- stake-value and unstake delay are not managed by entryPoint.
- `simulateValidation()` does return them (in its `SimulationResult`, so that the bundler can validate the paymaster stake is valid (and reject the UserOp if not)
- stake values for a signature aggregator are also returned (in SimulationResultWithAggregation`, ) if the wallet uses an aggregator.
- simulateValidation() always reverts - successful result is error `SimulationResult`
- (no need to call from address(0), but always need to catch revert reason)
- returns also aggregator address, and never calls it.
- bundler should either reject UserOP or validate the signature using `aggregator.validateUserOpSignature()` (or an equivalent native library code)
Fix a vulnerability where any withdrawn deposits are not actually reflected in the deposit info storage.
The vulnerability allows any wallet or paymaster to withdraw all funds deposited in an Entrypoint contract.
`validateUserOp()`, `validatePaymaterUserOp()` may return the "deadline" time this operation is valid.
They may not use the block. timestamp opcode, but the EntryPoint does validate the return value.
bundlers may also use this value (returned also from `simulateValidation()`) to drop UserOps that are "just about" to expire.
Currently, when a wallet already exists, it's not clear if `entryPoint.getSenderAddress()` will revert or not, since that depends on the internal logic of the wallet factory. I'm updating the spec to clarify that the wallet factory should try to return the address if the wallet already exists, since that's more friendly to clients who don't want to keep track of deployed wallet addresses.
rename callGas to callGasLimit
rename verificationGas to verificationGasLimit
to reflect the fact these are limits, and the user pays for actual gas used.
Note that "preVerificationGas" is always paid in full.
initCode as deployer+data, instead of constructor code
- supports any deployer contract
- initCode doesn't have to include entire CREATE2 constructor code (it is only a method call to the deployer contract)
* update the EIP to support aggregated signatures
* support creation of aggregated wallet (simulateValidation)
* simulateValidation with param offChainSigCheck
if false, calls aggregator.validateUserOpSignature
if true, returns also offChainSigInfo to be used by off-chain code to
validate the signature
* hash pubkey into requestId
Vitalik Buterin [01/08/2022 10:40]:
Basically, if one account has a pubkey P, someone can make an evil
account with key Q - P, where they know q (the privkey of Q), and then
they pass off a signature with q as being an "aggregate" signature of
the same message signed by both K1 = P and K2 = Q-P (because K1 + K2 =
Q)
The fix to this is to hash the pubkey into the msghash, so you never get
two different keys signing the same message.
And I think this has to be enforced at the BLS aggregate verifier layer
Co-authored-by: Alex Forshtat <forshtat1@gmail.com>
* refactor handleOps
* remove paymasterMode
use "paymaster!=address(0)"
saves 2 accesses to calldata member, and 460 gas per userOp
(moved the requiredPerfund logic into ep.getPaymentInfo)
* read UserOp static fields into MemoryUserOp
Co-authored-by: Alex Forshtat <forshtat1@gmail.com>
* inital code
import Gnosis code as-is.
probably can remove all non-essential contracts (e.g. test, samples)
or better, import as external library.
* removed unused contracts (not used,fail compilation)
* initial Gnosis-Safe Proxy account
* refactor:
- use @gnosis.pm/safe-contracts package
- separate contracts into separate files.
* cleanup, single owner
* cleanup contracts
simpler fallback handler
* added tests
failure cases
counterfactual creation
* change to "Manager"
- manager is not a module, only fallback, entrypoint
- replaceManager now works
* ignore from coverage
(fails to compile for coverage)
* fix dangling test
* Fix lint
* Set expected code lenght to be 324
Co-authored-by: Alex Forshtat <forshtat1@gmail.com>
* [M02] Separate stake and prepayment
seperate "stake" from deposit
- keep separate stake and deposit balances.
- stake is unmodified. paymaster only pays from its deposit.
- paymaster pre-pay for the request, just like the wallet does (and refunded at the end)
* eip fixes
* Added missing interfaces and fixed minor errors.
* Explicitly say that op must pay at least the current `block.basefee` to be added to mempool.
* Adding COINBASE to forbidden opcodes
* Removed SELFDESTRUCT limitation.
* depositTo appeared twice. Removed the unneeded one.
* Elaborate the mutable state includes value, and mention that bundle should be first in the block or protected by access-list.
* Forbid value-bearing calls during validation. Thanks tjade273.
* Require all calls during validation to pass max gas. tjade273 :)
* No OOG reverts in any context during validation.
* Allow GAS+*CALL pattern.
Co-authored-by: Yoav Weiss <yoav+github@hidden.domain.name>
