@zk-email/ether-email-auth-contracts
Advanced tools
yarn install
forge 0.2.0 (13497a5).Make sure you have Foundry installed
Build the contracts using the below command.
$ yarn build
Run unit tests
$ yarn test
Run integration tests
Before running integration tests, you need to make a packages/contracts/test/build_integration directory, download wasm and zkey files from the following link, and place its unzipped directory under that directory.
Then, move email_auth_with_body_parsing_with_qp_encoding.zkey and email_auth_with_body_parsing_with_qp_encoding.wasm in the unzipped directory params to build_integration.
Run each integration tests one by one as each test will consume a lot of memory.
Eg: contracts % forge test --skip '*ZKSync*' --match-contract "IntegrationTest" -vvv --chain 8453 --ffi
You need to deploy common contracts, i.e., ECDSAOwnedDKIMRegistry, Verifier, and implementations of EmailAuth and SimpleWallet, only once before deploying each wallet.
cp .env.sample .env.PRIVATE_KEY field in .env. If you want to verify your own contracts, you can set ETHERSCAN_API_KEY to your own key.source .envforge script script/DeployCommons.s.sol:Deploy --rpc-url $RPC_URL --chain-id $CHAIN_ID --etherscan-api-key $ETHERSCAN_API_KEY --broadcast --verify -vvvvAfter deploying common contracts, you can deploy a proxy contract of SimpleWallet, which is an example contract supporting our email-based account recovery by RecoveryController.
DKIM, VERIFIER, EMAIL_AUTH_IMPL, and SIMPLE_WALLET_IMPL are the same as those output by the DeployCommons.s.sol script.forge script script/DeployRecoveryController.s.sol:Deploy --rpc-url $RPC_URL --chain-id $CHAIN_ID --broadcast -vvvvThere are four main contracts that developers should understand: IDKIMRegistry, Verifier, EmailAuth and EmailAccountRecovery.
While the first three contracts are agnostic to use cases of our SDK, the last one is an abstract contract only for our email-based account recovery.
IDKIMRegistry ContractIt is an interface of the DKIM registry contract that traces public keys registered for each email domain in DNS.
It is defined in the zk-email library.
It requires a function isDKIMPublicKeyHashValid(string domainName, bytes32 publicKeyHash) view returns (bool): it returns true if the given hash of the public key publicKeyHash is registered for the given email-domain name domainName.
One of its implementations is ECDSAOwnedDKIMRegistry.
It stores the Ethereum address signer who can update the registry.
We also provide another implementation called UserOverrideableDKIMRegistry.
Key features of UserOverrideableDKIMRegistry include:
This implementation provides a balance between centralized management and user autonomy in the DKIM registry system.
Verifier ContractIt has the responsibility to verify a ZK proof for the email_auth_with_body_parsing_with_qp_encoding.circom circuit.
It is implemented in utils/Verifier.sol.
It defines a structure EmailProof consisting of the ZK proof and data of the instances necessary for proof verification as follows:
struct EmailProof {
string domainName; // Domain name of the sender's email
bytes32 publicKeyHash; // Hash of the DKIM public key used in email/proof
uint timestamp; // Timestamp of the email
string maskedCommand; // Masked command of the email
bytes32 emailNullifier; // Nullifier of the email to prevent its reuse.
bytes32 accountSalt; // Create2 salt of the account
bool isCodeExist; // Check if the account code exists
bytes proof; // ZK Proof of Email
}
Using that, it provides a function function verifyEmailProof(EmailProof memory proof) public view returns (bool): it takes as input the EmailProof proof and returns true if the proof is valid. Notably, it internally calls Groth16Verifier.sol generated by snarkjs from the verifying key of the email_auth_with_body_parsing_with_qp_encoding.circom circuit.
EmailAuth ContractIt is a contract deployed for each email user to verify an email-auth message from that user. The structure of the email-auth message is defined as follows:
struct EmailAuthMsg {
uint templateId; // The ID of the command template that the email command should satisfy.
bytes[] commandParams; // The parameters in the email command, which should be taken according to the specified command template.
uint skippedCommandPrefix; // The number of skipped bytes in the email command.
EmailProof proof; // The email proof containing the zk proof and other necessary information for the email verification by the verifier contract.
}
It has the following storage variables.
address owner: an address of the contract owner.bytes32 accountSalt: an accountSalt used for the CREATE2 salt of this contract.DKIMRegistry dkim: an instance of the DKIM registry contract.Verifier verifier: an instance of the Verifier contract.address controller: an address of a controller contract, defining the command templates supported by this contract.mapping(uint=>string[]) commandTemplates: a mapping of the supported command templates associated with its ID.mapping(bytes32⇒bytes32) authedHash: a mapping of the hash of the authorized message associated with its emailNullifier.uint lastTimestamp: the latest timestamp in the verified EmailAuthMsg.mapping(bytes32=>bool) usedNullifiers: a mapping storing the used emailNullifier bytes.bool timestampCheckEnabled: a boolean whether timestamp check is enabled or not.It provides the following functions.
initialize(address _initialOwner, bytes32 _accountSalt, address _controller)
owner=_initialOwner .accountSalt=_accountSalt.timestampCheckEnabled=true.controller=_controller.dkimRegistryAddr() view returns (address)
Return address(dkim)verifierAddr() view returns (address)
Return address(verifier) .initDKIMRegistry(address _dkimRegistryAddr)
msg.sender==controller.dkim is zero.dkim=IDKIMRegistry(_dkimRegistryAddr).initVerifier(address _verifierAddr)
msg.sender==controller.verifier is zero.verifier=Verifier(_verifierAddr).updateDKIMRegistry(address _dkimRegistryAddr)
msg.sender==owner._dkimRegistryAddr is not zero.dkim=DKIMRegistry(_dkimRegistryAddr).updateVerifier(address _verifier)
msg.sender==owner._verifier is not zero.verifier=Verifier(_verifier).updateVerifier(address _verifierAddr)
msg.sender==owner ._verifierAddr!=0.verifier to Verifier(_verifierAddr).updateDKIMRegistry(address _dkimRegistryAddr)
msg.sender==owner ._dkimRegistryAddr!=0.dkim to DKIMRegistry(_dkimRegistryAddr).getCommandTemplate(uint _templateId) public view returns (string[] memory)
_templateId exists, i.e., commandTemplates[_templateId].length >0 holds.commandTemplates[_templateId].insertCommandTemplate(uint _templateId, string[] _commandTemplate)
_commandTemplate.length>0 .msg.sender==controller.commandTemplates[_templateId].length == 0, i.e., no template has not been registered with _templateId.commandTemplates[_templateId]=_commandTemplate.updateCommandTemplate(uint _templateId, string[] _commandTemplate)
_commandTemplate.length>0 .msg.sender==controller.commandTemplates[_templateId].length != 0 , i.e., any template has been already registered with _templateId.commandTemplates[_templateId]=_commandTemplate.deleteCommandTemplate(uint _templateId)
msg.sender==controller.commandTemplates[_templateId].length > 0, i.e., any template has been already registered with _templateId.delete commandTemplates[_templateId].authEmail(EmailAuthMsg emailAuthMsg) returns (bytes32)
msg.sender==controller.string[] memory template = commandTemplates[emailAuthMsg.templateId].template.length > 0.dkim.isDKIMPublicKeyHashValid(emailAuthMsg.proof.domain, emailAuthMsg.proof.publicKeyHash)==true.usedNullifiers[emailAuthMsg.proof.emailNullifier]==false and set usedNullifiers[emailAuthMsg.proof.emailNullifier] to true.accountSalt==emailAuthMsg.proof.accountSalt.timestampCheckEnabled is true, assert that emailAuthMsg.proof.timestamp is zero OR lastTimestamp < emailAuthMsg.proof.timestamp, and update lastTimestamp to emailAuthMsg.proof.timestamp.expectedCommand from template and the values of emailAuthMsg.commandParams.expectedCommand is equal to emailAuthMsg.proof.maskedCommand[skippedCommandPrefix:] , i.e., the string of emailAuthMsg.proof.maskedCommand from the skippedCommandPrefix-th byte.verifier.verifyEmailProof(emailAuthMsg.proof)==true.isValidSignature(bytes32 _hash, bytes memory _signature) public view returns (bytes4 magicValue)
_signature as (bytes32 emailNullifier).authedHash[emailNullifier]== _hash, return 0x1626ba7e; otherwise return 0xffffffff.setTimestampCheckEnabled(bool enabled) public
msg.sender==controller.timestampCheckEnabled to enabled.EmailAccountRecovery ContractIt is an abstract contract for each smart account brand to implement the email-based account recovery. Each smart account provider only needs to implement the following functions in a new contract called controller. In the following, the templateIdx is different from templateId in the email-auth contract in the sense that the templateIdx is an incremental index defined for each of the command templates in acceptanceCommandTemplates() and recoveryCommandTemplates().
isActivated(address recoveredAccount) public view virtual returns (bool): it returns if the account to be recovered has already activated the controller (the contract implementing EmailAccountRecovery).acceptanceCommandTemplates() public view virtual returns (string[][]): it returns multiple command templates for an email to accept becoming a guardian (acceptance email).recoveryCommandTemplates() public view virtual returns (string[][]): it returns multiple command templates for an email to confirm the account recovery (recovery email).extractRecoveredAccountFromAcceptanceCommand(bytes[] memory commandParams, uint templateIdx) public view virtual returns (address): it takes as input the parameters commandParams and the index of the chosen command template templateIdx in those for acceptance emails.extractRecoveredAccountFromRecoveryCommand(bytes[] memory commandParams, uint templateIdx) public view virtual returns (address): it takes as input the parameters commandParams and the index of the chosen command template templateIdx in those for recovery emails.acceptGuardian(address guardian, uint templateIdx, bytes[] commandParams, bytes32 emailNullifier) internal virtual: it takes as input the Ethereum address guardian corresponding to the guardian's email address, the index templateIdx of the command template in the output of acceptanceCommandTemplates(), the parameter values of the variable parts commandParams in the template acceptanceCommandTemplates()[templateIdx], and an email nullifier emailNullifier. It is called after verifying the email-auth message to accept the role of the guardian; thus you can assume the arguments are already verified.processRecovery(address guardian, uint templateIdx, bytes[] commandParams, bytes32 emailNullifier) internal virtual: it takes as input the Ethereum address guardian corresponding to the guardian's email address, the index templateIdx of the command template in the output of recoveryCommandTemplates(), the parameter values of the variable parts commandParams in the template recoveryCommandTemplates()[templateIdx], and an email nullifier emailNullifier. It is called after verifying the email-auth message to confirm the recovery; thus you can assume the arguments are already verified.completeRecovery(address account, bytes memory completeCalldata) external virtual: it can be called by anyone, in particular a Relayer, when completing the account recovery. It should first check if the condition for the recovery of account holds and then update its owner's address in the wallet contract.It also provides the following entry functions with their default implementations, called by the Relayer.
handleAcceptance(EmailAuthMsg emailAuthMsg, uint templateIdx) external
recoveredAccount by calling extractRecoveredAccountFromAcceptanceCommand.address guardian = CREATE2(emailAuthMsg.proof.accountSalt, ERC1967Proxy.creationCode, emailAuthImplementation(), (emailAuthMsg.proof.accountSalt)).uint templateId = keccak256(EMAIL_ACCOUNT_RECOVERY_VERSION_ID, "ACCEPTANCE", templateIdx).templateId is equal to emailAuthMsg.templateId.emailAuthMsg.proof.isCodeExist is true.EmailAuth contract of guardian has not been deployed, deploy the proxy contract of emailAuthImplementation(). Its salt is emailAuthMsg.proof.accountSalt and its initialization parameter is recoveredAccount, emailAuthMsg.proof.accountSalt, and address(this), which is a controller of the deployed contract.EmailAuth contract of guardian has not been deployed, call EmailAuth(guardian).initDKIMRegistry(dkim()).EmailAuth contract of guardian has not been deployed, call EmailAuth(guardian).initVerifier(verifier()).EmailAuth contract of guardian has not been deployed, for each template in acceptanceCommandTemplates() along with its index idx, call EmailAuth(guardian).insertCommandTemplate(keccak256(EMAIL_ACCOUNT_RECOVERY_VERSION_ID, "ACCEPTANCE", idx), template).EmailAuth contract of guardian has not been deployed, for each template in recoveryCommandTemplates() along with its index idx, call EmailAuth(guardian).insertCommandTemplate(keccak256(EMAIL_ACCOUNT_RECOVERY_VERSION_ID, "RECOVERY", idx), template).EmailAuth contract of guardian has been already deployed, assert that its controller is equal to address(this).EmailAuth(guardian).authEmail(emailAuthMsg) returns no error.acceptGuardian(guardian, templateIdx, emailAuthMsg.commandParams, emailAuthMsg.proof.emailNullifier).handleRecovery(EmailAuthMsg emailAuthMsg, uint templateIdx) external
recoveredAccount by calling extractRecoveredAccountFromRecoveryCommand.address guardian = CREATE2(emailAuthMsg.proof.accountSalt, ERC1967Proxy.creationCode, emailAuthImplementation(), (emailAuthMsg.proof.accountSalt)).guardian has been already deployed.uint templateId=keccak256(EMAIL_ACCOUNT_RECOVERY_VERSION_ID, "RECOVERY", templateIdx).templateId is equal to emailAuthMsg.templateId.EmailAuth(guardian).authEmail(emailAuthMsg) returns no error.processRecovery(guardian, templateIdx, emailAuthMsg.commandParams, emailAuthMsg.proof.emailNullifier).# Install foundry
foundryup
cd packages/contracts
yarn build
# Install foundry-zksync, please follow this URL
https://foundry-book.zksync.io/getting-started/installation
Next, you should uncomment the following lines in foundry.toml.
# via-ir = true
Partial comment-out files can be found the following. Please uncomment them.
(Uncomment from FOR_ZKSYNC:START to FOR_ZKSYNC:END)
About Create2, L2ContractHelper.computeCreate2Address should be used.
type(ERC1967Proxy).creationCode doesn't work correctly in ZKsync.
We need to use the bytecode hash intead of type(ERC1967Proxy).creationCode.
Perhaps that is a different value in each compiler version and library addresses.
Run the following commands, you'll get the bytecode hash.
forge test --match-test "testComputeCreate2Address" --no-match-contract ".*Script.*" --system-mode=true --zksync --gas-limit 1000000000 --chain 300 -vvv
And then, you should replace {YOUR_BYTECODE_HASH} in the .env
PROXY_BYTECODE_HASH={YOUR_BYTECODE_HASH}
Run the following commands
source .env
yarn zktest
Even if the contract size is fine for EVM, it may exceed the bytecode size limit for zksync, and the test may not be executed. If you encountered the contract size error, please consider the contract design.
source .env
forge test --match-contract "IntegrationZKSyncTest" --system-mode=true --zksync --gas-limit 1000000000 --chain 300 -vvv --ffi
As you saw before, you need to deploy missing libraries. You can deploy them by the following commands for example.
export PRIVATE_KEY={YOUR_PRIVATE_KEY}
export RPC_URL=https://sepolia.era.zksync.dev
export CHAIN_ID=300
forge create src/libraries/DecimalUtils.sol:DecimalUtils --private-key $PRIVATE_KEY --rpc-url $RPC_URL --chain $CHAIN_ID --zksync
forge create src/libraries/CommandUtils.sol:CommandUtils --private-key $PRIVATE_KEY --rpc-url $RPC_URL --chain $CHAIN_ID --zksync --libraries src/libraries/DecimalUtils.sol:DecimalUtils:{DECIMAL_UTILS_ADDRESS_YOU_DEPLOYED}
forge create src/libraries/StringUtils.sol:StringUtils --private-key $PRIVATE_KEY --rpc-url $RPC_URL --chain $CHAIN_ID --zksync
And then you need to replace {PROJECT_DIR} and {DEPLOYED_ADDRESS} in the foundy.toml.
libraries = [
"{PROJECT_DIR}/packages/contracts/src/libraries/DecimalUtils.sol:DecimalUtils:{DEPLOYED_ADDRESS}",
"{PROJECT_DIR}/packages/contracts/src/libraries/CommandUtils.sol:CommandUtils:{DEPLOYED_ADDRESS}"]
"{PROJECT_DIR}/packages/contracts/src/libraries/StringUtils.sol:StringUtils:{DEPLOYED_ADDRESS}"
Run this command again, you'll get the bytecode hash.
forge test --match-test "testComputeCreate2Address" --no-match-contract ".*Script.*" --system-mode=true --zksync --gas-limit 1000000000 --chain 300 -vvv
And then, you should replace {YOUR_BYTECODE_HASH} in the .env
PROXY_BYTECODE_HASH={YOUR_BYTECODE_HASH}
Run the deploy script
source .env
export RPC_URL=https://sepolia.era.zksync.dev
export CHAIN_ID=300
forge script script/DeployRecoveryControllerZKSync.s.sol:Deploy --zksync --rpc-url $RPC_URL --broadcast --slow --via-ir --system-mode true -vvvv --verifier zksync --verifier-url https://explorer.sepolia.era.zksync.dev/contract_verification --verify
For information on how upgrade contracts for handling emergency situations, please refer to our Upgrading Contracts.
FAQs
```bash yarn install ```
The npm package @zk-email/ether-email-auth-contracts receives a total of 3 weekly downloads. As such, @zk-email/ether-email-auth-contracts popularity was classified as not popular.
We found that @zk-email/ether-email-auth-contracts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
Security News
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
Security News
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.