[SDK] Accept pre-signed authorizations for 7702 account transactions

[joaquim-verges]

---

PR-Codex overview

This PR focuses on accepting pre-signed authorizations for ERC7702 account transactions, enhancing the createSessionKey function, and improving the handling of authorizations in the minimal-account logic.

Detailed summary

• Updated createSessionKey to accept WithOverrides<CreateSessionKeyOptions> instead of CreateSessionKeyOptions.
• Introduced handling for pre-signed authorizations in minimal-account.ts.
• Added error handling for mismatched authorization addresses.
• Refactored authorization signing logic to use existing authorizations if available.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• New Features

  • Accept pre-signed authorizations for ERC-7702 account transactions.
  • Session key creation supports transaction-level overrides for more control.

• Bug Fixes

  • Reuse provided authorizations without unnecessary re-signing.
  • Validate authorization address against expected delegation target and show clear errors on mismatch.
  • Only pass authorizations when present to improve sponsored and non-sponsored flow reliability.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs-v2	Ready	Preview	Comment	Sep 12, 2025 0:36am
nebula	Ready	Preview	Comment	Sep 12, 2025 0:36am
thirdweb_playground	Ready	Preview	Comment	Sep 12, 2025 0:36am
thirdweb-www	Ready	Preview	Comment	Sep 12, 2025 0:36am
wallet-ui	Ready	Preview	Comment	Sep 12, 2025 0:36am

[changeset-bot]

🦋 Changeset detected

Latest commit: 617ffb3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
thirdweb	Patch
@thirdweb-dev/nebula	Patch
@thirdweb-dev/wagmi-adapter	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Adds a changeset marking a patch for "thirdweb". Updates createSessionKey to accept and forward transaction overrides. Modifies the EIP-7702 minimal account flow to prefer provided authorizations, validate delegated address, compute/sign an authorization when missing, and pass authorizationList only when present.

Changes

Cohort / File(s)	Summary
Release metadata \.changeset/cuddly-turkeys-scream.md	Adds a patch changeset for thirdweb noting acceptance of pre-signed authorizations for 7702 account transactions.
ERC-7702 session key overrides packages/thirdweb/src/extensions/erc7702/account/createSessionKey.ts	Signature updated to accept BaseTransactionOptions<WithOverrides<CreateSessionKeyOptions>>; imports WithOverrides; forwards options.overrides into the createSessionWithSig call.
In-app wallet EIP-7702 authorization flow packages/thirdweb/src/wallets/in-app/core/eip7702/minimal-account.ts	Reads authorizationList[0] from the first tx if present; rejects authorizations whose address mismatches the delegated contract; if no valid authorization, checks delegation state, computes/fetches nonce (considers sponsorGas), signs a new authorization when needed, and includes authorizationList only when an authorization exists.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor D as DApp
  participant MA as MinimalAccount (EIP-7702)
  participant TX as First Tx
  participant C as Chain/Node
  participant Sig as Signer

  D->>MA: init execute([...txs], options)
  MA->>TX: read authorizationList[0], nonce, sponsorGas
  alt Authorization provided
    MA->>MA: validate auth.address == delegatedContract
    alt Address mismatch
      MA-->>D: throw Error("Authorization address mismatch")
    else Valid
      MA->>D: proceed using provided authorization
    end
  else No authorization
    MA->>C: check is 7702 delegated?
    alt Already delegated
      MA->>D: proceed without authorization
    else Not delegated
      MA->>C: getNonce (if not in tx)
      MA->>Sig: signAuthorization(nonce, delegatedContract, sponsorGas)
      Sig-->>MA: authorization
      MA->>D: proceed with authorizationList = [authorization]
    end
  end

Loading

sequenceDiagram
  autonumber
  participant App as Caller
  participant SDK as createSessionKey
  participant Core as createSessionWithSig

  App->>SDK: createSessionKey(options{overrides?})
  SDK->>Core: createSessionWithSig(..., overrides=options.overrides)
  Core-->>App: result

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Pre-merge checks (2 passed, 1 warning)

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The current PR description contains the commented repository template and a helpful PR-Codex overview summarizing the changes, but it does not populate the required template sections: there is no filled formatted title/issue tag, no "Notes for the reviewer" content, and no "How to test" steps, leaving reviewer and testing guidance incomplete.	Please populate the description template by adding the formatted PR title and issue tag (if any), filling "Notes for the reviewer" with key details (authorization address validation, API change to createSessionKey, Graphite merge-queue guidance), and adding a "How to test" section with unit/integration test steps and manual reproduction instructions so reviewers can validate the change.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "[SDK] Accept pre-signed authorizations for 7702 account transactions" concisely and accurately summarizes the primary change (accepting pre-signed authorizations for ERC7702 account transactions) and aligns with the modified files and PR objectives, so it is clear, on-topic, and readable for reviewers scanning history.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (2)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.
• ERC-7702: Entity not found: Issue - Could not find referenced Issue.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between fe56bb1 and 617ffb3.

📒 Files selected for processing (3)

• .changeset/cuddly-turkeys-scream.md (1 hunks)
• packages/thirdweb/src/extensions/erc7702/account/createSessionKey.ts (3 hunks)
• packages/thirdweb/src/wallets/in-app/core/eip7702/minimal-account.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• .changeset/cuddly-turkeys-scream.md
• packages/thirdweb/src/wallets/in-app/core/eip7702/minimal-account.ts
• packages/thirdweb/src/extensions/erc7702/account/createSessionKey.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Build Packages
• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Unit Tests
• GitHub Check: Analyze (javascript)

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch Accept_pre-signed_authorizations_for_7702_account_transactions

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[joaquim-verges]

• [SDK] Accept pre-signed authorizations for 7702 account transactions #8038 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	63.96 KB (0%)	1.3 s (0%)	1.7 s (+0.68% 🔺)	3 s
thirdweb (cjs)	356.86 KB (0%)	7.2 s (0%)	14.4 s (+6.83% 🔺)	21.5 s
thirdweb (minimal + tree-shaking)	5.73 KB (0%)	115 ms (0%)	235 ms (+257.53% 🔺)	349 ms
thirdweb/chains (tree-shaking)	526 B (0%)	11 ms (0%)	66 ms (+50.23% 🔺)	77 ms
thirdweb/react (minimal + tree-shaking)	19.15 KB (0%)	383 ms (0%)	134 ms (+70.45% 🔺)	517 ms

[codecov]

Codecov Report

❌ Patch coverage is 60.52632% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 56.63%. Comparing base (dc1f7ab) to head (617ffb3).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...src/wallets/in-app/core/eip7702/minimal-account.ts	58.33%	15 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8038      +/-   ##
==========================================
- Coverage   56.64%   56.63%   -0.02%     
==========================================
  Files         904      904              
  Lines       58694    58707      +13     
  Branches     4163     4166       +3     
==========================================
- Hits        33247    33246       -1     
- Misses      25342    25355      +13     
- Partials      105      106       +1     

Flag	Coverage Δ
packages	56.63% <60.52%> (-0.02%)	⬇️

Files with missing lines	Coverage Δ
...src/extensions/erc7702/account/createSessionKey.ts	73.73% <100.00%> (+0.26%)	⬆️
...src/wallets/in-app/core/eip7702/minimal-account.ts	90.00% <58.33%> (-0.90%)	⬇️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.