Struct AccountKeychain 

pub struct AccountKeychain {
    pub keys: <Mapping<Address, Mapping<Address, AuthorizedKey>> as StorableType>::Handler,
    pub spending_limits: <Mapping<B256, Mapping<Address, U256>> as StorableType>::Handler,
    pub transaction_key: <Address as StorableType>::Handler,
    pub tx_origin: <Address as StorableType>::Handler,
    address: Address,
    storage: StorageCtx,
}

Fields

keys: <Mapping<Address, Mapping<Address, AuthorizedKey>> as StorableType>::Handler

spending_limits: <Mapping<B256, Mapping<Address, U256>> as StorableType>::Handler

transaction_key: <Address as StorableType>::Handler

tx_origin: <Address as StorableType>::Handler

address: Address

storage: StorageCtx

Implementations

impl AccountKeychain

pub fn new() -> Self

Creates an instance of the precompile.

Caution: This does not initialize the account, see Self::initialize.

fn __new(address: Address) -> Self

fn __initialize(&mut self) -> Result<()>

fn emit_event(&mut self, event: impl IntoLogData) -> Result<()>

pub fn emitted_events(&self) -> &Vec<LogData>

Available on crate features test-utils only.

pub fn clear_emitted_events(&mut self)

Available on crate features test-utils only.

pub fn assert_emitted_events(&self, expected: Vec<impl IntoLogData>)

Available on crate features test-utils only.

impl AccountKeychain

pub fn spending_limit_key(account: Address, key_id: Address) -> B256

Create a hash key for spending limits mapping from account and keyId.

This is used to access spending_limits[key][token] where key is the result of this function. The hash combines account and key_id to avoid triple nesting.

pub fn initialize(&mut self) -> Result<()>

Initializes the account keychain precompile.

pub fn authorize_key( &mut self, msg_sender: Address, call: authorizeKeyCall, ) -> Result<()>

Registers a new access key with signature type, expiry, and optional per-token spending limits. Only callable with the account’s main key (not a session key).

Errors

• UnauthorizedCaller — only the main key can authorize/revoke and, for contract callers on T2+, msg.sender must match tx.origin
• ZeroPublicKey — keyId cannot be the zero address
• ExpiryInPast — expiry must be in the future (enforced since T0)
• KeyAlreadyExists — a key with this ID is already registered
• KeyAlreadyRevoked — revoked keys cannot be re-authorized
• InvalidSignatureType — must be Secp256k1, P256, or WebAuthn

pub fn revoke_key( &mut self, msg_sender: Address, call: revokeKeyCall, ) -> Result<()>

Permanently revokes an access key. Once revoked, a key ID can never be re-authorized for this account, preventing replay of old KeyAuthorization signatures.

Errors

• UnauthorizedCaller — only the main key can authorize/revoke and, for contract callers on T2+, msg.sender must match tx.origin
• KeyNotFound — no key registered with this ID

pub fn update_spending_limit( &mut self, msg_sender: Address, call: updateSpendingLimitCall, ) -> Result<()>

Updates the spending limit for a key-token pair. Can also convert an unlimited key into a limited one. Delegates to load_active_key for existence/revocation checks.

Errors

• UnauthorizedCaller — the transaction wasn’t signed by the main key, or on T2+ contract callers where msg.sender != tx.origin
• KeyAlreadyRevoked — the target key has been permanently revoked
• KeyNotFound — no key is registered under the given keyId
• KeyExpired — the key’s expiry is at or before the current block timestamp

pub fn get_key(&self, call: getKeyCall) -> Result<KeyInfo>

Returns key info for the given account-key pair, or a blank entry if inexistent or revoked.

pub fn get_remaining_limit(&self, call: getRemainingLimitCall) -> Result<U256>

Returns the remaining spending limit for a key-token pair, or a blank entry if inexistent or revoked (T2+).

pub fn get_transaction_key( &self, _call: getTransactionKeyCall, _msg_sender: Address, ) -> Result<Address>

Returns the access key used to authorize the current transaction (Address::ZERO = root key).

pub fn set_transaction_key(&mut self, key_id: Address) -> Result<()>

Internal: Set the transaction key (called during transaction validation)

SECURITY CRITICAL: This must be called by the transaction validation logic BEFORE the transaction is executed, to store which key authorized the transaction.

• If key_id is Address::ZERO (main key), this should store Address::ZERO
• If key_id is a specific key address, this should store that key

This creates a secure channel between validation and the precompile to ensure only the main key can authorize/revoke other keys. Uses transient storage, so the key is automatically cleared after the transaction.

pub fn set_tx_origin(&mut self, origin: Address) -> Result<()>

Sets the transaction origin (tx.origin) for the current transaction.

Called by the handler before transaction execution. Uses transient storage, so it’s automatically cleared after the transaction.

fn ensure_admin_caller(&self, msg_sender: Address) -> Result<()>

Ensures admin operations are authorized for this caller.

Rules:

• transaction must be signed by the main key (transaction_key == Address::ZERO)
• T2+: caller must match tx.origin

Errors

• UnauthorizedCaller when called via an access key
• UnauthorizedCaller on T2+ when msg.sender != tx.origin
• storage read errors from transient key/origin or account metadata lookups

The T2 check prevents transaction-global root-key status from being reused by intermediate contracts (confused-deputy self-administration).

tx_origin is seeded by the handler before validation/execution on in-repo flows. The zero-origin fallback here exists for out-of-tree integrations that bypass handler setup.

fn load_active_key( &self, account: Address, key_id: Address, ) -> Result<AuthorizedKey>

Load and validate a key exists and is not revoked.

Returns the key if valid, or an error if:

• Key doesn’t exist (expiry == 0)
• Key has been revoked

Note: This does NOT check expiry against current timestamp. Callers should check expiry separately if needed.

pub fn validate_keychain_authorization( &self, account: Address, key_id: Address, current_timestamp: u64, expected_sig_type: Option<u8>, ) -> Result<()>

Validate keychain authorization (existence, revocation, expiry, and optionally signature type).

Arguments

• account - The account that owns the key
• key_id - The key identifier to validate
• current_timestamp - Current block timestamp for expiry check
• expected_sig_type - The signature type from the actual signature (0=Secp256k1, 1=P256, 2=WebAuthn). Pass None to skip validation (for backward compatibility pre-T1).

Errors

• KeyAlreadyRevoked — the key has been permanently revoked
• KeyNotFound — no key is registered under the given key_id
• KeyExpired — current_timestamp is at or past the key’s expiry
• SignatureTypeMismatch — the key’s stored type differs from expected_sig_type

pub fn verify_and_update_spending( &mut self, account: Address, key_id: Address, token: Address, amount: U256, ) -> Result<()>

Deducts amount from the key’s remaining spending limit for token, failing if exceeded.

Errors

• KeyAlreadyRevoked — the key has been permanently revoked
• KeyNotFound — no key is registered under the given key_id
• SpendingLimitExceeded — amount exceeds the key’s remaining limit for token

pub fn refund_spending_limit( &mut self, account: Address, token: Address, amount: U256, ) -> Result<()>

Refund spending limit after a fee refund.

Restores the spending limit by the refunded amount, clamped so it never exceeds the limit that was set when the key was authorized. Should be called after a fee refund to avoid permanently reducing the spending limit.

pub fn authorize_transfer( &mut self, account: Address, token: Address, amount: U256, ) -> Result<()>

Authorize a token transfer with access key spending limits.

This method checks if the transaction is using an access key, and if so, verifies and updates the spending limits for that key. Should be called before executing a transfer.

Errors

• KeyAlreadyRevoked — the session key has been permanently revoked
• KeyNotFound — no key is registered for the current transaction key
• SpendingLimitExceeded — amount exceeds the key’s remaining limit for token

pub fn authorize_approve( &mut self, account: Address, token: Address, old_approval: U256, new_approval: U256, ) -> Result<()>

Authorize a token approval with access key spending limits.

This method checks if the transaction is using an access key, and if so, verifies and updates the spending limits for that key. Should be called before executing an approval.

Errors

• KeyAlreadyRevoked — the session key has been permanently revoked
• KeyNotFound — no key is registered for the current transaction key
• SpendingLimitExceeded — the approval increase exceeds the remaining limit for token

impl AccountKeychain

pub fn create_precompile(cfg: &CfgEnv<TempoHardfork>) -> DynPrecompile

Creates the EVM precompile for this type.

Trait Implementations

impl ContractStorage for AccountKeychain

fn address(&self) -> Address

Contract address.

fn storage(&self) -> &StorageCtx

Contract storage accessor.

fn storage_mut(&mut self) -> &mut StorageCtx

Contract storage mutable accessor.

fn is_initialized(&self) -> Result<bool>

Returns true if the contract has been initialized (has bytecode deployed).

impl Default for AccountKeychain

fn default() -> Self

Returns the “default value” for a type.

impl Precompile for AccountKeychain

fn call(&mut self, calldata: &[u8], msg_sender: Address) -> PrecompileResult

Dispatches an EVM call to this precompile.

Layout

Note: Most layout information is completely unstable and may even differ between compilations. The only exception is types with certain repr(...) attributes. Please see the Rust Reference's “Type Layout” chapter for details on type layout guarantees.

Size: 376 bytes