Update gas station SDK to reflect audited contract changes, including new contract addresses and EIP-712 field name adjustments. Modify related documentation and examples for consistency.

Author: Bijan-Massoumi

.changeset/chubby-peas-sip.md

@@ -2,4 +2,21 @@
 "@turnkey/gas-station": major
 ---
 
-Update gas station contract addresses and modify intent builder types for post-audit contract
+Updated the `@turnkey/gas-station` SDK to align with the audited smart contract changes. The audit resulted in several interface updates:
+
+**Contract Changes:**
+- **New contract addresses**: Updated both delegate and execution contract addresses to the newly deployed versions
+- **EIP-712 field name changes**: The canonical delegate contract interface uses simplified field names (`to`, `value`, `data`) instead of the previous descriptive names (`outputContract`, `ethAmount`, `arguments`)
+
+**SDK Updates:**
+- Updated `DEFAULT_EXECUTION_CONTRACT` address from `0x4ece92b06C7d2d99d87f052E0Fca47Fb180c3348` to `0x00000000008c57a1CE37836a5e9d36759D070d8c`
+- Updated `DEFAULT_DELEGATE_CONTRACT` address from `0xC2a37Ee08cAc3778d9d05FF0a93FD5B553C77E3a` to `0x000066a00056CD44008768E2aF00696e19A30084`
+- Updated EIP-712 Execution typehash field names to match the contract's canonical interface
+- Updated EIP-712 ApproveThenExecute typehash field names to match the contract's canonical interface
+- Updated Turnkey policy conditions in `buildIntentSigningPolicy` to reference the new field names (`to`, `value` instead of `outputContract`, `ethAmount`)
+- Updated documentation and examples to reflect the new field names
+
+**Files Modified:**
+- `packages/gas-station/src/config.ts` - Updated contract addresses
+- `packages/gas-station/src/intentBuilder.ts` - Updated EIP-712 type definitions and message objects
+- `packages/gas-station/src/policyUtils.ts` - Updated policy condition field references and documentation

packages/gas-station/README.md

@@ -343,8 +343,8 @@ import { buildIntentSigningPolicy } from "@turnkey/gas-station";
 
 // USDC-only policy
 const eoaPolicy = buildIntentSigningPolicy({
-  organizationId: "your-org-id",
-  eoaUserId: "user-id",
+  organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+  eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
   restrictions: {
     allowedContracts: ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"], // USDC on Base
     disallowEthTransfer: true, // Disallow ETH transfers
@@ -354,10 +354,10 @@ const eoaPolicy = buildIntentSigningPolicy({
 
 // Resulting policy restricts signing to USDC transfers only:
 // {
-//   organizationId: "your-org-id",
+//   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
 //   policyName: "USDC Only Policy",
 //   effect: "EFFECT_ALLOW",
-//   consensus: "approvers.any(user, user.id == 'user-id')",
+//   consensus: "approvers.any(user, user.id == '3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a')",
 //   condition: "activity.resource == 'PRIVATE_KEY' && " +
 //              "activity.action == 'SIGN' && " +
 //              "eth.eip_712.primary_type == 'Execution' && " +
@@ -390,8 +390,8 @@ await ensureGasStationInterface(
 
 // Paymaster protection policy with ETH amount limit
 const paymasterPolicy = buildPaymasterExecutionPolicy({
-  organizationId: "paymaster-org-id",
-  paymasterUserId: "paymaster-user-id",
+  organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+  paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
   executionContractAddress: DEFAULT_EXECUTION_CONTRACT,
   restrictions: {
     allowedEOAs: ["0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"],
@@ -405,23 +405,23 @@ const paymasterPolicy = buildPaymasterExecutionPolicy({
 
 // Resulting policy uses ABI parsing for direct argument access:
 // {
-//   organizationId: "paymaster-org-id",
+//   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
 //   policyName: "Paymaster Protection",
 //   effect: "EFFECT_ALLOW",
-//   consensus: "approvers.any(user, user.id == 'paymaster-user-id')",
+//   consensus: "approvers.any(user, user.id == '8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c')",
 //   condition: "activity.resource == 'PRIVATE_KEY' && " +
 //              "activity.action == 'SIGN' && " +
-//              "eth.tx.to == '0xe511ad0a281c10b8408381e2ab8525abe587827b' && " +
+//              "eth.tx.to == '0x00000000008c57a1ce37836a5e9d36759d070d8c' && " +
 //              "(eth.tx.contract_call_args['_to'] == '0x833589fcd6edb6e08f4c7c32d4f71b54bda02913') && " +
-//              "(eth.tx.contract_call_args['_targetEoA'] == '0x742d35cc6634c0532925a3b844bc9e7595f0beb') && " +
-//              "eth.tx.contract_call_args['ethAmount'] <= 100000000000000000 && " +
+//              "(eth.tx.contract_call_args['_target'] == '0x742d35cc6634c0532925a3b844bc9e7595f0beb') && " +
+//              "eth.tx.contract_call_args['_ethAmount'] <= 100000000000000000 && " +
 //              "eth.tx.gasPrice <= 50000000000 && " +
 //              "eth.tx.gas <= 500000",
 //   notes: "Restricts which transactions the paymaster can execute on the gas station"
 // }
 ```
 
-**Note:** The `ensureGasStationInterface()` function uploads the Gas Station ABI to Turnkey's Smart Contract Interface feature. This enables Turnkey's policy engine to parse the ABI-encoded transaction data and directly compare the `ethAmount` parameter as a uint256 value, rather than raw bytes. The function checks if the ABI already exists before uploading to avoid duplicates.
+**Note:** The `ensureGasStationInterface()` function uploads the Gas Station ABI to Turnkey's Smart Contract Interface feature. This enables Turnkey's policy engine to parse the ABI-encoded transaction data and directly compare the `_ethAmount` parameter as a uint256 value, rather than raw bytes. The function checks if the ABI already exists before uploading to avoid duplicates.
 
 #### Defense in Depth
 
@@ -437,8 +437,8 @@ import { parseGwei } from "viem";
 
 // Layer 1: EOA can only sign USDC intents
 const eoaPolicy = buildIntentSigningPolicy({
-  organizationId: "user-org",
-  eoaUserId: "user-id",
+  organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+  eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
   restrictions: {
     allowedContracts: ["0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"],
     disallowEthTransfer: true, // No ETH transfers
@@ -447,8 +447,8 @@ const eoaPolicy = buildIntentSigningPolicy({
 
 // Layer 2: Paymaster can only execute for specific users with gas limits
 const paymasterPolicy = buildPaymasterExecutionPolicy({
-  organizationId: "paymaster-org",
-  paymasterUserId: "paymaster-user-id",
+  organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+  paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
   executionContractAddress: DEFAULT_EXECUTION_CONTRACT,
   restrictions: {
     allowedEOAs: ["0xUserAddress..."],
@@ -528,7 +528,7 @@ Allow paymaster to execute for USDC or DAI only:
 
 ```typescript
 const policy = {
-  organizationId: "paymaster-org-id",
+  organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
   policyName: "Stablecoin Execution Policy",
   effect: "EFFECT_ALLOW",
   consensus: `approvers.any(user, user.id == '${paymasterUserId}')`,
@@ -566,7 +566,7 @@ const eoaConditions = approvedEOAs
   .join(" || ");
 
 const policy = {
-  organizationId: "paymaster-org-id",
+  organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
   policyName: "Approved Users Only",
   effect: "EFFECT_ALLOW",
   consensus: `approvers.any(user, user.id == '${paymasterUserId}')`,

packages/gas-station/src/policyUtils.ts

@@ -22,8 +22,8 @@ import type { Hex } from "viem";
  * @example
  * // Simple: single user approval, token-only transfers
  * const policy = buildIntentSigningPolicy({
- *   organizationId: "org-123",
- *   eoaUserId: "user-456",
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
  *   restrictions: {
  *     allowedContracts: ["0x833...USDC", "0x6B1...DAI"],
  *     disallowEthTransfer: true,
@@ -33,10 +33,10 @@ import type { Hex } from "viem";
  *
  * // Resulting policy:
  * {
- *   organizationId: "org-123",
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
  *   policyName: "Stablecoin Only",
  *   effect: "EFFECT_ALLOW",
- *   consensus: "approvers.any(user, user.id == 'user-456')",
+ *   consensus: "approvers.any(user, user.id == '3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a')",
  *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
  *              "eth.eip_712.primary_type == 'Execution' && " +
  *              "(eth.eip_712.message['to'] == '0x833...usdc' || " +
@@ -48,9 +48,9 @@ import type { Hex } from "viem";
  * @example
  * // Multi-approval: EOA AND backup user must both approve
  * const policy = buildIntentSigningPolicy({
- *   organizationId: "org-123",
- *   eoaUserId: "user-456",
- *   additionalApprovers: ["backup-user-789"],
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
+ *   additionalApprovers: ["9d4e2f5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b"],
  *   restrictions: {
  *     allowedContracts: ["0x833...USDC"],
  *     disallowEthTransfer: true,
@@ -59,11 +59,11 @@ import type { Hex } from "viem";
  *
  * // Resulting policy:
  * {
- *   organizationId: "org-123",
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
  *   policyName: "Gas Station Intent Signing Policy",
  *   effect: "EFFECT_ALLOW",
- *   consensus: "approvers.any(user, user.id == 'user-456') && " +
- *              "approvers.any(user, user.id == 'backup-user-789')",
+ *   consensus: "approvers.any(user, user.id == '3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a') && " +
+ *              "approvers.any(user, user.id == '9d4e2f5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b')",
  *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
  *              "eth.eip_712.primary_type == 'Execution' && " +
  *              "(eth.eip_712.message['to'] == '0x833...usdc') && " +
@@ -74,8 +74,8 @@ import type { Hex } from "viem";
  * @example
  * // Advanced: custom consensus expression
  * const policy = buildIntentSigningPolicy({
- *   organizationId: "org-123",
- *   eoaUserId: "user-456",
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
  *   customConsensus: "approvers.count() >= 2",
  *   restrictions: {
  *     disallowEthTransfer: false,
@@ -108,7 +108,9 @@ export function buildIntentSigningPolicy(config: {
     // Build OR conditions for each allowed contract
     // Convert to lowercase for case-insensitive comparison
     const contractConditions = config.restrictions.allowedContracts
-      .map((c) => `eth.eip_712.message['to'] == '${c.toLowerCase()}'`)
+      .map(
+        (c) => `eth.eip_712.message['to'] == '${c.toLowerCase()}'`,
+      )
       .join(" || ");
     conditions.push(`(${contractConditions})`);
   }
@@ -177,8 +179,8 @@ export function buildIntentSigningPolicy(config: {
  * @example
  * // Simple: single paymaster approval with ETH amount limit
  * const policy = buildPaymasterExecutionPolicy({
- *   organizationId: "org-paymaster",
- *   paymasterUserId: "paymaster-user-123",
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
  *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
  *   restrictions: {
  *     allowedEOAs: ["0xAli...ce", "0xBob...by"],
@@ -192,27 +194,27 @@ export function buildIntentSigningPolicy(config: {
  *
  * // Resulting policy (uses ABI parsing):
  * {
- *   organizationId: "org-paymaster",
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
  *   policyName: "Paymaster Protection",
  *   effect: "EFFECT_ALLOW",
- *   consensus: "approvers.any(user, user.id == 'paymaster-user-123')",
+ *   consensus: "approvers.any(user, user.id == '8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c')",
  *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
  *              "eth.tx.to == '0x00000000008c57a1ce37836a5e9d36759d070d8c' && " +
  *              "(eth.tx.contract_call_args['_to'] == '0x833...usdc' || " +
  *              "eth.tx.contract_call_args['_to'] == '0x6b1...dai') && " +
- *              "(eth.tx.contract_call_args['_targetEoA'] == '0xali...ce' || " +
- *              "eth.tx.contract_call_args['_targetEoA'] == '0xbob...by') && " +
- *              "eth.tx.contract_call_args['ethAmount'] <= 100000000000000000 && " +
+ *              "(eth.tx.contract_call_args['_target'] == '0xali...ce' || " +
+ *              "eth.tx.contract_call_args['_target'] == '0xbob...by') && " +
+ *              "eth.tx.contract_call_args['_ethAmount'] <= 100000000000000000 && " +
  *              "eth.tx.gasPrice <= 50000000000 && eth.tx.gas <= 500000",
  *   notes: "Restricts which execute() transactions the paymaster can submit on-chain"
  * }
  *
  * @example
  * // Multi-user: primary paymaster OR backup can approve
  * const policy = buildPaymasterExecutionPolicy({
- *   organizationId: "org-paymaster",
- *   paymasterUserId: "paymaster-user-123",
- *   additionalApprovers: ["backup-paymaster-456"],
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
+ *   additionalApprovers: ["2e4f6a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0b"],
  *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
  *   restrictions: {
  *     allowedEOAs: ["0xAli...ce"],
@@ -223,24 +225,24 @@ export function buildIntentSigningPolicy(config: {
  *
  * // Resulting policy (uses ABI parsing):
  * {
- *   organizationId: "org-paymaster",
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
  *   policyName: "Gas Station Paymaster Execution Policy",
  *   effect: "EFFECT_ALLOW",
- *   consensus: "approvers.any(user, user.id == 'paymaster-user-123' || " +
- *              "user.id == 'backup-paymaster-456')",
+ *   consensus: "approvers.any(user, user.id == '8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c' || " +
+ *              "user.id == '2e4f6a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0b')",
  *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
  *              "eth.tx.to == '0x00000000008c57a1ce37836a5e9d36759d070d8c' && " +
- *              "(eth.tx.contract_call_args['_targetEoA'] == '0xali...ce') && " +
- *              "eth.tx.contract_call_args['ethAmount'] <= 1000000000000000000 && " +
+ *              "(eth.tx.contract_call_args['_target'] == '0xali...ce') && " +
+ *              "eth.tx.contract_call_args['_ethAmount'] <= 1000000000000000000 && " +
  *              "eth.tx.gasPrice <= 100000000000",
  *   notes: "Restricts which execute() transactions the paymaster can submit on-chain"
  * }
  *
  * @example
  * // Advanced: require multiple approvals
  * const policy = buildPaymasterExecutionPolicy({
- *   organizationId: "org-paymaster",
- *   paymasterUserId: "paymaster-user-123",
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
  *   customConsensus: "approvers.count() >= 2",
  *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
  *   restrictions: { ... },
@@ -270,7 +272,7 @@ export function buildPaymasterExecutionPolicy(config: {
   ];
 
   // Check output contract address using ABI parsing
-  // Turnkey parses execute(address _targetEoA, address _to, uint256 ethAmount, bytes _data)
+  // Turnkey parses execute(address _target, address _to, uint256 _ethAmount, bytes _data)
   // and exposes arguments via eth.tx.contract_call_args
   if (
     config.restrictions?.allowedContracts &&
@@ -440,13 +442,12 @@ export async function uploadGasStationInterface({
  * @returns The smart contract interface ID
  *
  * @example
- * const interfaceId = await ensureGasStationInterface(
- *   turnkeyClient.apiClient(),
- *   "org-123",
- *   "0x576A4D741b96996cc93B4919a04c16545734481f",
- *   undefined,
- *   "Base Sepolia"
- * );
+ * const interfaceId = await ensureGasStationInterface({
+ *   client: turnkeyClient.apiClient(),
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   contractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   chainName: "Base Sepolia"
+ * });
  */
 export async function ensureGasStationInterface({
   client,