Legion

[Dargon789]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
legion	Canceled		Mar 14, 2026 9:42am

[sourcery-ai]

Sorry @Dargon789, your pull request is larger than the review limit of 150000 diff characters

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Dargon789]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the project's infrastructure by modernizing the deployment process, optimizing core contract interactions for gas efficiency, and improving the flexibility of financial operations within the system. It also includes routine version updates and cleanup of deprecated components to maintain a lean and efficient codebase.

Highlights

• Deployment System Overhaul: The deployment system has been significantly refactored to leverage Foundry's stdToml for configuration and introduce a new registry file system for tracking deployed contract addresses. This replaces the previous Config inheritance and direct config.toml modifications, streamlining multi-chain deployments and improving configuration management.
• Orchestrator and IthacaAccount Refactoring: The core Orchestrator and IthacaAccount contracts underwent substantial internal refactoring. The Intent struct was removed from ICommon.sol and its fields are now directly parsed from calldata using a new IntentHelpers library, optimizing gas usage and improving efficiency. The execute and _computeDigest functions in Orchestrator were updated to reflect these changes.
• Escrow Contract Refund Logic Enhancement: The Escrow.sol contract's refund mechanisms were updated to allow immediate refunds by either the recipient or depositor, even before the refundTimestamp has passed, providing more flexibility in managing escrowed funds.
• Version Bumps and Dependency Updates: The IthacaAccount contract version was bumped to 0.5.11, Orchestrator to 0.5.6, and SimpleFunder to 0.1.9. Additionally, the LayerZero-v2 and forge-std submodules were updated to their latest commits, and a new lib/devtools submodule was added.
• Removal of Legacy Scripts and Interfaces: Several outdated components were removed, including the execute_config.sh and verify_config.sh shell scripts, the IMulticall3 interface, and various LayerZero-related mock interfaces and OApp contracts, simplifying the codebase.

Changelog

• .changeset/README.md
  • Added a new README file for Changesets, detailing its purpose for versioning and publishing code in multi-package or single-package repositories.
• .changeset/config.json
  • Added a new configuration file for Changesets, setting up changelog generation, access control, base branch, and internal dependency updates.
• .env.example
  • Updated RPC endpoints for various networks, including Arbitrum and Base, and added local development RPCs.
  • Removed deprecated UPGRADE_TEST variables and GAS_SIGNER_MNEMONIC.
  • Added VERIFICATION_KEY placeholders for block explorer API keys.
• .gitmodules
  • Added lib/devtools as a new submodule.
• CHANGELOG.md
  • Removed deprecated changelog sections prior to version 0.5.0.
  • Corrected a typo from 'udpated' to 'updated' in an error message description.
• deploy/ConfigureLayerZeroSettler.s.sol
  • Removed Config inheritance and refactored to use vm.readFork* cheatcodes for reading configuration variables.
  • Removed l0SettlerSigner from the LayerZeroChainConfig struct.
  • Simplified the fork creation and selection logic, removing isForkInitialized and _loadConfigAndForks.
• deploy/DeployMain.s.sol
  • Removed Config inheritance and refactored to use stdToml for configuration parsing.
  • Introduced a new registry system for deployed contract addresses, saving them to JSON files instead of config.toml.
  • Removed ExpToken deployment logic and related configuration fields from ChainConfig struct.
  • Updated Orchestrator deployment to pass pauseAuthority in its constructor.
  • Added checks to skip deployment if a contract is already present in the registry.
• deploy/FundSigners.s.sol
  • Removed Config inheritance and refactored to use stdToml for configuration parsing.
  • Removed supportedOrchestrators from ChainFundingConfig and the setOrchestratorsInSimpleFunder function.
  • Simplified the default chain ID loading for the run function.
• deploy/README.md
  • Updated the configuration structure example to reflect the new [profile.deployment] and [forks.<chain>.vars] format.
  • Replaced automatic address writing to config.toml with a new registry file system.
  • Removed the ExpToken deployment section and updated dependencies list.
  • Removed references to execute_config.sh and verify_config.sh scripts.
• deploy/config.toml
  • Restructured the configuration to use [profile.deployment] for global settings and [forks.<chain>.vars] for chain-specific variables.
  • Added registry_path to profile.deployment.
  • Removed endpoint_url from chain sections, as RPC URLs are now read from environment variables.
  • Removed *_deployed fields, exp_minter_address, exp_mint_amount, and supported_orchestrators.
• deploy/execute_config.sh
  • Removed the shell script for executing multi-chain deployments.
• deploy/registry/deployment_11155420_0x0000000000000000000000000000000000000000000000000000000000000001.json
  • Added a new registry file for deployed contracts on chain 11155420.
• deploy/registry/deployment_84532_0x0000000000000000000000000000000000000000000000000000000000000001.json
  • Added a new registry file for deployed contracts on chain 84532.
• deploy/verify_config.sh
  • Removed the shell script for verifying multi-chain configurations.
• docs/4337CallGraph.md
  • Removed the ERC-4337 call graph documentation.
• docs/IthacaCallGraph.md
  • Removed the Ithaca call graph documentation.
• foundry.toml
  • Updated extends to point to deploy/config.toml for unified configuration.
  • Increased gas_limit to 100,000,000.
  • Adjusted fs_permissions to allow read-write access to deploy/registry and read-only access to deploy/config.toml.
• gas-snapshots/.gas-snapshot-main
  • Added a new gas snapshot file, likely reflecting updated gas costs from recent changes.
• lib/LayerZero-v2
  • Updated the LayerZero-v2 submodule to a newer commit.
• lib/forge-std
  • Updated the forge-std submodule to a newer commit.
• src/Escrow.sol
  • Modified refund, refundDepositor, and refundRecipient functions to allow immediate refunds if msg.sender is the recipient or depositor, or if the refund timestamp has passed.
• src/GuardedExecutor.sol
  • Removed the direct import of ERC7821 and replaced it with ERC7821Ithaca from the local libraries directory.
  • Changed the error SuperAdminCanSpendAnything to SuperAdminCanExecuteEverything.
  • Corrected typos in comments for _isSuperAdmin and _getGuardedExecutorKeyStorageSeed from 'overriden' to 'overridden'.
• src/IthacaAccount.sol
  • Adjusted the isValidSignature function to use a more concise check for msg.sender within the LibBit.and condition.
  • Formatted the getKeys function signature for better readability.
  • Modified the Unauthorized check in the _execute function to use LibBit.and and LibBit.or for clarity.
  • Bumped the contract version to 0.5.11.
• src/MultiSigSigner.sol
  • Corrected a typo in a comment from 'Calcualated' to 'Calculated'.
  • Corrected a typo in a comment from 'signaturs' to 'signatures'.
• src/Orchestrator.sol
  • Added IntentHelpers import and made Orchestrator inherit from it.
  • Updated INTENT_TYPEHASH and SIGNED_CALL_TYPEHASH definitions, removing the multichain boolean field.
  • Introduced MERKLE_VERIFICATION constant for nonce prefixing.
  • Changed the execute function's visibility to external and removed nonReentrant from execute(bytes[]).
  • Refactored simulateExecute to parse isStateOverride and combinedGasOverride directly from calldata.
  • Removed the _extractIntent function, replacing its functionality with direct calldata parsing via IntentHelpers.
  • Refactored _execute to use IntentHelpers for accessing intent fields and managing calldata pointers.
  • Updated IntentExecuted event emission to use _getEoa() and _getNonce().
  • Refactored selfCallPayVerifyCall537021665 to use IntentHelpers for parsing and removed _verifyMerkleSig.
  • Updated _fund and _pay function signatures and internal logic to accept individual parameters instead of the full Intent struct.
  • Simplified _computeDigest functions for SignedCall and Intent by removing isMultichain and using direct calldata access.
  • Bumped the contract version to 0.5.6.
• src/SimpleFunder.sol
  • Bumped the contract version to 0.1.9.
  • Changed type(uint256).max to a 20-byte all-ones sentinel in the approve call for ERC20 tokens.
• src/Simulator.sol
  • Added MockOrchestrator and IntentHelpers imports, and made Simulator inherit IntentHelpers.
  • Refactored _updatePaymentAmounts to directly manipulate memory for combinedGas, paymentAmount, and paymentMaxAmount.
  • Updated _callOrchestratorCalldata and _callOrchestratorMemory to use abi.encodePacked for simulateExecute arguments.
• src/interfaces/ICommon.sol
  • Removed the Intent struct definition, as its fields are now parsed directly from calldata.
• src/interfaces/IIthacaAccount.sol
  • Updated the pay function signature to accept individual parameters (eoa, payer, paymentToken, paymentRecipient, paymentSignature) instead of the full encodedIntent.
• src/interfaces/IMulticall3.sol
  • Removed the IMulticall3 interface.
• src/interfaces/IOrchestrator.sol
  • Updated the simulateExecute function signature to accept a single bytes calldata encodedIntent argument.
• src/libraries/ERC7821Ithaca.sol
  • Added a new library ERC7821Ithaca which is a minimal batch executor mixin, extending Solady's Receiver.
• src/libraries/IntentHelpers.sol
  • Added a new library IntentHelpers to provide utility functions for parsing Intent fields directly from calldata using assembly, defining offsets for various fields, and handling dynamic bytes.
• src/vendor/layerzero/interfaces/IOAppCore.sol
  • Removed the IOAppCore interface.
• src/vendor/layerzero/interfaces/IOAppMsgInspector.sol
  • Removed the IOAppMsgInspector interface.
• src/vendor/layerzero/interfaces/IOAppReceiver.sol
  • Removed the IOAppReceiver interface.
• src/vendor/layerzero/oapp/OApp.sol
  • Removed the OApp abstract contract.
• src/vendor/layerzero/oapp/OAppCore.sol
  • Removed the OAppCore abstract contract.
• src/vendor/layerzero/oapp/OAppReceiver.sol
  • Removed the OAppReceiver abstract contract.
• src/vendor/layerzero/oapp/OAppSender.sol
  • Removed the OAppSender abstract contract.
• test/Base.t.sol
  • Removed the direct import of ERC7821 and replaced it with ERC7821Ithaca.
  • Added _ERC7821_BATCH_SANS_TO_EXECUTION_MODE constant.
• test/Benchmark.t.sol
  • Renamed testERC20Transfer_IthacaAccount to testERC20Transfer_IthacaAccount1.
  • Updated Orchestrator.Intent references to Intent.
  • Replaced oc.computeDigest(u) with computeDigest(u) and abi.encode(u) with encodeIntent(u).
  • Added testERC20TransferViaPortoOrchestratorWithPasskey benchmark test.
• test/Escrow.t.sol
  • Added testEarlyRefundFunctionality to verify the new refund logic, including immediate refunds by authorized parties and unauthorized access attempts.
• test/GuardedExecutor.t.sol
  • Updated Orchestrator.Intent references to Intent.
  • Replaced oc.execute(abi.encode(u)) with oc.execute(encodeIntent(u)).
  • Updated revert checks for SuperAdminCanSpendAnything to SuperAdminCanExecuteEverything.
  • Adjusted u.nonce assignments to use d.d.getNonce(0) instead of hardcoded values.
• test/MultiSigSigner.t.sol
  • Removed the MultiSigSigner.t.sol test file.
• test/Orchestrator.t.sol
  • Updated Orchestrator.Intent references to Intent.
  • Replaced abi.encode(u) with encodeIntent(u) for encoding intents.
  • Replaced oc.computeDigest(u) with computeDigest(u) for digest computation.
  • Adjusted u.nonce assignments for multichain intents to use 0x6D76 << 176 (MERKLE_VERIFICATION prefix).
  • Updated multichain intent signature encoding to include additional padding bytes.
• test/SimulateExecute.t.sol
  • Updated Orchestrator.Intent references to Intent.
  • Replaced abi.encode(i) with encodeIntent(i) for encoding intents.
  • Updated oc.simulateExecute calls to use the new encodeIntent helper with isStateOverride and combinedGasOverride.
  • Updated simulator.simulateV1Logs calls to use encodeIntent(i).
• test/SubAccounts.t.sol
  • Added a new test file SubAccounts.t.sol to test parent-child account architecture with spending permissions and DApp integration.
• test/UpgradeTests.t.sol
  • Removed the UpgradeTests.t.sol test file.
• test/utils/interfaces/IPimlicoPaymaster.sol
  • Corrected typos in comments from 'singature' to 'signature' and 'verfiying' to 'verifying'.
• test/utils/interfaces/ISafe.sol
  • Removed the ISafe interface and related interfaces.
• test/utils/mocks/MockOrchestrator.sol
  • Added hashTypedData and hashTypedDataSansChainId functions to expose internal EIP712 hashing for testing purposes.
• test/utils/mocks/MockPayerWithSignature.sol
  • Updated the pay function signature to match the new IIthacaAccount interface, accepting individual parameters instead of encodedIntent.
  • Adjusted internal logic to use the new parameters and removed ICommon.Intent decoding.
• test/utils/mocks/MockPayerWithSignatureOptimized.sol
  • Removed the MockPayerWithSignatureOptimized.sol mock file.
• test/utils/mocks/MockPayerWithState.sol
  • Updated the pay function signature to match the new IIthacaAccount interface, accepting individual parameters instead of encodedIntent.
  • Adjusted internal logic to use the new parameters and removed ICommon.Intent decoding.

Ignored Files

• Ignored by pattern: .github/workflows/** (5)
  • .github/workflows/auto-assign.yaml
  • .github/workflows/ci.yaml
  • .github/workflows/claude-code.yml
  • .github/workflows/manual-deployment.yml
  • .github/workflows/version-check.yaml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a major refactoring of the deployment scripts and core contract logic, primarily for gas optimization and improved configuration management. The transition from forge-std/Config to a foundry.toml-based fork configuration with a deployment registry is a significant enhancement for maintainability. The core contract changes, especially in Orchestrator.sol, aim for gas efficiency by using packed bytes for intents. While these changes are generally positive, I've identified two critical issues in the multichain intent verification logic and a few medium-severity issues related to security best practices and script flexibility.

[gemini-code-assist]

The early balance check for the payer is now performed unconditionally. The previous implementation correctly skipped this check for multichain intents (if (!i.isMultichain && ...)), as the funding for such intents happens later in the execution flow. By performing this check for all intents, multichain intents that rely on cross-chain funding will likely fail at this stage, as the funds won't be present on the orchestrator's chain yet. This appears to be a regression. The check should be conditional, for example if (!(_getNonce() >> 240 == MULTICHAIN_NONCE_PREFIX) && ...).

[gemini-code-assist]

The logic for handling multichain intents with Merkle proofs appears to be incomplete. The previous implementation had a dedicated _verifyMerkleSig function that performed MerkleProofLib.verify. This function has been removed, but the new logic in selfCallPayVerifyCall537021665 calls _verify (which in turn calls IthacaAccount.unwrapAndValidateSignature) for all intents, including those marked for Merkle verification via the nonce prefix. However, IthacaAccount.unwrapAndValidateSignature does not appear to have been updated to handle Merkle proofs. This means the Merkle proof is passed as a regular signature but is never actually verified against the root and digest, which defeats the purpose of Merkle-based multichain intents and is a critical security vulnerability as it would allow invalid cross-chain transactions to be executed.

[gemini-code-assist]

While this is a default, well-known private key for local development (anvil), it's generally better practice to leave this field empty in example environment files (e.g., PRIVATE_KEY=). This reduces the risk of developers accidentally committing a real private key if they modify this file directly.

PRIVATE_KEY=

[gemini-code-assist]

The writeToRegistry function manually constructs a JSON string using a series of string.concat calls and a first flag to handle commas. This approach is verbose, error-prone, and hard to maintain. A small helper function could encapsulate the logic for adding a key-value pair to the JSON string, making the code cleaner and more robust.

[gemini-code-assist]

The run() function now defaults to a hardcoded list of testnet chain IDs. While this might be convenient for development, it makes the script less flexible. The previous implementation read all chain IDs from the configuration file, which is a more robust approach. Consider restoring the behavior of reading chain IDs from the configuration or from vm.readForkChainIds() to maintain consistency with other deployment scripts.