempoTxType::AA {
            let mut tx = self
                .build_aa()
                .map_err(|_| SignTxRequestError::InvalidTransactionRequest)?;
            let signature = signer.sign_transaction(&mut tx).await?;
            Ok(tx.into_signed(signature.into()).into())
        } else {
            SignableTxRequest::<TempoTxEnvelope>::try_build_and_sign(self.inner, signer).await
        }
    }
}

impl FromConsensusHeader<TempoHeader> for TempoHeaderResponse {
    fn from_consensus_header(header: SealedHeader<TempoHeader>, block_size: usize) -> Self {
        Self {
            timestamp_millis: header.timestamp_millis(),
            inner: FromConsensusHeader::from_consensus_header(header, block_size),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use alloy_primitives::{TxKind, address};
    use alloy_rpc_types_eth::TransactionRequest;
    use alloy_signer::SignerSync;
    use alloy_signer_local::PrivateKeySigner;
    use reth_rpc_convert::TryIntoTxEnv;
    use tempo_primitives::{
        TempoTransaction,
        transaction::{Call, FEE_PAYER_SIGNATURE_MARKER, tt_signature::PrimitiveSignature},
    };

    #[test]
    fn test_estimate_gas_when_calls_set() {
        let existing_call = Call {
            to: TxKind::Call(address!("0x1111111111111111111111111111111111111111")),
            value: alloy_primitives::U256::from(1),
            input: Bytes::from(vec![0xaa]),
        };

        let req = TempoTransactionRequest {
            inner: TransactionRequest {
                to: Some(TxKind::Call(address!(
                    "0x2222222222222222222222222222222222222222"
                ))),
                value: Some(alloy_primitives::U256::from(2)),
                input: alloy_rpc_types_eth::TransactionInput::new(Bytes::from(vec![0xbb])),
                nonce: Some(0),
                gas: Some(100_000),
                max_fee_per_gas: Some(1_000_000_000),
                max_priority_fee_per_gas: Some(1_000_000),
                ..Default::default()
            },
            calls: vec![existing_call],
            nonce_key: Some(alloy_primitives::U256::ZERO),
            ..Default::default()
        };

        let built_calls = req.clone().build_aa().expect("build_aa").calls;

        let evm_env = EvmEnv::default();
        let tx_env = req.try_into_tx_env(&evm_env).expect("try_into_tx_env");
        let estimated_calls = tx_env.tempo_tx_env.expect("tempo_tx_env").aa_calls;

        assert_eq!(estimated_calls, built_calls);
    }

    #[test]
    fn test_try_into_tx_env_sets_channel_open_context_hash_for_rpc_simulation() {
        let sender = address!("0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
        let target = address!("0x2222222222222222222222222222222222222222");

        let req = TempoTransactionRequest {
            inner: TransactionRequest {
                from: Some(sender),
                to: Some(TxKind::Call(target)),
                nonce: Some(0),
                gas: Some(100_000),
                max_fee_per_gas: Some(1_000_000_000),
                max_priority_fee_per_gas: Some(1_000_000),
                chain_id: Some(4217),
                ..Default::default()
            },
            ..Default::default()
        };

        let evm_env = EvmEnv::default();
        let tx_env = req.try_into_tx_env(&evm_env).expect("try_into_tx_env");

        assert_eq!(
            tx_env.channel_open_context_hash(),
            Some(RPC_SIMULATION_UNIQUE_TX_IDENTIFIER)
        );
        assert_ne!(
            tx_env.channel_open_context_hash(),
            Some(B256::ZERO),
            "RPC simulations must seed a non-zero context hash so TIP20ChannelReserve.open() does not treat it as unset"
        );
    }

    #[test]
    fn test_webauthn_size_clamped_to_max() {
        // Attempt to create a signature with u32::MAX size (would be ~4GB without fix)
        let malicious_key_data = Bytes::from(0xFFFFFFFFu32.to_be_bytes().to_vec());
        let sig =
            create_mock_primitive_signature(&SignatureType::WebAuthn, Some(malicious_key_data));

        // Extract webauthn_data and verify it's clamped to MAX_WEBAUTHN_SIZE (8192)
        let PrimitiveSignature::WebAuthn(webauthn_sig) = sig else {
            panic!("Expected WebAuthn signature");
        };

        // The webauthn_data should be at most MAX_WEBAUTHN_SIZE bytes
        assert!(
            webauthn_sig.webauthn_data.len() <= 8192,
            "WebAuthn data size {} exceeds maximum 8192",
            webauthn_sig.webauthn_data.len()
        );
    }

    #[test]
    fn test_webauthn_size_respects_minimum() {
        // Attempt to create a signature with size 0
        let key_data = Bytes::from(vec![0u8]);
        let sig = create_mock_primitive_signature(&SignatureType::WebAuthn, Some(key_data));

        let PrimitiveSignature::WebAuthn(webauthn_sig) = sig else {
            panic!("Expected WebAuthn signature");
        };

        // Should be at least MIN_WEBAUTHN_SIZE (87 bytes)
        assert!(
            webauthn_sig.webauthn_data.len() >= 87,
            "WebAuthn data size {} is below minimum 87",
            webauthn_sig.webauthn_data.len()
        );
    }

    #[test]
    fn test_webauthn_default_size() {
        // No key_data should use default size (800)
        let sig = create_mock_primitive_signature(&SignatureType::WebAuthn, None);

        let PrimitiveSignature::WebAuthn(webauthn_sig) = sig else {
            panic!("Expected WebAuthn signature");
        };

        // Default is 800 bytes
        assert_eq!(webauthn_sig.webauthn_data.len(), 800);
    }

    #[test]
    fn test_estimate_gas_fee_payer_signature_only_produces_aa_env() {
        let sponsor = PrivateKeySigner::random();
        let sender = address!("0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
        let target = address!("0x2222222222222222222222222222222222222222");

        // Build a TempoTransaction so we can compute fee_payer_signature_hash
        let tx = TempoTransaction {
            chain_id: 4217,
            nonce: 0,
            fee_payer_signature: None,
            valid_before: None,
            valid_after: None,
            gas_limit: 100_000,
            max_fee_per_gas: 1_000_000_000,
            max_priority_fee_per_gas: 1_000_000,
            fee_token: None,
            access_list: Default::default(),
            calls: vec![Call {
                to: target.into(),
                value: Default::default(),
                input: Default::default(),
            }],
            tempo_authorization_list: vec![],
            nonce_key: Default::default(),
            key_authorization: None,
        };
        let hash = tx.fee_payer_signature_hash(sender);
        let fee_payer_sig = sponsor.sign_hash_sync(&hash).expect("sign");

        // Request with ONLY fee_payer_signature as the Tempo-specific field
        let req = TempoTransactionRequest {
            inner: TransactionRequest {
                from: Some(sender),
                to: Some(TxKind::Call(target)),
                nonce: Some(0),
                gas: Some(100_000),
                max_fee_per_gas: Some(1_000_000_000),
                max_priority_fee_per_gas: Some(1_000_000),
                chain_id: Some(4217),
                ..Default::default()
            },
            fee_payer_signature: Some(fee_payer_sig),
            ..Default::default()
        };

        let evm_env = EvmEnv::default();
        let tx_env = req.try_into_tx_env(&evm_env).expect("try_into_tx_env");

        assert!(
            tx_env.tempo_tx_env.is_some(),
            "fee_payer_signature alone must produce an AA tx env"
        );
        assert_eq!(
            tx_env.fee_payer,
            Some(Some(sponsor.address())),
            "fee_payer should recover sponsor address"
        );
    }

    #[test]
    fn test_aa_roundtrip_via_tx_env() {
        use alloy_primitives::U256;

        let calls = vec![
            Call {
                to: address!("0x1111111111111111111111111111111111111111").into(),
                value: U256::ZERO,
                input: Bytes::from(vec![0xaa]),
            },
            Call {
                to: address!("0x2222222222222222222222222222222222222222").into(),
                value: U256::ZERO,
                input: Bytes::from(vec![0xbb]),
            },
        ];

        let tx = TempoTransaction {
            chain_id: 4217,
            nonce: 1,
            gas_limit: 100_000,
            max_fee_per_gas: 1_000_000_000,
            max_priority_fee_per_gas: 1_000_000,
            calls: calls.clone(),
            ..Default::default()
        };

        let req: TempoTransactionRequest = tx.into();

        let evm_env = EvmEnv::default();
        let tx_env = req.try_into_tx_env(&evm_env).expect("try_into_tx_env");
        let aa_calls = tx_env.tempo_tx_env.expect("tempo_tx_env").aa_calls;

        assert_eq!(
            aa_calls, calls,
            "roundtrip via try_into_tx_env must preserve exact call list"
        );
    }

    #[test]
    fn test_estimate_gas_invalid_fee_payer_signature_keeps_unresolved_fee_payer() {
        let sender = address!("0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
        let target = address!("0x2222222222222222222222222222222222222222");

        let req = TempoTransactionRequest {
            inner: TransactionRequest {
                from: Some(sender),
                to: Some(TxKind::Call(target)),
                nonce: Some(0),
                gas: Some(100_000),
                max_fee_per_gas: Some(1_000_000_000),
                max_priority_fee_per_gas: Some(1_000_000),
                chain_id: Some(4217),
                ..Default::default()
            },
            fee_payer_signature: Some(FEE_PAYER_SIGNATURE_MARKER),
            ..Default::default()
        };

        let evm_env = EvmEnv::default();
        let tx_env = req.try_into_tx_env(&evm_env).expect("try_into_tx_env");

        assert!(
            tx_env.tempo_tx_env.is_some(),
            "fee_payer_signature alone must produce an AA tx env"
        );
        assert_eq!(
            tx_env.fee_payer,
            Some(None),
            "invalid fee_payer_signature should remain unresolved"
        );
    }

    #[tokio::test]
    async fn test_signable_tx_request_preserves_tempo_fields() {
        let signer = PrivateKeySigner::random();

        let call = Call {
            to: alloy_primitives::TxKind::Call(address!(
                "0x1111111111111111111111111111111111111111"
            )),
            value: alloy_primitives::U256::from(1),
            input: Bytes::from(vec![0xaa]),
        };

        let fee_token = address!("0x20c0000000000000000000000000000000000000");
        let nonce_key = alloy_primitives::U256::from(42);

        let req = TempoTransactionRequest {
            inner: TransactionRequest {
                nonce: Some(0),
                gas: Some(100_000),
                max_fee_per_gas: Some(1_000_000_000),
                max_priority_fee_per_gas: Some(1_000_000),
                chain_id: Some(4217),
                ..Default::default()
            },
            calls: vec![call.clone()],
            fee_token: Some(fee_token),
            nonce_key: Some(nonce_key),
            ..Default::default()
        };

        let envelope = SignableTxRequest::<TempoTxEnvelope>::try_build_and_sign(req, &signer)
            .await
            .expect("should build and sign");

        match &envelope {
            TempoTxEnvelope::AA(signed) => {
                let tx = signed.tx();
                assert_eq!(tx.fee_token, Some(fee_token), "fee_token must be preserved");
                assert_eq!(tx.nonce_key, nonce_key, "nonce_key must be preserved");
                assert_eq!(tx.calls, vec![call], "calls must be preserved");
            }
            other => panic!(
                "Expected AA envelope for request with Tempo fields, got {:?}",
                other.tx_type()
            ),
        }
    }
}