From 50b957ad4f44b2fb6d16c0af5bc0fc84d29f427f Mon Sep 17 00:00:00 2001
From: James Zaki <james.zaki@proton.me>
Date: Wed, 5 Apr 2023 16:49:46 +0100
Subject: [PATCH 1/6] WIP AI6 - test fail

---
 contracts/contracts/VerificationGateway.sol | 78 +++++++++++++++++----
 contracts/hardhat.config.ts                 |  2 +-
 contracts/package.json                      |  2 +-
 contracts/test/walletAction-test.ts         |  2 +-
 contracts/yarn.lock                         |  8 +--
 5 files changed, 73 insertions(+), 19 deletions(-)

diff --git a/contracts/contracts/VerificationGateway.sol b/contracts/contracts/VerificationGateway.sol
index b574a507..6f2f612c 100644
--- a/contracts/contracts/VerificationGateway.sol
+++ b/contracts/contracts/VerificationGateway.sol
@@ -10,6 +10,8 @@ import "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.so
 import "./interfaces/IWallet.sol";
 import "./BLSWallet.sol";
 
+import "hardhat/console.sol";
+
 /**
 A non-upgradable gateway used to create BLSWallets and call them with
 verified Operations that have been respectively signed.
@@ -50,6 +52,13 @@ contract VerificationGateway
         bytes[] results
     );
 
+    event WalletOperationFailed(
+        bytes32 indexed walletHash,
+        address indexed wallet,
+        uint256 nonce,
+        bytes returnData
+    );
+
     event PendingBLSKeySet(
         bytes32 previousHash,
         uint256[BLS_KEY_LEN] newBLSKey
@@ -317,8 +326,8 @@ contract VerificationGateway
     Can be called with a single operation with no actions.
     */
     function processBundle(
-        IWallet.Bundle memory bundle
-    ) external returns (
+        IWallet.Bundle calldata bundle
+    ) external payable returns (
         bool[] memory successes,
         bytes[][] memory results
     ) {
@@ -329,28 +338,68 @@ contract VerificationGateway
         successes = new bool[](opLength);
         results = new bytes[][](opLength);
         for (uint256 i = 0; i<opLength; i++) {
-            IWallet wallet = getOrCreateWallet(bundle.senderPublicKeys[i]);
-
-            // check nonce then perform action
-            if (bundle.operations[i].nonce == wallet.nonce{gas:20000}()) {
-                // request wallet perform operation
-                (
-                    bool success,
-                    bytes[] memory resultSet
-                ) = wallet.performOperation{gas:bundle.operations[i].gas}(bundle.operations[i]);
+
+            bytes32 publicKeyHash = keccak256(abi.encodePacked(bundle.senderPublicKeys[i]));
+            address walletAddress = address(walletFromHash[publicKeyHash]);
+
+            // try wallet calls, catching if they throw
+            try this._processWalletOperation(
+                bundle.senderPublicKeys[i],
+                bundle.operations[i]
+            ) returns (
+                bool success,
+                bytes[] memory resultSet
+            ) {
+                walletAddress = address(walletFromHash[publicKeyHash]);
+
+                console.log("   vg: pass"); //TODO remove log event without creating errors
+
                 successes[i] = success;
                 results[i] = resultSet;
                 emit WalletOperationProcessed(
-                    address(wallet),
+                    walletAddress,
                     bundle.operations[i].nonce,
                     bundle.operations[i].actions,
                     successes[i],
                     results[i]
                 );
+                address(0).staticcall(""); //TODO remove this line without creating more errors
+            }
+            catch (bytes memory returnData) { //TODO add tests for wallet implementations that throw
+                console.log("   vg: fail");
+                successes[i] = false;
+                results[i] = new bytes[](1);
+                results[i][0] = returnData;
+                emit WalletOperationFailed(
+                    publicKeyHash,
+                    walletAddress,
+                    bundle.operations[i].nonce,
+                    returnData
+                );
             }
         }
     }
 
+    /**
+    Perform wallet related functions that could throw.
+    @dev Restricted to only be called by this contract, but needs to be public
+    so that it can be used in a try/catch block.
+     */
+    function _processWalletOperation(
+        uint256[4] calldata senderPublicKey,
+        IWallet.Operation calldata operation
+    ) public payable onlyThis returns (
+        bool success,
+        bytes[] memory resultSet
+    )
+    {
+        IWallet wallet = getOrCreateWallet(senderPublicKey);
+        // check nonce then perform action
+        if (operation.nonce == wallet.nonce{gas:20000}()) {
+            (success, resultSet) = wallet.performOperation{gas:operation.gas}(operation);
+        }
+    }
+
     /**
     Gets the wallet contract associated with the public key, creating it if
     needed.
@@ -462,6 +511,11 @@ contract VerificationGateway
         _;
     }
 
+    modifier onlyThis() {
+        require(msg.sender == address(this), "VG: not called from VG");
+         _;
+    }
+
     function messagePoint(
         address walletAddress,
         IWallet.Operation memory op
diff --git a/contracts/hardhat.config.ts b/contracts/hardhat.config.ts
index 6209c8ad..680b876d 100644
--- a/contracts/hardhat.config.ts
+++ b/contracts/hardhat.config.ts
@@ -85,7 +85,7 @@ const config: HardhatUserConfig = {
   solidity: {
     compilers: [
       {
-        version: "0.8.15",
+        version: "0.8.19",
         settings: {
           optimizer: {
             enabled: true,
diff --git a/contracts/package.json b/contracts/package.json
index 615133c8..c41f0f09 100644
--- a/contracts/package.json
+++ b/contracts/package.json
@@ -23,7 +23,7 @@
     "@openzeppelin/contracts": "^4.7.3",
     "dotenv": "^16.0.3",
     "ethers": "^5.7.2",
-    "hardhat": "^2.12.1"
+    "hardhat": "^2.13.0"
   },
   "peerDependencies": {
     "ethers": "^5.0.0"
diff --git a/contracts/test/walletAction-test.ts b/contracts/test/walletAction-test.ts
index 1857a072..073f2728 100644
--- a/contracts/test/walletAction-test.ts
+++ b/contracts/test/walletAction-test.ts
@@ -9,7 +9,7 @@ import { BigNumber, ContractReceipt } from "ethers";
 import { parseEther, solidityPack } from "ethers/lib/utils";
 import { getOperationResults } from "../clients/src";
 
-describe("WalletActions", async function () {
+describe.only("WalletActions", async function () {
   if (`${process.env.DEPLOYER_DEPLOYMENT}` === "true") {
     console.log("Skipping non-deployer tests.");
     return;
diff --git a/contracts/yarn.lock b/contracts/yarn.lock
index 52b608f2..3b8d6ba3 100644
--- a/contracts/yarn.lock
+++ b/contracts/yarn.lock
@@ -5574,10 +5574,10 @@ hardhat-gas-reporter@^1.0.9:
     eth-gas-reporter "^0.2.25"
     sha1 "^1.1.1"
 
-hardhat@^2.12.1:
-  version "2.12.6"
-  resolved "https://registry.yarnpkg.com/hardhat/-/hardhat-2.12.6.tgz#ea3c058bbd81850867389d10f76037cfa52a0019"
-  integrity sha512-0Ent1O5DsPgvaVb5sxEgsQ3bJRt/Ex92tsoO+xjoNH2Qc4bFmhI5/CHVlFikulalxOPjNmw5XQ2vJFuVQFESAA==
+hardhat@^2.13.0:
+  version "2.13.0"
+  resolved "https://registry.yarnpkg.com/hardhat/-/hardhat-2.13.0.tgz#d52a0ec9b733a651687e5b1c1b0ee9a11a30f3d0"
+  integrity sha512-ZlzBOLML1QGlm6JWyVAG8lVTEAoOaVm1in/RU2zoGAnYEoD1Rp4T+ZMvrLNhHaaeS9hfjJ1gJUBfiDr4cx+htQ==
   dependencies:
     "@ethersproject/abi" "^5.1.2"
     "@metamask/eth-sig-util" "^4.0.0"

From e4c7dfb01cd3e76d0c1ac9cc3f8a09540e78297b Mon Sep 17 00:00:00 2001
From: James Zaki <james.zaki@proton.me>
Date: Mon, 22 May 2023 18:01:53 +0100
Subject: [PATCH 2/6] Revert "WIP AI6 - test fail"

This reverts commit 50b957ad4f44b2fb6d16c0af5bc0fc84d29f427f.
---
 contracts/contracts/VerificationGateway.sol | 78 ++++-----------------
 contracts/hardhat.config.ts                 |  2 +-
 contracts/package.json                      |  2 +-
 contracts/test/walletAction-test.ts         |  2 +-
 contracts/yarn.lock                         |  8 +--
 5 files changed, 19 insertions(+), 73 deletions(-)

diff --git a/contracts/contracts/VerificationGateway.sol b/contracts/contracts/VerificationGateway.sol
index 6f2f612c..b574a507 100644
--- a/contracts/contracts/VerificationGateway.sol
+++ b/contracts/contracts/VerificationGateway.sol
@@ -10,8 +10,6 @@ import "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.so
 import "./interfaces/IWallet.sol";
 import "./BLSWallet.sol";
 
-import "hardhat/console.sol";
-
 /**
 A non-upgradable gateway used to create BLSWallets and call them with
 verified Operations that have been respectively signed.
@@ -52,13 +50,6 @@ contract VerificationGateway
         bytes[] results
     );
 
-    event WalletOperationFailed(
-        bytes32 indexed walletHash,
-        address indexed wallet,
-        uint256 nonce,
-        bytes returnData
-    );
-
     event PendingBLSKeySet(
         bytes32 previousHash,
         uint256[BLS_KEY_LEN] newBLSKey
@@ -326,8 +317,8 @@ contract VerificationGateway
     Can be called with a single operation with no actions.
     */
     function processBundle(
-        IWallet.Bundle calldata bundle
-    ) external payable returns (
+        IWallet.Bundle memory bundle
+    ) external returns (
         bool[] memory successes,
         bytes[][] memory results
     ) {
@@ -338,68 +329,28 @@ contract VerificationGateway
         successes = new bool[](opLength);
         results = new bytes[][](opLength);
         for (uint256 i = 0; i<opLength; i++) {
-
-            bytes32 publicKeyHash = keccak256(abi.encodePacked(bundle.senderPublicKeys[i]));
-            address walletAddress = address(walletFromHash[publicKeyHash]);
-
-            // try wallet calls, catching if they throw
-            try this._processWalletOperation(
-                bundle.senderPublicKeys[i],
-                bundle.operations[i]
-            ) returns (
-                bool success,
-                bytes[] memory resultSet
-            ) {
-                walletAddress = address(walletFromHash[publicKeyHash]);
-
-                console.log("   vg: pass"); //TODO remove log event without creating errors
-
+            IWallet wallet = getOrCreateWallet(bundle.senderPublicKeys[i]);
+
+            // check nonce then perform action
+            if (bundle.operations[i].nonce == wallet.nonce{gas:20000}()) {
+                // request wallet perform operation
+                (
+                    bool success,
+                    bytes[] memory resultSet
+                ) = wallet.performOperation{gas:bundle.operations[i].gas}(bundle.operations[i]);
                 successes[i] = success;
                 results[i] = resultSet;
                 emit WalletOperationProcessed(
-                    walletAddress,
+                    address(wallet),
                     bundle.operations[i].nonce,
                     bundle.operations[i].actions,
                     successes[i],
                     results[i]
                 );
-                address(0).staticcall(""); //TODO remove this line without creating more errors
-            }
-            catch (bytes memory returnData) { //TODO add tests for wallet implementations that throw
-                console.log("   vg: fail");
-                successes[i] = false;
-                results[i] = new bytes[](1);
-                results[i][0] = returnData;
-                emit WalletOperationFailed(
-                    publicKeyHash,
-                    walletAddress,
-                    bundle.operations[i].nonce,
-                    returnData
-                );
             }
         }
     }
 
-    /**
-    Perform wallet related functions that could throw.
-    @dev Restricted to only be called by this contract, but needs to be public
-    so that it can be used in a try/catch block.
-     */
-    function _processWalletOperation(
-        uint256[4] calldata senderPublicKey,
-        IWallet.Operation calldata operation
-    ) public payable onlyThis returns (
-        bool success,
-        bytes[] memory resultSet
-    )
-    {
-        IWallet wallet = getOrCreateWallet(senderPublicKey);
-        // check nonce then perform action
-        if (operation.nonce == wallet.nonce{gas:20000}()) {
-            (success, resultSet) = wallet.performOperation{gas:operation.gas}(operation);
-        }
-    }
-
     /**
     Gets the wallet contract associated with the public key, creating it if
     needed.
@@ -511,11 +462,6 @@ contract VerificationGateway
         _;
     }
 
-    modifier onlyThis() {
-        require(msg.sender == address(this), "VG: not called from VG");
-         _;
-    }
-
     function messagePoint(
         address walletAddress,
         IWallet.Operation memory op
diff --git a/contracts/hardhat.config.ts b/contracts/hardhat.config.ts
index 680b876d..6209c8ad 100644
--- a/contracts/hardhat.config.ts
+++ b/contracts/hardhat.config.ts
@@ -85,7 +85,7 @@ const config: HardhatUserConfig = {
   solidity: {
     compilers: [
       {
-        version: "0.8.19",
+        version: "0.8.15",
         settings: {
           optimizer: {
             enabled: true,
diff --git a/contracts/package.json b/contracts/package.json
index c41f0f09..615133c8 100644
--- a/contracts/package.json
+++ b/contracts/package.json
@@ -23,7 +23,7 @@
     "@openzeppelin/contracts": "^4.7.3",
     "dotenv": "^16.0.3",
     "ethers": "^5.7.2",
-    "hardhat": "^2.13.0"
+    "hardhat": "^2.12.1"
   },
   "peerDependencies": {
     "ethers": "^5.0.0"
diff --git a/contracts/test/walletAction-test.ts b/contracts/test/walletAction-test.ts
index 073f2728..1857a072 100644
--- a/contracts/test/walletAction-test.ts
+++ b/contracts/test/walletAction-test.ts
@@ -9,7 +9,7 @@ import { BigNumber, ContractReceipt } from "ethers";
 import { parseEther, solidityPack } from "ethers/lib/utils";
 import { getOperationResults } from "../clients/src";
 
-describe.only("WalletActions", async function () {
+describe("WalletActions", async function () {
   if (`${process.env.DEPLOYER_DEPLOYMENT}` === "true") {
     console.log("Skipping non-deployer tests.");
     return;
diff --git a/contracts/yarn.lock b/contracts/yarn.lock
index 3b8d6ba3..52b608f2 100644
--- a/contracts/yarn.lock
+++ b/contracts/yarn.lock
@@ -5574,10 +5574,10 @@ hardhat-gas-reporter@^1.0.9:
     eth-gas-reporter "^0.2.25"
     sha1 "^1.1.1"
 
-hardhat@^2.13.0:
-  version "2.13.0"
-  resolved "https://registry.yarnpkg.com/hardhat/-/hardhat-2.13.0.tgz#d52a0ec9b733a651687e5b1c1b0ee9a11a30f3d0"
-  integrity sha512-ZlzBOLML1QGlm6JWyVAG8lVTEAoOaVm1in/RU2zoGAnYEoD1Rp4T+ZMvrLNhHaaeS9hfjJ1gJUBfiDr4cx+htQ==
+hardhat@^2.12.1:
+  version "2.12.6"
+  resolved "https://registry.yarnpkg.com/hardhat/-/hardhat-2.12.6.tgz#ea3c058bbd81850867389d10f76037cfa52a0019"
+  integrity sha512-0Ent1O5DsPgvaVb5sxEgsQ3bJRt/Ex92tsoO+xjoNH2Qc4bFmhI5/CHVlFikulalxOPjNmw5XQ2vJFuVQFESAA==
   dependencies:
     "@ethersproject/abi" "^5.1.2"
     "@metamask/eth-sig-util" "^4.0.0"

From 60effa15a101f9d2653cb70c7e1798c7a9c34089 Mon Sep 17 00:00:00 2001
From: James Zaki <james.zaki@proton.me>
Date: Mon, 22 May 2023 18:54:31 +0100
Subject: [PATCH 3/6] Resolve AI6 by removing wallet upgradability

---
 contracts/contracts/VerificationGateway.sol |  8 +++++--
 contracts/test/upgrade-test.ts              | 24 ++++++---------------
 2 files changed, 13 insertions(+), 19 deletions(-)

diff --git a/contracts/contracts/VerificationGateway.sol b/contracts/contracts/VerificationGateway.sol
index b574a507..919c2abc 100644
--- a/contracts/contracts/VerificationGateway.sol
+++ b/contracts/contracts/VerificationGateway.sol
@@ -168,8 +168,7 @@ contract VerificationGateway
         IWallet wallet = IWallet(msg.sender);
         bytes32 existingHash = hashFromWallet[wallet];
         if (existingHash == bytes32(0)) { // wallet does not yet have a bls key registered with this gateway
-            // set it instantly
-            safeSetWallet(messageSenderSignature, publicKey, wallet, signatureExpiryTimestamp);
+            // Can't register new wallet contracts, only what this gateway deployed.
         }
         else { // wallet already has a key registered, set after delay
             pendingMessageSenderSignatureFromHash[existingHash] = messageSenderSignature;
@@ -235,6 +234,11 @@ contract VerificationGateway
             }
         }
 
+        require((selectorId != ProxyAdmin.upgrade.selector)
+            && (selectorId != ProxyAdmin.upgradeAndCall.selector),
+            "VG: wallet not upgradable"
+        );
+
         wallet.setAnyPending();
 
         // ensure wallet has pre-approved encodedFunction
diff --git a/contracts/test/upgrade-test.ts b/contracts/test/upgrade-test.ts
index c3c8d9dc..e7d7f15f 100644
--- a/contracts/test/upgrade-test.ts
+++ b/contracts/test/upgrade-test.ts
@@ -44,7 +44,7 @@ describe("Upgrade", async function () {
     fx = await Fixture.getSingleton();
   });
 
-  it("should upgrade wallet contract", async () => {
+  it("should NOT upgrade wallet contract", async () => {
     const MockWalletUpgraded = await ethers.getContractFactory(
       "MockWalletUpgraded",
     );
@@ -57,30 +57,20 @@ describe("Upgrade", async function () {
       wallet.address,
       mockWalletUpgraded.address,
     ]);
-    expectOperationsToSucceed(txnReceipt1);
-
-    // Advance time one week
-    const latestTimestamp = (await ethers.provider.getBlock("latest"))
-      .timestamp;
-    await network.provider.send("evm_setNextBlockTimestamp", [
-      BigNumber.from(latestTimestamp)
-        .add(safetyDelaySeconds + 1)
-        .toHexString(),
-    ]);
+    expectOperationFailure(txnReceipt1, "VG: wallet not upgradable");
 
     // make call
-    const txnReceipt2 = await proxyAdminCall(fx, wallet, "upgrade", [
+    const txnReceipt2 = await proxyAdminCall(fx, wallet, "upgradeAndCall", [
       wallet.address,
       mockWalletUpgraded.address,
+      [],
     ]);
-    expectOperationsToSucceed(txnReceipt2);
-
-    const newBLSWallet = MockWalletUpgraded.attach(wallet.address);
-    await (await newBLSWallet.setNewData(wallet.address)).wait();
-    await expect(newBLSWallet.newData()).to.eventually.equal(wallet.address);
+    expectOperationFailure(txnReceipt2, "VG: wallet not upgradable");
   });
 
   it("should register with new verification gateway", async () => {
+    // Still possible to point wallets to a new gateway if desired, just not with v1 deployment
+    return;
     // Deploy new verification gateway
 
     const [signer] = await ethers.getSigners();

From 9a9b0284b3287ce8f6c2fc6ae04cf209168d103b Mon Sep 17 00:00:00 2001
From: James Zaki <james.zaki@proton.me>
Date: Mon, 22 May 2023 21:26:41 +0100
Subject: [PATCH 4/6] Fix linter errors

---
 contracts/test/upgrade-test.ts | 228 +--------------------------------
 1 file changed, 3 insertions(+), 225 deletions(-)

diff --git a/contracts/test/upgrade-test.ts b/contracts/test/upgrade-test.ts
index e7d7f15f..f5c3b85c 100644
--- a/contracts/test/upgrade-test.ts
+++ b/contracts/test/upgrade-test.ts
@@ -1,21 +1,13 @@
 import { expect } from "chai";
 import { BigNumber, ContractReceipt } from "ethers";
 import { solidityPack } from "ethers/lib/utils";
-import { ethers, network } from "hardhat";
+import { ethers } from "hardhat";
 
 import { expectPubkeysEql } from "./expect";
-import {
-  ActionData,
-  BlsWalletWrapper,
-  getOperationResults,
-} from "../clients/src";
+import { ActionData, getOperationResults } from "../clients/src";
 import Fixture from "../shared/helpers/Fixture";
-import {
-  proxyAdminBundle,
-  proxyAdminCall,
-} from "../shared/helpers/callProxyAdmin";
+import { proxyAdminCall } from "../shared/helpers/callProxyAdmin";
 import getPublicKeyFromHash from "../shared/helpers/getPublicKeyFromHash";
-import deploy from "../shared/deploy";
 
 const expectOperationsToSucceed = (txnReceipt: ContractReceipt) => {
   const opResults = getOperationResults(txnReceipt);
@@ -70,220 +62,6 @@ describe("Upgrade", async function () {
 
   it("should register with new verification gateway", async () => {
     // Still possible to point wallets to a new gateway if desired, just not with v1 deployment
-    return;
-    // Deploy new verification gateway
-
-    const [signer] = await ethers.getSigners();
-
-    const deployment2 = await deploy(
-      signer,
-      ethers.utils.solidityPack(["uint256"], [2]),
-    );
-
-    const vg2 = deployment2.verificationGateway;
-
-    // Recreate hubble bls signer
-    const walletOldVg = await fx.createBLSWallet();
-    const walletAddress = walletOldVg.address;
-    const blsSecret = walletOldVg.blsWalletSigner.privateKey;
-
-    // Sign simple address message
-    const walletNewVg = await BlsWalletWrapper.connect(
-      blsSecret,
-      vg2.address,
-      vg2.provider,
-    );
-
-    const signatureExpiryTimestamp =
-      (await fx.provider.getBlock("latest")).timestamp +
-      safetyDelaySeconds +
-      signatureExpiryOffsetSeconds;
-    const addressMessage = solidityPack(
-      ["address", "uint256"],
-      [walletAddress, signatureExpiryTimestamp],
-    );
-    const addressSignature = walletNewVg.signMessage(addressMessage);
-
-    const proxyAdmin2Address = await vg2.walletProxyAdmin();
-    // Get admin action to change proxy
-    const bundle = await proxyAdminBundle(fx, walletOldVg, "changeProxyAdmin", [
-      walletAddress,
-      proxyAdmin2Address,
-    ]);
-    const changeProxyAction = bundle.operations[0].actions[0];
-
-    // prepare call
-    const txnReceipt = await proxyAdminCall(
-      fx,
-      walletOldVg,
-      "changeProxyAdmin",
-      [walletAddress, proxyAdmin2Address],
-    );
-    expectOperationsToSucceed(txnReceipt);
-
-    // Advance time one week
-    await fx.advanceTimeBy(safetyDelaySeconds + 1);
-
-    const hash = walletOldVg.blsWalletSigner.getPublicKeyHash();
-
-    const setExternalWalletAction: ActionData = {
-      ethValue: BigNumber.from(0),
-      contractAddress: vg2.address,
-      encodedFunction: vg2.interface.encodeFunctionData("setBLSKeyForWallet", [
-        addressSignature,
-        walletOldVg.PublicKey(),
-        signatureExpiryTimestamp,
-      ]),
-    };
-
-    const setTrustedBLSGatewayAction: ActionData = {
-      ethValue: BigNumber.from(0),
-      contractAddress: fx.verificationGateway.address,
-      encodedFunction: fx.verificationGateway.interface.encodeFunctionData(
-        "setTrustedBLSGateway",
-        [hash, vg2.address],
-      ),
-    };
-
-    // Upgrading the gateway requires these three steps:
-    //  1. register external wallet in vg2
-    //  2. change proxy admin to that in vg2
-    //  3. lastly, set wallet's new trusted gateway
-    //
-    // If (1) or (2) are skipped, then (3) should fail, and therefore the whole
-    // operation should fail.
-
-    {
-      // Fail if setExternalWalletAction is skipped
-
-      const { successes } =
-        await fx.verificationGateway.callStatic.processBundle(
-          walletOldVg.sign({
-            nonce: BigNumber.from(1),
-            gas: BigNumber.from(30_000_000),
-            actions: [
-              // skip: setExternalWalletAction,
-              changeProxyAction,
-              setTrustedBLSGatewayAction,
-            ],
-          }),
-        );
-
-      expect(successes).to.deep.equal([false]);
-    }
-
-    {
-      // Fail if changeProxyAction is skipped
-
-      const { successes } =
-        await fx.verificationGateway.callStatic.processBundle(
-          walletOldVg.sign({
-            nonce: BigNumber.from(1),
-            gas: BigNumber.from(30_000_000),
-            actions: [
-              setExternalWalletAction,
-              // skip: changeProxyAction,
-              setTrustedBLSGatewayAction,
-            ],
-          }),
-        );
-
-      expect(successes).to.deep.equal([false]);
-    }
-
-    {
-      // Succeed if nothing is skipped
-
-      const { successes } =
-        await fx.verificationGateway.callStatic.processBundle(
-          walletOldVg.sign({
-            nonce: BigNumber.from(1),
-            gas: BigNumber.from(30_000_000),
-            actions: [
-              setExternalWalletAction,
-              changeProxyAction,
-              setTrustedBLSGatewayAction,
-            ],
-          }),
-        );
-
-      expect(successes).to.deep.equal([true]);
-    }
-
-    await expect(vg2.walletFromHash(hash)).to.eventually.not.equal(
-      walletAddress,
-    );
-
-    // Now actually perform the upgrade so we can perform some more detailed
-    // checks.
-    await fx.processBundleWithExtraGas(
-      walletOldVg.sign({
-        nonce: BigNumber.from(1),
-        gas: BigNumber.from(30_000_000),
-        actions: [
-          setExternalWalletAction,
-          changeProxyAction,
-          setTrustedBLSGatewayAction,
-        ],
-      }),
-    );
-
-    // Create required objects for data/contracts for checks
-    const proxyAdmin = await ethers.getContractAt(
-      "ProxyAdmin",
-      await vg2.walletProxyAdmin(),
-    );
-
-    // Direct checks corresponding to each action
-    await expect(vg2.walletFromHash(hash)).to.eventually.equal(walletAddress);
-    await expect(vg2.hashFromWallet(walletAddress)).to.eventually.equal(hash);
-    await expect(proxyAdmin.getProxyAdmin(walletAddress)).to.eventually.equal(
-      proxyAdmin.address,
-    );
-    expectPubkeysEql(
-      await getPublicKeyFromHash(vg2, hash),
-      walletOldVg.PublicKey(),
-    );
-
-    const blsWallet = await ethers.getContractAt("BLSWallet", walletAddress);
-    // New verification gateway pending
-    await expect(blsWallet.trustedBLSGateway()).to.eventually.equal(
-      fx.verificationGateway.address,
-    );
-    // Advance time one week
-    await fx.advanceTimeBy(safetyDelaySeconds + 1);
-    // set pending
-    await (await blsWallet.setAnyPending()).wait();
-    // Check new verification gateway was set
-    await expect(blsWallet.trustedBLSGateway()).to.eventually.equal(
-      vg2.address,
-    );
-
-    await walletNewVg.syncWallet(vg2);
-    // Check new gateway has wallet via static call through new gateway
-    const bundleResult = await vg2.callStatic.processBundle(
-      fx.blsWalletSigner.aggregate([
-        walletNewVg.sign({
-          nonce: BigNumber.from(2),
-          gas: BigNumber.from(30_000_000),
-          actions: [
-            {
-              ethValue: 0,
-              contractAddress: vg2.address,
-              encodedFunction: vg2.interface.encodeFunctionData(
-                "walletFromHash",
-                [hash],
-              ),
-            },
-          ],
-        }),
-      ]),
-    );
-    const walletFromHashAddress = ethers.utils.defaultAbiCoder.decode(
-      ["address"],
-      bundleResult.results[0][0], // first and only operation/action result
-    )[0];
-    expect(walletFromHashAddress).to.equal(walletAddress);
   });
 
   it("should change mapping of an address to hash", async () => {

From 3251deca540a0b36e48cd6c8a904d579fd184e9e Mon Sep 17 00:00:00 2001
From: jacque006 <jacque006@users.noreply.github.com>
Date: Tue, 27 Jun 2023 13:25:40 -0600
Subject: [PATCH 5/6] Remove signatureExpiryTimestamp from setBLSKeyForWallet

Remove signatureExpiryTimestamp param from setBLSKeyForWallet as it is no longer used.
Rework branching logic in setBLSKeyForWallet to use single if.
---
 contracts/contracts/VerificationGateway.sol | 11 ++++-------
 contracts/test/recovery-test.ts             |  8 ++++----
 contracts/test/upgrade-test.ts              |  1 -
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/contracts/contracts/VerificationGateway.sol b/contracts/contracts/VerificationGateway.sol
index 919c2abc..793321bb 100644
--- a/contracts/contracts/VerificationGateway.sol
+++ b/contracts/contracts/VerificationGateway.sol
@@ -157,20 +157,17 @@ contract VerificationGateway
     @dev overrides previous wallet address registered with the given public key
     @param messageSenderSignature signature of message containing only the calling address
     @param publicKey that signed the caller's address
-    @param signatureExpiryTimestamp that the signature is valid until
      */
     function setBLSKeyForWallet(
         uint256[2] memory messageSenderSignature,
-        uint256[BLS_KEY_LEN] memory publicKey,
-        uint256 signatureExpiryTimestamp
+        uint256[BLS_KEY_LEN] memory publicKey
     ) public {
         require(blsLib.isZeroBLSKey(publicKey) == false, "VG: key is zero");
         IWallet wallet = IWallet(msg.sender);
         bytes32 existingHash = hashFromWallet[wallet];
-        if (existingHash == bytes32(0)) { // wallet does not yet have a bls key registered with this gateway
-            // Can't register new wallet contracts, only what this gateway deployed.
-        }
-        else { // wallet already has a key registered, set after delay
+
+        // Can't register new wallet contracts, only what this gateway deployed.
+        if (existingHash != bytes32(0)) { // wallet already has a key registered, set after delay
             pendingMessageSenderSignatureFromHash[existingHash] = messageSenderSignature;
             pendingBLSPublicKeyFromHash[existingHash] = publicKey;
             pendingBLSPublicKeyTimeFromHash[existingHash] = block.timestamp + 604800; // 1 week from now
diff --git a/contracts/test/recovery-test.ts b/contracts/test/recovery-test.ts
index 791160d8..c383b90f 100644
--- a/contracts/test/recovery-test.ts
+++ b/contracts/test/recovery-test.ts
@@ -95,7 +95,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [addressSignature, wallet2.PublicKey(), signatureExpiryTimestamp],
+      [addressSignature, wallet2.PublicKey()],
       1,
       30_000_000,
     );
@@ -372,7 +372,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [attackSignature, walletAttacker.PublicKey(), signatureExpiryTimestamp],
+      [attackSignature, walletAttacker.PublicKey()],
       recoveredWalletNonce++,
       30_000_000,
     );
@@ -660,7 +660,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [addressSignature, wallet2.PublicKey(), invalidSignatureExpiryTimestamp],
+      [addressSignature, wallet2.PublicKey()],
       1,
       30_000_000,
     );
@@ -724,7 +724,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [addressSignature, wallet2.PublicKey(), signatureExpiryTimestamp],
+      [addressSignature, wallet2.PublicKey()],
       1,
       30_000_000,
     );
diff --git a/contracts/test/upgrade-test.ts b/contracts/test/upgrade-test.ts
index f5c3b85c..91653b02 100644
--- a/contracts/test/upgrade-test.ts
+++ b/contracts/test/upgrade-test.ts
@@ -115,7 +115,6 @@ describe("Upgrade", async function () {
       encodedFunction: vg1.interface.encodeFunctionData("setBLSKeyForWallet", [
         addressSignature,
         wallet2.PublicKey(),
-        signatureExpiryTimestamp,
       ]),
     };
 

From c72b0ea9718b7142b37bf86c2eb35cdf293aca58 Mon Sep 17 00:00:00 2001
From: jacque006 <jacque006@users.noreply.github.com>
Date: Tue, 27 Jun 2023 13:47:56 -0600
Subject: [PATCH 6/6] Pin bls-wallet-clients@0.9.0-3251dec

---
 aggregator-proxy/package.json  |  2 +-
 aggregator-proxy/yarn.lock     | 18 ++++--------------
 aggregator/deps.ts             |  6 +++---
 contracts/clients/package.json |  2 +-
 extension/package.json         |  2 +-
 extension/yarn.lock            | 18 ++++--------------
 6 files changed, 14 insertions(+), 34 deletions(-)

diff --git a/aggregator-proxy/package.json b/aggregator-proxy/package.json
index e6c6cf62..28ac6bca 100644
--- a/aggregator-proxy/package.json
+++ b/aggregator-proxy/package.json
@@ -21,7 +21,7 @@
     "@types/koa__cors": "^3.3.0",
     "@types/koa__router": "^8.0.11",
     "@types/node-fetch": "^2.6.1",
-    "bls-wallet-clients": "0.9.0-2a20bfe",
+    "bls-wallet-clients": "0.9.0-3251dec",
     "fp-ts": "^2.12.1",
     "io-ts": "^2.2.16",
     "io-ts-reporters": "^2.0.1",
diff --git a/aggregator-proxy/yarn.lock b/aggregator-proxy/yarn.lock
index 82aea843..6e5d357c 100644
--- a/aggregator-proxy/yarn.lock
+++ b/aggregator-proxy/yarn.lock
@@ -569,16 +569,6 @@
   version "5.7.0"
   resolved "https://registry.yarnpkg.com/@ethersproject/transactions/-/transactions-5.7.0.tgz#91318fc24063e057885a6af13fdb703e1f993d3b"
   integrity sha512-kmcNicCp1lp8qanMTC3RIikGgoJ80ztTyvtsFvCYpSCfkjhD0jZ2LOrnbcuxuToLIUYYf+4XwD1rP+B/erDIhQ==
-  dependencies:
-    "@ethersproject/address" "^5.7.0"
-    "@ethersproject/bignumber" "^5.7.0"
-    "@ethersproject/bytes" "^5.7.0"
-    "@ethersproject/constants" "^5.7.0"
-    "@ethersproject/keccak256" "^5.7.0"
-    "@ethersproject/logger" "^5.7.0"
-    "@ethersproject/properties" "^5.7.0"
-    "@ethersproject/rlp" "^5.7.0"
-    "@ethersproject/signing-key" "^5.7.0"
 
 "@ethersproject/units@5.6.0":
   version "5.6.0"
@@ -887,10 +877,10 @@ bech32@1.1.4:
   resolved "https://registry.yarnpkg.com/bech32/-/bech32-1.1.4.tgz#e38c9f37bf179b8eb16ae3a772b40c356d4832e9"
   integrity sha512-s0IrSOzLlbvX7yp4WBfPITzpAU8sqQcpsmwXDiKwrG4r491vwCO/XpejasRNl0piBMe/DvP4Tz0mIS/X1DPJBQ==
 
-bls-wallet-clients@0.9.0-2a20bfe:
-  version "0.9.0-2a20bfe"
-  resolved "https://registry.yarnpkg.com/bls-wallet-clients/-/bls-wallet-clients-0.9.0-2a20bfe.tgz#2e39757a18df3ba78d816ae15f6b88000443a2a6"
-  integrity sha512-w4efcArPBEowrAkIdVYc2mOLlkN8E5O9eIqEhoo6IrRVrN21p/JVNdoot4N3o5MAKFbeaYfid/u9lL6p2DNdiw==
+bls-wallet-clients@0.9.0-3251dec:
+  version "0.9.0-3251dec"
+  resolved "https://registry.npmjs.org/bls-wallet-clients/-/bls-wallet-clients-0.9.0-3251dec.tgz#46f6795110abd90a242fec5a59af1ae2a9f45cd9"
+  integrity sha512-GBjJToEK3nEkldnWB8971BlIKCF0AT78GsrnkXfC1WtAYsvtqyZxmfGABMmN4si8GgykyyjYcxTypORz61AGZQ==
   dependencies:
     "@thehubbleproject/bls" "^0.5.1"
     ethers "^5.7.2"
diff --git a/aggregator/deps.ts b/aggregator/deps.ts
index 75dfe47e..d2a84e21 100644
--- a/aggregator/deps.ts
+++ b/aggregator/deps.ts
@@ -54,7 +54,7 @@ export type {
   PublicKey,
   Signature,
   VerificationGateway,
-} from "https://esm.sh/bls-wallet-clients@0.9.0-2a20bfe";
+} from "https://esm.sh/bls-wallet-clients@0.9.0-3251dec";
 
 export {
   Aggregator as AggregatorClient,
@@ -70,10 +70,10 @@ export {
   getConfig,
   MockERC20Factory,
   VerificationGatewayFactory,
-} from "https://esm.sh/bls-wallet-clients@0.9.0-2a20bfe";
+} from "https://esm.sh/bls-wallet-clients@0.9.0-3251dec";
 
 // Workaround for esbuild's export-star bug
-import blsWalletClients from "https://esm.sh/bls-wallet-clients@0.9.0-2a20bfe";
+import blsWalletClients from "https://esm.sh/bls-wallet-clients@0.9.0-3251dec";
 const { bundleFromDto, bundleToDto, initBlsWalletSigner } = blsWalletClients;
 export { bundleFromDto, bundleToDto, initBlsWalletSigner };
 
diff --git a/contracts/clients/package.json b/contracts/clients/package.json
index e2125804..9a919d38 100644
--- a/contracts/clients/package.json
+++ b/contracts/clients/package.json
@@ -1,6 +1,6 @@
 {
   "name": "bls-wallet-clients",
-  "version": "0.9.0-2a20bfe",
+  "version": "0.9.0-3251dec",
   "description": "Client libraries for interacting with BLS Wallet components",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
diff --git a/extension/package.json b/extension/package.json
index 7d14ce95..f10990e2 100644
--- a/extension/package.json
+++ b/extension/package.json
@@ -37,7 +37,7 @@
     "assert-browserify": "^2.0.0",
     "async-mutex": "^0.3.2",
     "axios": "^0.27.2",
-    "bls-wallet-clients": "0.9.0-2a20bfe",
+    "bls-wallet-clients": "0.9.0-3251dec",
     "browser-passworder": "^2.0.3",
     "bs58check": "^2.1.2",
     "crypto-browserify": "^3.12.0",
diff --git a/extension/yarn.lock b/extension/yarn.lock
index 621f24c1..7037f649 100644
--- a/extension/yarn.lock
+++ b/extension/yarn.lock
@@ -1791,16 +1791,6 @@
   version "5.7.0"
   resolved "https://registry.yarnpkg.com/@ethersproject/transactions/-/transactions-5.7.0.tgz#91318fc24063e057885a6af13fdb703e1f993d3b"
   integrity sha512-kmcNicCp1lp8qanMTC3RIikGgoJ80ztTyvtsFvCYpSCfkjhD0jZ2LOrnbcuxuToLIUYYf+4XwD1rP+B/erDIhQ==
-  dependencies:
-    "@ethersproject/address" "^5.7.0"
-    "@ethersproject/bignumber" "^5.7.0"
-    "@ethersproject/bytes" "^5.7.0"
-    "@ethersproject/constants" "^5.7.0"
-    "@ethersproject/keccak256" "^5.7.0"
-    "@ethersproject/logger" "^5.7.0"
-    "@ethersproject/properties" "^5.7.0"
-    "@ethersproject/rlp" "^5.7.0"
-    "@ethersproject/signing-key" "^5.7.0"
 
 "@ethersproject/transactions@^5.5.0", "@ethersproject/transactions@^5.6.2":
   version "5.6.2"
@@ -2898,10 +2888,10 @@ blakejs@^1.1.0:
   resolved "https://registry.yarnpkg.com/blakejs/-/blakejs-1.2.1.tgz#5057e4206eadb4a97f7c0b6e197a505042fc3814"
   integrity sha512-QXUSXI3QVc/gJME0dBpXrag1kbzOqCjCX8/b54ntNyW6sjtoqxqRk3LTmXzaJoh71zMsDCjM+47jS7XiwN/+fQ==
 
-bls-wallet-clients@0.9.0-2a20bfe:
-  version "0.9.0-2a20bfe"
-  resolved "https://registry.yarnpkg.com/bls-wallet-clients/-/bls-wallet-clients-0.9.0-2a20bfe.tgz#2e39757a18df3ba78d816ae15f6b88000443a2a6"
-  integrity sha512-w4efcArPBEowrAkIdVYc2mOLlkN8E5O9eIqEhoo6IrRVrN21p/JVNdoot4N3o5MAKFbeaYfid/u9lL6p2DNdiw==
+bls-wallet-clients@0.9.0-3251dec:
+  version "0.9.0-3251dec"
+  resolved "https://registry.npmjs.org/bls-wallet-clients/-/bls-wallet-clients-0.9.0-3251dec.tgz#46f6795110abd90a242fec5a59af1ae2a9f45cd9"
+  integrity sha512-GBjJToEK3nEkldnWB8971BlIKCF0AT78GsrnkXfC1WtAYsvtqyZxmfGABMmN4si8GgykyyjYcxTypORz61AGZQ==
   dependencies:
     "@thehubbleproject/bls" "^0.5.1"
     ethers "^5.7.2"