feat: browser wallet (#12302)

* start drafting

* establish very basic flow

* nits

* clean up api

* create basic test suite

* make timeout configurable, improve types, extend tests

* fix test

* clean up

* add transaction accept test

* clean up tests

* add basic setup test

* solidify api

* simplify and harden api

* tweaks

* move tests

* expand test suite

* clean up

* nit

* add basic session token

* apply session token, fix tests by adding session token to reqwest

* fix test

* fix reqwest openssl issue, use workspace version

* harden CSP, inject session token into JS, define 0 cache policy

* remove flawed session token for now, to implement actual /session route & cookie token

* port interface

* replace with v0.0.0 release of foundry-browser-wallet

* host interface

* ignore build files from typos

* update

* fix CSP to allow for RPC calls

* update wallet v0.0.0

* nits

* add development mode to relax certain security restrictions such as origin check, enforce injected session token protected by strict CSP in production

* update browser wallet v0.0.0, includes session token support

* add notice

* add signing flow

* restructure sign message

* serialize camelcase

* bump version

* prefer fields

* prefer non-blocking async api

* remove unintended bump of proptest

Author: zerosnacks

Cargo.lock

@@ -285,13 +285,14 @@ op-alloy-consensus = "0.22.0"
 op-alloy-rpc-types = "0.22.0"
 op-alloy-flz = "0.13.1"
 
-## revm
+## alloy-evm
+alloy-evm = "0.23.2"
+alloy-op-evm = "0.23.2"
+
+# revm
 revm = { version = "31.0.0", default-features = false }
 revm-inspectors = { version = "0.32.0", features = ["serde"] }
 op-revm = { version = "12.0.0", default-features = false }
-## alloy-evm
-alloy-evm = "0.23.1"
-alloy-op-evm = "0.23.1"
 
 ## cli
 anstream = "0.6"

Cargo.toml

@@ -1,7 +1,5 @@
-use crate::{
-    Cast,
-    tx::{self, CastTxBuilder},
-};
+use std::{path::PathBuf, str::FromStr, time::Duration};
+
 use alloy_ens::NameOrAddress;
 use alloy_network::{AnyNetwork, EthereumWallet};
 use alloy_provider::{Provider, ProviderBuilder};
@@ -15,7 +13,12 @@ use foundry_cli::{
     utils,
     utils::LoadConfig,
 };
-use std::{path::PathBuf, str::FromStr, time::Duration};
+use foundry_wallets::WalletSigner;
+
+use crate::{
+    Cast,
+    tx::{self, CastTxBuilder},
+};
 
 /// CLI arguments for `cast send`.
 #[derive(Debug, Parser)]
@@ -158,7 +161,7 @@ impl SendTxArgs {
         // Default to sending via eth_sendTransaction if the --unlocked flag is passed.
         // This should be the only way this RPC method is used as it requires a local node
         // or remote RPC with unlocked accounts.
-        if unlocked {
+        if unlocked && !eth.wallet.browser {
             // only check current chain id if it was specified in the config
             if let Some(config_chain) = config.chain {
                 let current_chain_id = provider.get_chain_id().await?;
@@ -192,14 +195,33 @@ impl SendTxArgs {
 
             tx::validate_from_address(eth.wallet.from, from)?;
 
-            let (tx, _) = builder.build(&signer).await?;
+            // Browser wallets work differently as they sign and send the transaction in one step.
+            if eth.wallet.browser
+                && let WalletSigner::Browser(ref browser_signer) = signer
+            {
+                let (tx_request, _) = builder.build(from).await?;
+                let tx_hash = browser_signer.send_transaction_via_browser(tx_request.inner).await?;
+
+                if cast_async {
+                    sh_println!("{tx_hash:#x}")?;
+                } else {
+                    let receipt = Cast::new(&provider)
+                        .receipt(format!("{tx_hash:#x}"), None, confirmations, Some(timeout), false)
+                        .await?;
+                    sh_println!("{receipt}")?;
+                }
+
+                return Ok(());
+            }
+
+            let (tx_request, _) = builder.build(&signer).await?;
 
             let wallet = EthereumWallet::from(signer);
             let provider = ProviderBuilder::<_, _, AnyNetwork>::default()
                 .wallet(wallet)
                 .connect_provider(&provider);
 
-            cast_send(provider, tx, cast_async, confirmations, timeout).await
+            cast_send(provider, tx_request, cast_async, confirmations, timeout).await
         }
     }
 }

crates/cast/src/cmd/send.rs

@@ -4,7 +4,7 @@ use std::env;
 
 use foundry_common::{fs, sh_err, sh_println};
 use foundry_config::Config;
-use foundry_wallets::multi_wallet::MultiWalletOptsBuilder;
+use foundry_wallets::wallet_multi::MultiWalletOptsBuilder;
 
 /// CLI arguments for `cast wallet list`.
 #[derive(Clone, Debug, Parser)]

crates/cast/src/cmd/wallet/list.rs

@@ -46,7 +46,7 @@ use foundry_evm_core::{
 use foundry_evm_traces::{
     TracingInspector, TracingInspectorConfig, identifier::SignaturesIdentifier,
 };
-use foundry_wallets::multi_wallet::MultiWallet;
+use foundry_wallets::wallet_multi::MultiWallet;
 use itertools::Itertools;
 use proptest::test_runner::{RngAlgorithm, TestRng, TestRunner};
 use rand::Rng;

crates/cheatcodes/src/inspector.rs

@@ -7,7 +7,7 @@ use alloy_rpc_types::Authorization;
 use alloy_signer::SignerSync;
 use alloy_signer_local::PrivateKeySigner;
 use alloy_sol_types::SolValue;
-use foundry_wallets::{WalletSigner, multi_wallet::MultiWallet};
+use foundry_wallets::{WalletSigner, wallet_multi::MultiWallet};
 use parking_lot::Mutex;
 use revm::{
     bytecode::Bytecode,

crates/cheatcodes/src/script.rs

@@ -1,4 +1,3 @@
-
 [package]
 name = "forge-lint"
 

crates/lint/Cargo.toml

@@ -25,6 +25,15 @@ alloy-consensus.workspace = true
 alloy-sol-types.workspace = true
 alloy-dyn-abi.workspace = true
 
+# browser wallet
+alloy-rpc-types.workspace = true
+axum.workspace = true
+foundry-common.workspace = true
+serde_json.workspace = true
+tokio = { workspace = true, features = ["macros"] }
+uuid.workspace = true
+webbrowser = "1.0.6"
+
 # aws-kms
 alloy-signer-aws = { workspace = true, features = ["eip712"], optional = true }
 aws-config = { version = "1", default-features = true, optional = true }
@@ -42,11 +51,14 @@ eyre.workspace = true
 rpassword = "7"
 serde.workspace = true
 thiserror.workspace = true
+tower.workspace = true
+tower-http = { workspace = true, features = ["cors", "set-header"] }
 tracing.workspace = true
 eth-keystore = "0.5.0"
 
 [dev-dependencies]
 tokio = { workspace = true, features = ["macros"] }
+reqwest = { workspace = true, features = ["json"] }
 
 [features]
 aws-kms = ["dep:alloy-signer-aws", "dep:aws-config"]

crates/wallets/Cargo.toml

@@ -13,6 +13,8 @@ use alloy_signer_gcp::GcpSignerError;
 #[cfg(feature = "turnkey")]
 use alloy_signer_turnkey::TurnkeySignerError;
 
+use crate::wallet_browser::error::BrowserWalletError;
+
 #[derive(Debug, thiserror::Error)]
 pub enum PrivateKeyError {
     #[error("Failed to create wallet from private key. Private key is invalid hex: {0}")]
@@ -43,6 +45,8 @@ pub enum WalletSignerError {
     #[cfg(feature = "turnkey")]
     Turnkey(#[from] TurnkeySignerError),
     #[error(transparent)]
+    Browser(#[from] BrowserWalletError),
+    #[error(transparent)]
     Io(#[from] std::io::Error),
     #[error(transparent)]
     InvalidHex(#[from] FromHexError),
@@ -64,4 +68,8 @@ impl WalletSignerError {
     pub fn turnkey_unsupported() -> Self {
         Self::UnsupportedSigner("Turnkey")
     }
+
+    pub fn browser_unsupported() -> Self {
+        Self::UnsupportedSigner("Browser Wallet")
+    }
 }

crates/wallets/src/error.rs

@@ -5,20 +5,24 @@
 #![cfg_attr(not(test), warn(unused_crate_dependencies))]
 #![cfg_attr(docsrs, feature(doc_cfg))]
 
+#[macro_use]
+extern crate foundry_common;
+
 #[macro_use]
 extern crate tracing;
 
 pub mod error;
-pub mod multi_wallet;
-pub mod raw_wallet;
+pub mod opts;
+pub mod signer;
 pub mod utils;
-pub mod wallet;
-pub mod wallet_signer;
+pub mod wallet_browser;
+pub mod wallet_multi;
+pub mod wallet_raw;
 
-pub use multi_wallet::MultiWalletOpts;
-pub use raw_wallet::RawWalletOpts;
-pub use wallet::WalletOpts;
-pub use wallet_signer::{PendingSigner, WalletSigner};
+pub use opts::WalletOpts;
+pub use signer::{PendingSigner, WalletSigner};
+pub use wallet_multi::MultiWalletOpts;
+pub use wallet_raw::RawWalletOpts;
 
 #[cfg(feature = "aws-kms")]
 use aws_config as _;