Skip to content

Smart Account contracts: audit fixes #396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 25 commits into from
Jun 1, 2023
Merged

Smart Account contracts: audit fixes #396

merged 25 commits into from
Jun 1, 2023

Conversation

nkrishang
Copy link
Contributor

No description provided.

@nkrishang nkrishang self-assigned this May 20, 2023
joaquim-verges
joaquim-verges reviewed May 20, 2023
View reviewed changes
contracts/smart-wallet/utils/AccountExtension.sol
// \____/ \__| \__|\__|\__| \_______| \_____\____/ \_______|\_______/

contract AccountExtension is ContractMetadata, PermissionsEnumerable, ERC721Holder, ERC1155Holder {
contract AccountExtension is ContractMetadata, AccountPermissions, ERC721Holder, ERC1155Holder {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how come both AccountCore and AccountExtension both inherit AccountPermissions ? would have expected it only in the core

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both require the functionality of AccountPermissions since both contracts have logic that works with permission checks.

The AccountPermissions contract uses the library storage layout, so even though the two seperate contracts inherit it, the same storage slots are read/written to in a dynamic contract using both AccountCore + AccountExtension.

contracts/smart-wallet/utils/AccountCore.sol
require(data.approvedTargets[role].contains(targets[i]), "Account: target not approved.");
require(restrictions.maxValuePerTransaction >= values[i], "Account: value too high.");
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't we revert if the function called is neither execute/executeBatch here?

contracts/openzeppelin-presets/proxy/Clones.sol
mstore(ptr, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73)
mstore(add(ptr, 0x58), salt)
mstore(add(ptr, 0x78), keccak256(add(ptr, 0x0c), 0x37))
predicted := keccak256(add(ptr, 0x43), 0x55)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to test this accross the board make sure there's no unexpected behavior on the SDK

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comes from the latest OpenZeppelin 4.8.0 repo: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/proxy/Clones.sol

@nkrishang nkrishang merged commit e7fd7f7 into main Jun 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joaquim-verges joaquim-verges joaquim-verges left review comments

@kumaryash90 kumaryash90 Awaiting requested review from kumaryash90

Assignees

@nkrishang nkrishang

Labels

DO NOT MERGE

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nkrishang @joaquim-verges