💥 introduced register-unregister wallet in identity

.gitignore

@@ -23,3 +23,5 @@ artifacts
 coverage.json
 cache
 typechain-types
+
+out

contracts/IdentityUtilities.sol

@@ -233,7 +233,7 @@ contract IdentityUtilities is
         bytes memory signature,
         bytes memory data
     ) internal view returns (bool) {
-        if (issuer == address(0)) return false;
+        if (issuer == address(0) || issuer.code.length == 0) return false;
         try
             IClaimIssuer(issuer).isClaimValid(
                 IIdentity(identity),

contracts/factory/IIdFactory.sol

@@ -3,7 +3,6 @@ pragma solidity ^0.8.27;
 
 interface IIdFactory {
     /// events
-
     // event emitted whenever a single contract is deployed by the factory
     event Deployed(address indexed _addr);
 
@@ -95,6 +94,34 @@ interface IIdFactory {
      */
     function unlinkWallet(address _oldWallet) external;
 
+    /**
+     *  @dev function used to link a wallet to an identity using signature verification
+     *  @param wallet the address of the wallet to link
+     *  @param signature signature provided by the wallet
+     *  @param nonce replay protection nonce, must match the current nonce for the wallet
+     *  @param expiry expiry timestamp for the signature
+     *  requires the wallet to sign a message binding wallet, identity, nonce, expiry, contract and chain id
+     *  requires the wallet to hold a MANAGEMENT key on the identity
+     *  requires msg.sender to be the identity contract
+     *  wallet cannot be address 0
+     *  signature must not be expired
+     *  nonce must match the current wallet nonce (replay protection)
+     */
+    function linkWalletWithSignature(
+        address wallet,
+        bytes calldata signature,
+        uint256 nonce,
+        uint256 expiry
+    ) external;
+
+    /**
+     *  @dev function used to unlink a wallet from an identity via the identity contract
+     *  @param wallet the address of the wallet to unlink
+     *  requires msg.sender to be the identity contract that the wallet is linked to
+     *  wallet cannot be address 0
+     */
+    function unlinkWalletWithSignature(address wallet) external;
+
     /**
      *  @dev function used to register an address as a token factory
      *  @param _factory the address of the token factory
@@ -148,6 +175,12 @@ interface IIdFactory {
      */
     function isSaltTaken(string calldata _salt) external view returns (bool);
 
+    /**
+     *  @dev getter for the current nonce of a wallet, used for signature replay protection
+     *  @param wallet the address of the wallet
+     */
+    function walletNonce(address wallet) external view returns (uint256);
+
     /**
      * @dev getter for the implementation authority used by this factory.
      */

contracts/factory/IdFactory.sol

@@ -2,15 +2,20 @@
 pragma solidity ^0.8.27;
 
 import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
+import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import { MessageHashUtils } from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";
 
 import { IdentityProxy } from "../proxy/IdentityProxy.sol";
 import { IIdFactory } from "./IIdFactory.sol";
 import { IERC734 } from "../interface/IERC734.sol";
+import { IIdentity } from "../interface/IIdentity.sol";
 import { Errors } from "../libraries/Errors.sol";
 import { KeyPurposes } from "../libraries/KeyPurposes.sol";
 import { KeyTypes } from "../libraries/KeyTypes.sol";
 
 contract IdFactory is IIdFactory, Ownable {
+    uint256 private constant _MAX_WALLETS_PER_IDENTITY = 101;
+
     // address of the _implementationAuthority contract making the link to the implementation contract
     address public immutable implementationAuthority;
 
@@ -32,6 +37,9 @@ contract IdFactory is IIdFactory, Ownable {
     // token linked to an ONCHAINID
     mapping(address => address) private _tokenAddress;
 
+    // nonce per wallet for signature replay protection
+    mapping(address => uint256) private _walletNonces;
+
     // setting
     constructor(address implementationAuthorityAddress) Ownable(msg.sender) {
         require(
@@ -186,7 +194,7 @@ contract IdFactory is IIdFactory, Ownable {
         );
         address identity = _userIdentity[msg.sender];
         require(
-            _wallets[identity].length < 101,
+            _wallets[identity].length < _MAX_WALLETS_PER_IDENTITY,
             Errors.MaxWalletsPerIdentityExceeded()
         );
         _userIdentity[_newWallet] = identity;
@@ -220,6 +228,74 @@ contract IdFactory is IIdFactory, Ownable {
         emit WalletUnlinked(_oldWallet, _identity);
     }
 
+    /**
+     *  @dev See {IIdFactory-linkWalletWithSignature}.
+     */
+    function linkWalletWithSignature(
+        address wallet,
+        bytes calldata signature,
+        uint256 nonce,
+        uint256 expiry
+    ) external override {
+        require(wallet != address(0), Errors.ZeroAddress());
+        require(block.timestamp <= expiry, Errors.ExpiredSignature(signature));
+        require(nonce == _walletNonces[wallet], Errors.InvalidNonce(nonce));
+
+        address identity = msg.sender;
+        _verifyWalletSignature(wallet, identity, nonce, expiry, signature);
+
+        // require the wallet is a MANAGEMENT key on the identity
+        bytes32 key = keccak256(abi.encode(wallet));
+        require(
+            IIdentity(identity).keyHasPurpose(key, KeyPurposes.MANAGEMENT),
+            Errors.KeyDoesNotHavePurpose(key, KeyPurposes.MANAGEMENT)
+        );
+
+        // Check if wallet is already linked
+        require(
+            _userIdentity[wallet] == address(0),
+            Errors.WalletAlreadyLinkedToIdentity(wallet)
+        );
+        require(
+            _tokenIdentity[wallet] == address(0),
+            Errors.TokenAlreadyLinked(wallet)
+        );
+
+        // Check max wallets per identity
+        require(
+            _wallets[identity].length < _MAX_WALLETS_PER_IDENTITY,
+            Errors.MaxWalletsPerIdentityExceeded()
+        );
+
+        _walletNonces[wallet]++;
+        _userIdentity[wallet] = identity;
+        _wallets[identity].push(wallet);
+        emit WalletLinked(wallet, identity);
+    }
+
+    /**
+     *  @dev See {IIdFactory-unlinkWalletWithSignature}.
+     */
+    function unlinkWalletWithSignature(address wallet) external override {
+        require(wallet != address(0), Errors.ZeroAddress());
+        require(
+            _userIdentity[wallet] == msg.sender,
+            Errors.WalletNotLinkedToIdentity(wallet)
+        );
+
+        address identity = _userIdentity[wallet];
+        delete _userIdentity[wallet];
+        uint256 length = _wallets[identity].length;
+        for (uint256 i = 0; i < length; i++) {
+            if (_wallets[identity][i] == wallet) {
+                _wallets[identity][i] = _wallets[identity][length - 1];
+                _wallets[identity].pop();
+                break;
+            }
+        }
+        emit WalletUnlinked(wallet, identity);
+    }
+
     /**
      *  @dev See {IdFactory-getIdentity}.
      */
@@ -260,6 +336,15 @@ contract IdFactory is IIdFactory, Ownable {
         return _tokenAddress[_identity];
     }
 
+    /**
+     *  @dev See {IIdFactory-walletNonce}.
+     */
+    function walletNonce(
+        address wallet
+    ) external view override returns (uint256) {
+        return _walletNonces[wallet];
+    }
+
     /**
      *  @dev See {IdFactory-isTokenFactory}.
      */
@@ -303,4 +388,33 @@ contract IdFactory is IIdFactory, Ownable {
         bytes memory bytecode = abi.encodePacked(_code, _constructData);
         return _deploy(_salt, bytecode);
     }
+
+    function _verifyWalletSignature(
+        address wallet,
+        address identity,
+        uint256 nonce,
+        uint256 expiry,
+        bytes calldata signature
+    ) private view {
+        bytes32 structHash = keccak256(
+            abi.encode(
+                wallet,
+                identity,
+                nonce,
+                expiry,
+                address(this),
+                block.chainid
+            )
+        );
+
+        bytes32 digest = MessageHashUtils.toEthSignedMessageHash(structHash);
+        (address signer, ECDSA.RecoverError error, ) = ECDSA.tryRecover(
+            digest,
+            signature
+        );
+        require(
+            error == ECDSA.RecoverError.NoError && signer == wallet,
+            Errors.InvalidSignature()
+        );
+    }
 }

contracts/libraries/Errors.sol

@@ -14,6 +14,9 @@ library Errors {
     /// @notice Reverts if the factory is already registered
     error AlreadyAFactory(address factory);
 
+    /// @notice Reverts when the recovered signer does not match the wallet being registered
+    error InvalidSignature();
+
     /// @notice Reverts if the function is called on the sender address
     error CannotBeCalledOnSenderAddress();
 
@@ -32,9 +35,6 @@ library Errors {
     /// @notice Reverts if the only linked wallet tries to unlink
     error OnlyLinkedWalletCanUnlink();
 
-    /// @notice Reverts if the account is not authorized to call the function
-    error OwnableUnauthorizedAccount(address account); // TODO: OZ
-
     /// @notice Reverts if the salt is taken
     error SaltTaken(string salt);
 
@@ -50,6 +50,9 @@ library Errors {
     /// @notice Reverts if the wallet is not linked to an identity
     error WalletNotLinkedToIdentity(address wallet);
 
+    /// @notice Reverts if the nonce does not match the expected wallet nonce
+    error InvalidNonce(uint256 nonce);
+
     /* ----- Gateway ----- */
 
     /// @notice The maximum number of signers was reached at deployment.
@@ -84,26 +87,6 @@ library Errors {
     /// @notice The initialization failed.
     error InitializationFailed();
 
-    /* ----- Verifier ----- */
-
-    /// @notice The claim topic already exists.
-    error ClaimTopicAlreadyExists(uint256 claimTopic);
-
-    /// @notice The maximum number of claim topics is exceeded.
-    error MaxClaimTopicsExceeded();
-
-    /// @notice The maximum number of trusted issuers is exceeded.
-    error MaxTrustedIssuersExceeded();
-
-    /// @notice The trusted issuer already exists.
-    error TrustedIssuerAlreadyExists(address trustedIssuer);
-
-    /// @notice The trusted claim topics cannot be empty.
-    error TrustedClaimTopicsCannotBeEmpty();
-
-    /// @notice The trusted issuer does not exist.
-    error NotATrustedIssuer(address trustedIssuer);
-
     /* ----- ClaimIssuer ----- */
 
     /// @notice The claim already exists.
@@ -147,23 +130,6 @@ library Errors {
     /// @notice The claim is invalid.
     error InvalidClaim();
 
-    /* ----- IdentityUtilities ----- */
-
-    /// @notice 0 is not a valid topic.
-    error EmptyTopic();
-
-    /// @notice 0 is not a valid Format.
-    error EmptyFormat();
-
-    /// @notice Name cannot be left empty.
-    error EmptyName();
-
-    /// @notice Use update function for existing topics.
-    error TopicAlreadyExists(uint256 topic);
-
-    /// @notice Topic is not registered yet.
-    error TopicNotFound(uint256 topic);
-
     /* ----- ClaimIssuerFactory ----- */
 
     /// @notice The claim issuer already exists.

eslint.config.js

@@ -12,6 +12,7 @@ export default [
       "artifacts/**",
       "cache/**",
       "coverage/**",
+      "dependencies/**",
       "**/coverage/**",
       "**/node_modules/**",
       "**/coverage/lcov-report/**",