reown-com · tomiir · Jul 3, 2025 · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025
diff --git a/.changeset/dark-loops-walk.md b/.changeset/dark-loops-walk.md
@@ -0,0 +1,27 @@
+---
+'@reown/appkit-experimental': patch
+'@reown/appkit-adapter-bitcoin': patch
+'@reown/appkit-adapter-ethers': patch
+'@reown/appkit-adapter-ethers5': patch
+'@reown/appkit-adapter-solana': patch
+'@reown/appkit-adapter-wagmi': patch
+'@reown/appkit': patch
+'@reown/appkit-utils': patch
+'@reown/appkit-cdn': patch
+'@reown/appkit-cli': patch
+'@reown/appkit-codemod': patch
+'@reown/appkit-common': patch
+'@reown/appkit-controllers': patch
+'@reown/appkit-core': patch
+'@reown/appkit-pay': patch
+'@reown/appkit-polyfills': patch
+'@reown/appkit-scaffold-ui': patch
+'@reown/appkit-siwe': patch
+'@reown/appkit-siwx': patch
+'@reown/appkit-testing': patch
+'@reown/appkit-ui': patch
+'@reown/appkit-wallet': patch
+'@reown/appkit-wallet-button': patch
+---
+
+Updates Smart Sessions validator with audited OwnableValidator contract by Rhinestone
diff --git a/apps/laboratory/test-results.json b/apps/laboratory/test-results.json
diff --git a/packages/experimental/src/smart-session/controllers/SmartSessionsController.ts b/packages/experimental/src/smart-session/controllers/SmartSessionsController.ts
@@ -126,7 +126,8 @@ export const SmartSessionsController = {
       }
     })
 
-    const rawResponse = await connectionControllerClient?.grantPermissions([request])
+    const versionedRequest = { ...request, version: 2 }
+    const rawResponse = await connectionControllerClient?.grantPermissions([versionedRequest])
 
     // Validate and type guard the response
     const response = assertWalletGrantPermissionsResponse(rawResponse)

diff --git a/packages/experimental/src/smart-session/grantPermissions.ts b/packages/experimental/src/smart-session/grantPermissions.ts
diff --git a/packages/experimental/src/smart-session/utils/CosignerService.ts b/packages/experimental/src/smart-session/utils/CosignerService.ts
@@ -128,11 +128,11 @@ export class CosignerService {
     const response = await sendCoSignerRequest<
       AddPermissionRequest,
       AddPermissionResponse,
-      { projectId: string }
+      { projectId: string; v: string }
     >({
       url,
       request: data,
-      queryParams: { projectId: this.projectId },
+      queryParams: { projectId: this.projectId, v: '2' },
       headers: { 'Content-Type': 'application/json' }
     })
     assertAddPermissionResponse(response)

diff --git a/packages/experimental/src/smart-session/utils/TypeUtils.ts b/packages/experimental/src/smart-session/utils/TypeUtils.ts
@@ -41,6 +41,7 @@ export type SmartSessionGrantPermissionsRequest = {
     type: string
     data: Record<string, unknown>
   }[]
+  version?: number
 }
 
 export type WalletGrantPermissionsResponse = SmartSessionGrantPermissionsRequest & {

diff --git a/packages/experimental/tests/smart-session/CosignerService.test.ts b/packages/experimental/tests/smart-session/CosignerService.test.ts
@@ -187,7 +187,7 @@ describe('CoSigner API Tests', () => {
 
       const expectedUrl = `${ConstantsUtil.COSIGNER_BASE_URL}/${encodeURIComponent(
         mockAddress
-      )}?projectId=${encodeURIComponent(projectId)}`
+      )}?projectId=${encodeURIComponent(projectId)}&v=2`
 
       expect(mockFetch).toHaveBeenCalledWith(
         expectedUrl,