NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Release v5.2 audit fixes (#5330)

Browse Source 
Signed-off-by: Hadrien Croubois <hadrien.croubois@gmail.com>
Co-authored-by: Sam Bugs <101145325+0xsambugs@users.noreply.github.com>
Co-authored-by: Ernesto García <ernestognw@gmail.com>
Co-authored-by: Arr00 <13561405+arr00@users.noreply.github.com>
Co-authored-by: wizard <112275929+famouswizard@users.noreply.github.com>
Co-authored-by: leopardracer <136604165+leopardracer@users.noreply.github.com>
Co-authored-by: cairo <cairoeth@protonmail.com>
This commit is contained in:
Hadrien Croubois
2024-12-04 17:37:13 +01:00
committed by GitHub
parent 98d28f9261
commit e5e9ff72f0
26 changed files with 489 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
contracts/interfaces/draft-IERC4337.sol
View File

@ -11,7 +11,7 @@ pragma solidity ^0.8.20;
* - `callData` (`bytes`): The data to pass to the sender during the main execution call
* - `callGasLimit` (`uint256`): The amount of gas to allocate the main execution call
* - `verificationGasLimit` (`uint256`): The amount of gas to allocate for the verification step
* - `preVerificationGas` (`uint256`): Extra gas to pay the bunder
* - `preVerificationGas` (`uint256`): Extra gas to pay the bundler
* - `maxFeePerGas` (`uint256`): Maximum fee per gas (similar to EIP-1559 max_fee_per_gas)
* - `maxPriorityFeePerGas` (`uint256`): Maximum priority fee per gas (similar to EIP-1559 max_priority_fee_per_gas)
* - `paymaster` (`address`): Address of paymaster contract, (or empty, if account pays for itself)
@ -27,7 +27,7 @@ pragma solidity ^0.8.20;
* - `callData` (`bytes`)
* - `accountGasLimits` (`bytes32`): concatenation of verificationGas (16 bytes) and callGas (16 bytes)
* - `preVerificationGas` (`uint256`)
* - `gasFees` (`bytes32`): concatenation of maxPriorityFee (16 bytes) and maxFeePerGas (16 bytes)
* - `gasFees` (`bytes32`): concatenation of maxPriorityFeePerGas (16 bytes) and maxFeePerGas (16 bytes)
* - `paymasterAndData` (`bytes`): concatenation of paymaster fields (or empty)
* - `signature` (`bytes`)
*/
@ -38,17 +38,25 @@ struct PackedUserOperation {
bytes callData;
bytes32 accountGasLimits; // `abi.encodePacked(verificationGasLimit, callGasLimit)` 16 bytes each
uint256 preVerificationGas;
bytes32 gasFees; // `abi.encodePacked(maxPriorityFee, maxFeePerGas)` 16 bytes each
bytes paymasterAndData; // `abi.encodePacked(paymaster, paymasterVerificationGasLimit, paymasterPostOpGasLimit, paymasterData)`
bytes32 gasFees; // `abi.encodePacked(maxPriorityFeePerGas, maxFeePerGas)` 16 bytes each
bytes paymasterAndData; // `abi.encodePacked(paymaster, paymasterVerificationGasLimit, paymasterPostOpGasLimit, paymasterData)` (20 bytes, 16 bytes, 16 bytes, dynamic)
bytes signature;
}
/**
* @dev Aggregates and validates multiple signatures for a batch of user operations.
*
* A contract could implement this interface with custom validation schemes that allow signature aggregation,
* enabling significant optimizations and gas savings for execution and transaction data cost.
*
* Bundlers and clients whitelist supported aggregators.
*
* See https://eips.ethereum.org/EIPS/eip-7766[ERC-7766]
*/
interface IAggregator {
/**
* @dev Validates the signature for a user operation.
* Returns an alternative signature that should be used during bundling.
*/
function validateUserOpSignature(
PackedUserOperation calldata userOp
@ -73,6 +81,12 @@ interface IAggregator {
/**
* @dev Handle nonce management for accounts.
*
* Nonces are used in accounts as a replay protection mechanism and to ensure the order of user operations.
* To avoid limiting the number of operations an account can perform, the interface allows using parallel
* nonces by using a `key` parameter.
*
* See https://eips.ethereum.org/EIPS/eip-4337#semi-abstracted-nonce-support[ERC-4337 semi-abstracted nonce support].
*/
interface IEntryPointNonces {
/**
@ -84,7 +98,11 @@ interface IEntryPointNonces {
}
/**
* @dev Handle stake management for accounts.
* @dev Handle stake management for entities (i.e. accounts, paymasters, factories).
*
* The EntryPoint must implement the following API to let entities like paymasters have a stake,
* and thus have more flexibility in their storage access
* (see https://eips.ethereum.org/EIPS/eip-4337#reputation-scoring-and-throttlingbanning-for-global-entities[reputation, throttling and banning.])
*/
interface IEntryPointStake {
/**
@ -120,6 +138,8 @@ interface IEntryPointStake {
/**
* @dev Entry point for user operations.
*
* User operations are validated and executed by this contract.
*/
interface IEntryPoint is IEntryPointNonces, IEntryPointStake {
/**
@ -143,11 +163,13 @@ interface IEntryPoint is IEntryPointNonces, IEntryPointStake {
/**
* @dev Executes a batch of user operations.
* @param beneficiary Address to which gas is refunded up completing the execution.
*/
function handleOps(PackedUserOperation[] calldata ops, address payable beneficiary) external;
/**
* @dev Executes a batch of aggregated user operations per aggregator.
* @param beneficiary Address to which gas is refunded up completing the execution.
*/
function handleAggregatedOps(
UserOpsPerAggregator[] calldata opsPerAggregator,
@ -156,11 +178,23 @@ interface IEntryPoint is IEntryPointNonces, IEntryPointStake {
}
/**
* @dev Base interface for an account.
* @dev Base interface for an ERC-4337 account.
*/
interface IAccount {
/**
* @dev Validates a user operation.
*
* * MUST validate the caller is a trusted EntryPoint
* * MUST validate that the signature is a valid signature of the userOpHash, and SHOULD
* return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error MUST revert.
* * MUST pay the entryPoint (caller) at least the “missingAccountFunds” (which might
* be zero, in case the current accounts deposit is high enough)
*
* Returns an encoded packed validation data that is composed of the following elements:
*
* - `authorizer` (`address`): 0 for success, 1 for failure, otherwise the address of an authorizer contract
* - `validUntil` (`uint48`): The UserOp is valid only up to this time. Zero for “infinite”.
* - `validAfter` (`uint48`): The UserOp is valid only after this time.
*/
function validateUserOp(
PackedUserOperation calldata userOp,
@ -193,7 +227,8 @@ interface IPaymaster {
}
/**
* @dev Validates whether the paymaster is willing to pay for the user operation.
* @dev Validates whether the paymaster is willing to pay for the user operation. See
* {IAccount-validateUserOp} for additional information on the return value.
*
* NOTE: Bundlers will reject this method if it modifies the state, unless it's whitelisted.
*/
@ -205,6 +240,8 @@ interface IPaymaster {
/**
* @dev Verifies the sender is the entrypoint.
* @param actualGasCost the actual amount paid (by account or paymaster) for this UserOperation
* @param actualUserOpFeePerGas total gas used by this UserOperation (including preVerification, creation, validation and execution)
*/
function postOp(
PostOpMode mode,

29
contracts/interfaces/draft-IERC7579.sol
View File

@ -10,6 +10,7 @@ uint256 constant MODULE_TYPE_EXECUTOR = 2;
uint256 constant MODULE_TYPE_FALLBACK = 3;
uint256 constant MODULE_TYPE_HOOK = 4;
/// @dev Minimal configuration interface for ERC-7579 modules
interface IERC7579Module {
/**
* @dev This function is called by the smart account during installation of the module
@ -36,6 +37,11 @@ interface IERC7579Module {
function isModuleType(uint256 moduleTypeId) external view returns (bool);
}
/**
* @dev ERC-7579 Validation module (type 1).
*
* A module that implements logic to validate user operations and signatures.
*/
interface IERC7579Validator is IERC7579Module {
/**
* @dev Validates a UserOperation
@ -44,6 +50,7 @@ interface IERC7579Validator is IERC7579Module {
*
* MUST validate that the signature is a valid signature of the userOpHash
* SHOULD return ERC-4337's SIG_VALIDATION_FAILED (and not revert) on signature mismatch
* See {IAccount-validateUserOp} for additional information on the return value
*/
function validateUserOp(PackedUserOperation calldata userOp, bytes32 userOpHash) external returns (uint256);
@ -63,6 +70,12 @@ interface IERC7579Validator is IERC7579Module {
) external view returns (bytes4);
}
/**
* @dev ERC-7579 Hooks module (type 4).
*
* A module that implements logic to execute before and after the account executes a user operation,
* either individually or batched.
*/
interface IERC7579Hook is IERC7579Module {
/**
* @dev Called by the smart account before execution
@ -93,6 +106,11 @@ struct Execution {
bytes callData;
}
/**
* @dev ERC-7579 Execution.
*
* Accounts should implement this interface so that the Entrypoint and ERC-7579 modules can execute operations.
*/
interface IERC7579Execution {
/**
* @dev Executes a transaction on behalf of the account.
@ -109,6 +127,7 @@ interface IERC7579Execution {
* This function is intended to be called by Executor Modules
* @param mode The encoded execution mode of the transaction. See ModeLib.sol for details
* @param executionCalldata The encoded execution call data
* @return returnData An array with the returned data of each executed subcall
*
* MUST ensure adequate authorization control: i.e. onlyExecutorModule
* If a mode is requested that is not supported by the Account, it MUST revert
@ -119,6 +138,11 @@ interface IERC7579Execution {
) external returns (bytes[] memory returnData);
}
/**
* @dev ERC-7579 Account Config.
*
* Accounts should implement this interface to expose information that identifies the account, supported modules and capabilities.
*/
interface IERC7579AccountConfig {
/**
* @dev Returns the account id of the smart account
@ -148,6 +172,11 @@ interface IERC7579AccountConfig {
function supportsModule(uint256 moduleTypeId) external view returns (bool);
}
/**
* @dev ERC-7579 Module Config.
*
* Accounts should implement this interface to allow installing and uninstalling modules.
*/
interface IERC7579ModuleConfig {
event ModuleInstalled(uint256 moduleTypeId, address module);
event ModuleUninstalled(uint256 moduleTypeId, address module);