This repository has been archived by the owner on Nov 29, 2023. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cross chain execution and payments via UserOps #1
Cross chain execution and payments via UserOps #1
Changes from all commits
4689e09
4644179
8babf50
c7bcf39
b917704
66dbb9c
473e08c
bf20e33
aebbd8b
36259fe
c4829f5
fd2842d
a9545dc
437c20f
3cc0fa4
694d432
7be2234
7d74d7c
a1e230c
ded0c82
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious if this is necessary -- should we have had this check before? Should all 4337 wallets have this check?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It also seems to be replicated below?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is needed since we want to enforce that
crossChain
is only triggered through submitting a UserOp. Otherwise anyone could call withcrossChain
, using a transaction from an EoA, and whateverPaymentChainInfo
orExecutionChainInfo
they wanted. Sincechallenge
is allowed to be called at any time, someone could callcrossChain
with a bogus unsigned state and trigger a challenge using that.It depends on the function and the 4337 wallet! In a lot of cases there will be functions restricted to only some
owner
orentrypoint
(IE: A function to send user funds)This allows the owner of the wallet to call the function using either an EoA account or through submitting a
UserOp
.In our case we need to be a bit stricter, we only want to trigger
crossChain
if aUserOp
has been submitted signed by all the participants. We're relying on the signature validation of the UserOp to protect the call tocrossChain
.I think that's in a separate
execute
function, which can be triggered outside ofcrossChain
. So we need to implement the check in both functions.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The ERC 4337 spec specifies that the wallet
SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch
, so I've changed this from arevert
to returnSIG_VALIDATION_FAILED