When a Safe is deployed via 4337 using passkeys, the owner's address is set to the Shared Signer contract address instead of the passkey signer address.
We need to implement a fix in the protocol-kit to ensure it correctly identifies Shared Signer passkeys as the owners of the Safe.
Affected Flows:
isOwner(passkey): Verify if a Shared Signer passkey is the owner of the Safe.
createRemoveOwnerTx(passkey): Allow transactions for removing a Shared Signer passkey as an owner.
createSwapOwnerTx(passkey): Allow swapping form a Shared Signer passkeys to another passkey owner or address.
Proposed solution
Extend the getPasskeyOwnerAddress function correctly identifies Shared Signer passkeys as the owners of the Safe:
/**
* Returns the owner address of the specific passkey.
* If it is the Shared Signer of this Safe returns Shared signer passkey contract address
*
* @param {PasskeyArgType} passkey The passkey owner
* @returns {Promise<string>} Returns the passkey owner address
*/
async getPasskeyOwnerAddress(passkey: PasskeyArgType): Promise<string> {
// TODO: implement the isSharedSignerPasskey(passkey) logic
const isSharedSigner = isSharedSignerPasskey(passkey)
if (isSharedSigner) {
return SAFE_WEBAUTHN_SHARED_SIGNER_ADDRESS
}
const passkeySigner = await this.#getPasskeySigner(passkey)
const passkeyOwnerAddress = await passkeySigner.getAddress()
return passkeyOwnerAddress
}
Context / issue
When a Safe is deployed via 4337 using passkeys, the owner's address is set to the Shared Signer contract address instead of the passkey signer address.
We need to implement a fix in the protocol-kit to ensure it correctly identifies Shared Signer passkeys as the owners of the Safe.
Affected Flows:
isOwner(passkey)
: Verify if a Shared Signer passkey is the owner of the Safe.createRemoveOwnerTx(passkey)
: Allow transactions for removing a Shared Signer passkey as an owner.createSwapOwnerTx(passkey)
: Allow swapping form a Shared Signer passkeys to another passkey owner or address.Proposed solution
Extend the
getPasskeyOwnerAddress
function correctly identifies Shared Signer passkeys as the owners of the Safe: