Address: 0x0000000000601fcA38f0cCA649453F6739436d6C
Balance (XRP): 0 XRP
Bytecode: 0x608060405261000c610330565b60008082523560f81c6001908160018083160361028a5750600060608401525b600761003b60ff831660011c90565b168061023d575b5060108181160361020c57506001905b61005b826103a3565b90604084019182526000905b838210610083576100818561007b81610540565b906108e0565b005b803560f81c906001019091816001808516036101ec57506100c5306100a9838751610441565b519073ffffffffffffffffffffffffffffffffffffffff169052565b6002808416146101ce575b600480841614610183575b60088084161461014e575b61013761013160c0856101116010806001989916146080610108888c51610441565b51019015159052565b61012760208083161460a0610108888c51610441565b1660061c60031690565b60ff1690565b60c0610144838751610441565b5101520190610067565b61013761013160c06101666001959060208235920190565b96906060610175878b51610441565b5101529594505050506100e6565b906101c890803560e81c906003016101c16101a86101a18484610484565b83366104c0565b919060406101b7888b51610441565b51019236916104db565b9052610484565b906100db565b90803590602001919060206101e4838751610441565b5101526100d0565b6102079250803560601c9060140192906100a9838751610441565b6100c5565b60209081160361022c5761ffff90803560f01c906002015b911690610052565b60ff90803560f81c90600101610224565b61027d919291908060031b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff6001821b0190843590610100031c16920190565b9190608084015238610042565b8035606090811c90850152601401915061002c565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b60e0810190811067ffffffffffffffff8211176102ea57604052565b61029f565b90601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0910116810190811067ffffffffffffffff8211176102ea57604052565b60405190610120820182811067ffffffffffffffff8211176102ea576040526060610100836000815260006020820152826040820152600083820152600060808201528260a0820152600060c0820152600060e08201520152565b67ffffffffffffffff81116102ea5760051b60200190565b906103ad8261038b565b6103ba60405191826102ef565b8281527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe06103e8829461038b565b019060005b8281106103f957505050565b602090604051610408816102ce565b60008152600083820152606060408201526000606082015260006080820152600060a0820152600060c0820152828285010152016103ed565b80518210156104555760209160051b010190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052603260045260246000fd5b9190820180921161049157565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b9291928382116104d65783116104d65780920390565b600080fd5b92919267ffffffffffffffff82116102ea576040519161052360207fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f84011601846102ef565b8294818452818301116104d6578281602093846000960137010152565b6020810151156106645761063261065e6105f060005b60405160208101917f8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f83527f4aa45ca7ad825ceb1bf35643f0a58c295239df563b1b565c2485f96477c5631860408301527f2a80e1ef1d7842f27f2e6be0972bb708b9a135c38860dbe73c27c3486c34f4de606083015260808201523060a082015260a081526105e760c0826102ef565b51902093610bc6565b60405192839160208301958690916042927f19010000000000000000000000000000000000000000000000000000000000008352600283015260228201520190565b037fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe081018352826102ef565b51902090565b61063261065e6105f046610556565b919082519283825260005b8481106106bd5750507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8460006020809697860101520116010190565b8060208092840101518282860101520161067e565b9080602083519182815201916020808360051b8301019401926000915b8383106106fe57505050505090565b9091929394602080827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0856001950301865288519073ffffffffffffffffffffffffffffffffffffffff8251168152828201518382015260c080610771604085015160e0604086015260e0850190610673565b936060810151606085015260808101511515608085015260a0810151151560a08501520151910152970193019301919392906106ef565b906020808351928381520192019060005b8181106107c65750505090565b825173ffffffffffffffffffffffffffffffffffffffff168452602093840193909201916001016107b9565b805160ff1682526108769160208281015115159082015261010061085061082a604085015161012060408601526101208501906106d2565b606085015160608501526080850151608085015260a085015184820360a0860152610673565b9260c081015160c084015260e081015160e08401520151906101008184039101526107a8565b90565b610891604092959493956060835260608301906107f2565b9460208201520152565b6108769392606092825260208201528160408201520190610673565b6108cd61087694926060835260608301906107f2565b9260208201526040818403910152610673565b90600091604081019283515193815b8581106108ff575b505050505050565b61090a818351610441565b519261091960a0850151151590565b80610b7a575b610b3a575060009260608101518015801580610b31575b610af9576080830151610acc5761098a9161098691610969855173ffffffffffffffffffffffffffffffffffffffff1690565b91602086015191600014610ac657505a905b604086015192610da1565b1590565b6109cc575b506040805186815260208101839052600192917f5a589b1d8062f33451d29cae3dabd9b2e36c62aee644178c600977ca8dda661a91a15b016108ef565b60c001805115610a7d576001815114610a3a57516002146109ed573861098f565b93925050507fc2c704302430fe0dc8d95f272e2f4e54bbbc51a3327fd5d75ab41f9fc8fd129b9250610a2c610a20610db3565b6040519384938461089b565b0390a13880808080806108f7565b5083610a79610a47610db3565b6040519384937f7f6b0bb1000000000000000000000000000000000000000000000000000000008552600485016108b7565b0390fd5b509150600180927f115f347c00e69f252cd6b63c4f81022a9564c6befe8aa719cb74640a4a306f0d610abe610ab0610db3565b604051918291858b8461089b565b0390a16109c6565b9061097b565b7f230d1ccc0000000000000000000000000000000000000000000000000000000086526004849052602486fd5b8387610a795a6040519384937f2139527400000000000000000000000000000000000000000000000000000000855260048501610879565b50815a10610936565b6040805187815260208101849052919450600192917f9ae934bf8a986157c889a24c3b3fa85e74b7e4ee4b1f8fc6e7362cb4c1d19d8b9181908101610abe565b50801561091f565b805160209091019060005b818110610b9a5750505090565b825173ffffffffffffffffffffffffffffffffffffffff16845260209384019390920191600101610b8d565b610100810151604051610be181610632602082018095610b82565b51902090610bf0815160ff1690565b60ff811680610c695750509061065e610c0c6040840151610dfc565b9261063260806060830151920151936040519485936020850197889094939260809260a08301967f11e1e4079a79a66e4ade50033cfe2678cdd5341d2dfe5ef9513edb1a0be147a284526020840152604083015260608201520152565b60018103610cc757505060a001518051602091820120604080517fe19a3b94fc3c7ece3f890d98a99bc422615537a08dea0603fa8425867d87d4669381019384529081019190915260608101929092529061065e8160808101610632565b60028103610d1d57505060c00151604080517f11fdeb7e8373a1aa96bfac8d0ea91526b2c5d15e5cee20e0543e780258f3e8e46020820190815291810192909252606082019290925261065e8160808101610632565b600303610d71575060e00151604080517fe19a3b94fc3c7ece3f890d98a99bc422615537a08dea0603fa8425867d87d4666020820190815291810192909252606082019290925261065e8160808101610632565b7f048183200000000000000000000000000000000000000000000000000000000060005260ff1660045260246000fd5b9160009391849360208451940192f190565b3d90604051916020818401016040528083526000602084013e565b805160209091019060005b818110610de65750505090565b8251845260209384019390920191600101610dd9565b9081517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0610e42610e2c8361038b565b92610e3a60405194856102ef565b80845261038b565b0136602083013760005b8351811015610f1e5780610e6260019286610441565b5173ffffffffffffffffffffffffffffffffffffffff81511690602081015190604081015160208151910120906060810151608082015115159060c060a08401511515930151936040519560208701977f0603985259a953da1f65a522f589c17bd1d0117ec1d3abb7c0788aef251ef437895260408801526060870152608086015260a085015260c084015260e08301526101008201526101008152610f0a610120826102ef565b519020610f178285610441565b5201610e4c565b5090915060405161065e81610632602082018095610dce56fea2646970667358221220bc55870e2e34bccaaf5269ad7ac55ce9928bb9635475003ef7d3978630936c0864736f6c634300081c0033
Payload.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { LibBytes } from "../utils/LibBytes.sol"; using LibBytes for bytes; /// @title Payload /// @author Agustin Aguilar, Michael Standen, William Hua /// @notice Library for encoding and decoding payloads library Payload { /// @notice Error thrown when the kind is invalid error InvalidKind(uint8 kind); /// @dev keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)") bytes32 private constant EIP712_DOMAIN_TYPEHASH = 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f; /// @dev keccak256("Sequence Wallet") bytes32 private constant EIP712_DOMAIN_NAME_SEQUENCE = 0x4aa45ca7ad825ceb1bf35643f0a58c295239df563b1b565c2485f96477c56318; /// @dev keccak256("3") bytes32 private constant EIP712_DOMAIN_VERSION_SEQUENCE = 0x2a80e1ef1d7842f27f2e6be0972bb708b9a135c38860dbe73c27c3486c34f4de; function domainSeparator(bool _noChainId, address _wallet) internal view returns (bytes32 _domainSeparator) { return keccak256( abi.encode( EIP712_DOMAIN_TYPEHASH, EIP712_DOMAIN_NAME_SEQUENCE, EIP712_DOMAIN_VERSION_SEQUENCE, _noChainId ? uint256(0) : uint256(block.chainid), _wallet ) ); } /// @dev keccak256("Call(address to,uint256 value,bytes data,uint256 gasLimit,bool delegateCall,bool onlyFallback,uint256 behaviorOnError)") bytes32 private constant CALL_TYPEHASH = 0x0603985259a953da1f65a522f589c17bd1d0117ec1d3abb7c0788aef251ef437; /// @dev keccak256("Calls(Call[] calls,uint256 space,uint256 nonce,address[] wallets)Call(address to,uint256 value,bytes data,uint256 gasLimit,bool delegateCall,bool onlyFallback,uint256 behaviorOnError)") bytes32 private constant CALLS_TYPEHASH = 0x11e1e4079a79a66e4ade50033cfe2678cdd5341d2dfe5ef9513edb1a0be147a2; /// @dev keccak256("Message(bytes message,address[] wallets)") bytes32 private constant MESSAGE_TYPEHASH = 0xe19a3b94fc3c7ece3f890d98a99bc422615537a08dea0603fa8425867d87d466; /// @dev keccak256("ConfigUpdate(bytes32 imageHash,address[] wallets)") bytes32 private constant CONFIG_UPDATE_TYPEHASH = 0x11fdeb7e8373a1aa96bfac8d0ea91526b2c5d15e5cee20e0543e780258f3e8e4; /// @notice Kind of transaction uint8 public constant KIND_TRANSACTIONS = 0x00; /// @notice Kind of digest uint8 public constant KIND_MESSAGE = 0x01; /// @notice Kind of config update uint8 public constant KIND_CONFIG_UPDATE = 0x02; /// @notice Kind of message uint8 public constant KIND_DIGEST = 0x03; /// @notice Behavior on error: ignore error uint8 public constant BEHAVIOR_IGNORE_ERROR = 0x00; /// @notice Behavior on error: revert on error uint8 public constant BEHAVIOR_REVERT_ON_ERROR = 0x01; /// @notice Behavior on error: abort on error uint8 public constant BEHAVIOR_ABORT_ON_ERROR = 0x02; /// @notice Payload call information /// @param to Address of the target contract /// @param value Value to send with the call /// @param data Data to send with the call /// @param gasLimit Gas limit for the call /// @param delegateCall If the call is a delegate call /// @param onlyFallback If the call should only be executed in an error scenario /// @param behaviorOnError Behavior on error struct Call { address to; uint256 value; bytes data; uint256 gasLimit; bool delegateCall; bool onlyFallback; uint256 behaviorOnError; } /// @notice Decoded payload /// @param kind Kind of payload /// @param noChainId If the chain ID should be omitted /// @param calls Array of calls (transaction kind) /// @param space Nonce space for the calls (transaction kind) /// @param nonce Nonce value for the calls (transaction kind) /// @param message Message to validate (message kind) /// @param imageHash Image hash to update to (config update kind) /// @param digest Digest to validate (digest kind) /// @param parentWallets Parent wallets struct Decoded { uint8 kind; bool noChainId; // Transaction kind Call[] calls; uint256 space; uint256 nonce; // Message kind bytes message; // Config update kind bytes32 imageHash; // Digest kind for 1271 bytes32 digest; // Parent wallets address[] parentWallets; } function fromMessage( bytes memory message ) internal pure returns (Decoded memory _decoded) { _decoded.kind = KIND_MESSAGE; _decoded.message = message; } function fromConfigUpdate( bytes32 imageHash ) internal pure returns (Decoded memory _decoded) { _decoded.kind = KIND_CONFIG_UPDATE; _decoded.imageHash = imageHash; } function fromDigest( bytes32 digest ) internal pure returns (Decoded memory _decoded) { _decoded.kind = KIND_DIGEST; _decoded.digest = digest; } function fromPackedCalls( bytes calldata packed ) internal view returns (Decoded memory _decoded) { _decoded.kind = KIND_TRANSACTIONS; // Read the global flag (uint256 globalFlag, uint256 pointer) = packed.readFirstUint8(); // First bit determines if space is zero or not if (globalFlag & 0x01 == 0x01) { _decoded.space = 0; } else { (_decoded.space, pointer) = packed.readUint160(pointer); } // Next 3 bits determine the size of the nonce uint256 nonceSize = (globalFlag >> 1) & 0x07; if (nonceSize > 0) { // Read the nonce (_decoded.nonce, pointer) = packed.readUintX(pointer, nonceSize); } uint256 numCalls; // Bit 5 determines if the batch contains a single call if (globalFlag & 0x10 == 0x10) { numCalls = 1; } else { // Bit 6 determines if the number of calls uses 1 byte or 2 bytes if (globalFlag & 0x20 == 0x20) { (numCalls, pointer) = packed.readUint16(pointer); } else { (numCalls, pointer) = packed.readUint8(pointer); } } // Read the calls _decoded.calls = new Call[](numCalls); for (uint256 i = 0; i < numCalls; i++) { uint8 flags; (flags, pointer) = packed.readUint8(pointer); // First bit determines if this is a call to self // or a call to another address if (flags & 0x01 == 0x01) { // Call to self _decoded.calls[i].to = address(this); } else { // Call to another address (_decoded.calls[i].to, pointer) = packed.readAddress(pointer); } // Second bit determines if the call has value or not if (flags & 0x02 == 0x02) { (_decoded.calls[i].value, pointer) = packed.readUint256(pointer); } // Third bit determines if the call has data or not if (flags & 0x04 == 0x04) { // 3 bytes determine the size of the calldata uint256 calldataSize; (calldataSize, pointer) = packed.readUint24(pointer); _decoded.calls[i].data = packed[pointer:pointer + calldataSize]; pointer += calldataSize; } // Fourth bit determines if the call has a gas limit or not if (flags & 0x08 == 0x08) { (_decoded.calls[i].gasLimit, pointer) = packed.readUint256(pointer); } // Fifth bit determines if the call is a delegate call or not _decoded.calls[i].delegateCall = (flags & 0x10 == 0x10); // Sixth bit determines if the call is fallback only _decoded.calls[i].onlyFallback = (flags & 0x20 == 0x20); // Last 2 bits are directly mapped to the behavior on error _decoded.calls[i].behaviorOnError = (flags & 0xC0) >> 6; } } function hashCall( Call memory c ) internal pure returns (bytes32) { return keccak256( abi.encode( CALL_TYPEHASH, c.to, c.value, keccak256(c.data), c.gasLimit, c.delegateCall, c.onlyFallback, c.behaviorOnError ) ); } function hashCalls( Call[] memory calls ) internal pure returns (bytes32) { // In EIP712, an array is often hashed as the keccak256 of the concatenated // hashes of each item. So we hash each Call, pack them, and hash again. bytes32[] memory callHashes = new bytes32[](calls.length); for (uint256 i = 0; i < calls.length; i++) { callHashes[i] = hashCall(calls[i]); } return keccak256(abi.encodePacked(callHashes)); } function toEIP712( Decoded memory _decoded ) internal pure returns (bytes32) { bytes32 walletsHash = keccak256(abi.encodePacked(_decoded.parentWallets)); if (_decoded.kind == KIND_TRANSACTIONS) { bytes32 callsHash = hashCalls(_decoded.calls); // The top-level struct for Calls might be something like: // Calls(bytes32 callsHash,uint256 space,uint256 nonce,bytes32 walletsHash) return keccak256(abi.encode(CALLS_TYPEHASH, callsHash, _decoded.space, _decoded.nonce, walletsHash)); } else if (_decoded.kind == KIND_MESSAGE) { // If you define your top-level as: Message(bytes32 messageHash,bytes32 walletsHash) return keccak256(abi.encode(MESSAGE_TYPEHASH, keccak256(_decoded.message), walletsHash)); } else if (_decoded.kind == KIND_CONFIG_UPDATE) { // Top-level: ConfigUpdate(bytes32 imageHash,bytes32 walletsHash) return keccak256(abi.encode(CONFIG_UPDATE_TYPEHASH, _decoded.imageHash, walletsHash)); } else if (_decoded.kind == KIND_DIGEST) { // Top-level: Use MESSAGE_TYPEHASH but assume the digest is already the hashed message return keccak256(abi.encode(MESSAGE_TYPEHASH, _decoded.digest, walletsHash)); } else { // Unknown kind revert InvalidKind(_decoded.kind); } } function hash( Decoded memory _decoded ) internal view returns (bytes32) { bytes32 domain = domainSeparator(_decoded.noChainId, address(this)); bytes32 structHash = toEIP712(_decoded); return keccak256(abi.encodePacked("\x19\x01", domain, structHash)); } function hashFor(Decoded memory _decoded, address _wallet) internal view returns (bytes32) { bytes32 domain = domainSeparator(_decoded.noChainId, _wallet); bytes32 structHash = toEIP712(_decoded); return keccak256(abi.encodePacked("\x19\x01", domain, structHash)); } }
Guest.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { Calls } from "./modules/Calls.sol"; import { Payload } from "./modules/Payload.sol"; import { LibBytes } from "./utils/LibBytes.sol"; import { LibOptim } from "./utils/LibOptim.sol"; /// @title Guest /// @author Agustin Aguilar, William Hua, Michael Standen /// @notice Guest for dispatching calls contract Guest { using LibBytes for bytes; /// @notice Error thrown when a delegate call is not allowed error DelegateCallNotAllowed(uint256 index); /// @notice Fallback function /// @dev Dispatches the guest call fallback() external payable { Payload.Decoded memory decoded = Payload.fromPackedCalls(msg.data); bytes32 opHash = Payload.hash(decoded); _dispatchGuest(decoded, opHash); } function _dispatchGuest(Payload.Decoded memory _decoded, bytes32 _opHash) internal { bool errorFlag = false; uint256 numCalls = _decoded.calls.length; for (uint256 i = 0; i < numCalls; i++) { Payload.Call memory call = _decoded.calls[i]; // Skip onlyFallback calls if no error occurred if (call.onlyFallback && !errorFlag) { emit Calls.CallSkipped(_opHash, i); continue; } // Reset the error flag // onlyFallback calls only apply when the immediately preceding transaction fails errorFlag = false; uint256 gasLimit = call.gasLimit; if (gasLimit != 0 && gasleft() < gasLimit) { revert Calls.NotEnoughGas(_decoded, i, gasleft()); } if (call.delegateCall) { revert DelegateCallNotAllowed(i); } bool success = LibOptim.call(call.to, call.value, gasLimit == 0 ? gasleft() : gasLimit, call.data); if (!success) { if (call.behaviorOnError == Payload.BEHAVIOR_IGNORE_ERROR) { errorFlag = true; emit Calls.CallFailed(_opHash, i, LibOptim.returnData()); continue; } if (call.behaviorOnError == Payload.BEHAVIOR_REVERT_ON_ERROR) { revert Calls.Reverted(_decoded, i, LibOptim.returnData()); } if (call.behaviorOnError == Payload.BEHAVIOR_ABORT_ON_ERROR) { emit Calls.CallAborted(_opHash, i, LibOptim.returnData()); break; } } emit Calls.CallSucceeded(_opHash, i); } } }
Calls.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { LibOptim } from "../utils/LibOptim.sol"; import { Nonce } from "./Nonce.sol"; import { Payload } from "./Payload.sol"; import { ReentrancyGuard } from "./ReentrancyGuard.sol"; import { BaseAuth } from "./auth/BaseAuth.sol"; import { IDelegatedExtension } from "./interfaces/IDelegatedExtension.sol"; /// @title Calls /// @author Agustin Aguilar, Michael Standen, William Hua /// @notice Contract for executing calls abstract contract Calls is ReentrancyGuard, BaseAuth, Nonce { /// @notice Emitted when a call succeeds event CallSucceeded(bytes32 _opHash, uint256 _index); /// @notice Emitted when a call fails event CallFailed(bytes32 _opHash, uint256 _index, bytes _returnData); /// @notice Emitted when a call is aborted event CallAborted(bytes32 _opHash, uint256 _index, bytes _returnData); /// @notice Emitted when a call is skipped event CallSkipped(bytes32 _opHash, uint256 _index); /// @notice Error thrown when a call reverts error Reverted(Payload.Decoded _payload, uint256 _index, bytes _returnData); /// @notice Error thrown when a signature is invalid error InvalidSignature(Payload.Decoded _payload, bytes _signature); /// @notice Error thrown when there is not enough gas error NotEnoughGas(Payload.Decoded _payload, uint256 _index, uint256 _gasLeft); /// @notice Execute a call /// @param _payload The payload /// @param _signature The signature function execute(bytes calldata _payload, bytes calldata _signature) external payable virtual nonReentrant { uint256 startingGas = gasleft(); Payload.Decoded memory decoded = Payload.fromPackedCalls(_payload); _consumeNonce(decoded.space, decoded.nonce); (bool isValid, bytes32 opHash) = signatureValidation(decoded, _signature); if (!isValid) { revert InvalidSignature(decoded, _signature); } _execute(startingGas, opHash, decoded); } /// @notice Execute a call /// @dev Callable only by the contract itself /// @param _payload The payload function selfExecute( bytes calldata _payload ) external payable virtual onlySelf { uint256 startingGas = gasleft(); Payload.Decoded memory decoded = Payload.fromPackedCalls(_payload); bytes32 opHash = Payload.hash(decoded); _execute(startingGas, opHash, decoded); } function _execute(uint256 _startingGas, bytes32 _opHash, Payload.Decoded memory _decoded) private { bool errorFlag = false; uint256 numCalls = _decoded.calls.length; for (uint256 i = 0; i < numCalls; i++) { Payload.Call memory call = _decoded.calls[i]; // Skip onlyFallback calls if no error occurred if (call.onlyFallback && !errorFlag) { emit CallSkipped(_opHash, i); continue; } // Reset the error flag // onlyFallback calls only apply when the immediately preceding transaction fails errorFlag = false; uint256 gasLimit = call.gasLimit; if (gasLimit != 0 && gasleft() < gasLimit) { revert NotEnoughGas(_decoded, i, gasleft()); } bool success; if (call.delegateCall) { (success) = LibOptim.delegatecall( call.to, gasLimit == 0 ? gasleft() : gasLimit, abi.encodeWithSelector( IDelegatedExtension.handleSequenceDelegateCall.selector, _opHash, _startingGas, i, numCalls, _decoded.space, call.data ) ); } else { (success) = LibOptim.call(call.to, call.value, gasLimit == 0 ? gasleft() : gasLimit, call.data); } if (!success) { if (call.behaviorOnError == Payload.BEHAVIOR_IGNORE_ERROR) { errorFlag = true; emit CallFailed(_opHash, i, LibOptim.returnData()); continue; } if (call.behaviorOnError == Payload.BEHAVIOR_REVERT_ON_ERROR) { revert Reverted(_decoded, i, LibOptim.returnData()); } if (call.behaviorOnError == Payload.BEHAVIOR_ABORT_ON_ERROR) { emit CallAborted(_opHash, i, LibOptim.returnData()); break; } } emit CallSucceeded(_opHash, i); } } }
Nonce.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { Storage } from "./Storage.sol"; /// @title Nonce /// @author Agustin Aguilar /// @notice Manages the nonce of the wallet contract Nonce { /// @notice Emitted when the nonce is changed event NonceChange(uint256 _space, uint256 _newNonce); /// @notice Error thrown when the nonce is bad error BadNonce(uint256 _space, uint256 _provided, uint256 _current); /// @dev keccak256("org.arcadeum.module.calls.nonce") bytes32 private constant NONCE_KEY = bytes32(0x8d0bf1fd623d628c741362c1289948e57b3e2905218c676d3e69abee36d6ae2e); /// @notice Read the nonce /// @param _space The space /// @return nonce The nonce function readNonce( uint256 _space ) public view virtual returns (uint256) { return uint256(Storage.readBytes32Map(NONCE_KEY, bytes32(_space))); } function _writeNonce(uint256 _space, uint256 _nonce) internal { Storage.writeBytes32Map(NONCE_KEY, bytes32(_space), bytes32(_nonce)); } function _consumeNonce(uint256 _space, uint256 _nonce) internal { uint256 currentNonce = readNonce(_space); if (currentNonce != _nonce) { revert BadNonce(_space, _nonce, currentNonce); } unchecked { uint256 newNonce = _nonce + 1; _writeNonce(_space, newNonce); emit NonceChange(_space, newNonce); return; } } }
ReentrancyGuard.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Storage } from "./Storage.sol"; abstract contract ReentrancyGuard { bytes32 private constant _INITIAL_VALUE = bytes32(0); bytes32 private constant _NOT_ENTERED = bytes32(uint256(1)); bytes32 private constant _ENTERED = bytes32(uint256(2)); /// @dev keccak256("org.sequence.module.reentrancyguard.status") bytes32 private constant STATUS_KEY = bytes32(0xfc6e07e3992c7c3694a921dc9e412b6cfe475380556756a19805a9e3ddfe2fde); /// @notice Error thrown when a reentrant call is detected error ReentrantCall(); /// @notice Prevents a contract from calling itself, directly or indirectly modifier nonReentrant() { // On the first call to nonReentrant // _status will be _NOT_ENTERED or _INITIAL_VALUE if (Storage.readBytes32(STATUS_KEY) == _ENTERED) { revert ReentrantCall(); } // Any calls to nonReentrant after this point will fail Storage.writeBytes32(STATUS_KEY, _ENTERED); _; // By storing the original value once again, a refund is triggered (see // https://eips.ethereum.org/EIPS/eip-2200) // Notice that because constructors are not available // we always start with _INITIAL_VALUE, not _NOT_ENTERED Storage.writeBytes32(STATUS_KEY, _NOT_ENTERED); } }
Storage.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; /// @title Storage /// @author Agustin Aguilar /// @notice Library for storing data at certain storage slots library Storage { function writeBytes32(bytes32 _key, bytes32 _val) internal { assembly { sstore(_key, _val) } } function readBytes32( bytes32 _key ) internal view returns (bytes32 val) { assembly { val := sload(_key) } } function writeBytes32Map(bytes32 _key, bytes32 _subKey, bytes32 _val) internal { bytes32 key = keccak256(abi.encode(_key, _subKey)); assembly { sstore(key, _val) } } function readBytes32Map(bytes32 _key, bytes32 _subKey) internal view returns (bytes32 val) { bytes32 key = keccak256(abi.encode(_key, _subKey)); assembly { val := sload(key) } } }
BaseAuth.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { Payload } from "../Payload.sol"; import { Storage } from "../Storage.sol"; import { IAuth } from "../interfaces/IAuth.sol"; import { IERC1271, IERC1271_MAGIC_VALUE_HASH } from "../interfaces/IERC1271.sol"; import { IPartialAuth } from "../interfaces/IPartialAuth.sol"; import { ISapient } from "../interfaces/ISapient.sol"; import { BaseSig } from "./BaseSig.sol"; import { SelfAuth } from "./SelfAuth.sol"; using Payload for Payload.Decoded; /// @title BaseAuth /// @author Agustin Aguilar, Michael Standen /// @notice Base contract for the auth module abstract contract BaseAuth is IAuth, IPartialAuth, ISapient, IERC1271, SelfAuth { /// @dev keccak256("org.sequence.module.auth.static") bytes32 private constant STATIC_SIGNATURE_KEY = bytes32(0xc852adf5e97c2fc3b38f405671e91b7af1697ef0287577f227ef10494c2a8e86); /// @notice Error thrown when the sapient signature is invalid error InvalidSapientSignature(Payload.Decoded _payload, bytes _signature); /// @notice Error thrown when the signature weight is invalid error InvalidSignatureWeight(uint256 _threshold, uint256 _weight); /// @notice Error thrown when the static signature has expired error InvalidStaticSignatureExpired(bytes32 _opHash, uint256 _expires); /// @notice Error thrown when the static signature has the wrong caller error InvalidStaticSignatureWrongCaller(bytes32 _opHash, address _caller, address _expectedCaller); /// @notice Event emitted when a static signature is set event StaticSignatureSet(bytes32 _hash, address _address, uint96 _timestamp); function _getStaticSignature( bytes32 _hash ) internal view returns (address, uint256) { uint256 word = uint256(Storage.readBytes32Map(STATIC_SIGNATURE_KEY, _hash)); return (address(uint160(word >> 96)), uint256(uint96(word))); } function _setStaticSignature(bytes32 _hash, address _address, uint256 _timestamp) internal { Storage.writeBytes32Map( STATIC_SIGNATURE_KEY, _hash, bytes32(uint256(uint160(_address)) << 96 | (_timestamp & 0xffffffffffffffffffffffff)) ); } /// @notice Get the static signature for a specific hash /// @param _hash The hash to get the static signature for /// @return address The address associated with the static signature /// @return timestamp The timestamp of the static signature function getStaticSignature( bytes32 _hash ) external view returns (address, uint256) { return _getStaticSignature(_hash); } /// @notice Set the static signature for a specific hash /// @param _hash The hash to set the static signature for /// @param _address The address to associate with the static signature /// @param _timestamp The timestamp of the static signature /// @dev Only callable by the wallet itself function setStaticSignature(bytes32 _hash, address _address, uint96 _timestamp) external onlySelf { _setStaticSignature(_hash, _address, _timestamp); emit StaticSignatureSet(_hash, _address, _timestamp); } /// @notice Update the image hash /// @param _imageHash The new image hash /// @dev Only callable by the wallet itself function updateImageHash( bytes32 _imageHash ) external virtual onlySelf { _updateImageHash(_imageHash); } function signatureValidation( Payload.Decoded memory _payload, bytes calldata _signature ) internal view virtual returns (bool isValid, bytes32 opHash) { // Read first bit to determine if static signature is used bytes1 signatureFlag = _signature[0]; if (signatureFlag & 0x80 == 0x80) { opHash = _payload.hash(); (address addr, uint256 timestamp) = _getStaticSignature(opHash); if (timestamp <= block.timestamp) { revert InvalidStaticSignatureExpired(opHash, timestamp); } if (addr != address(0) && addr != msg.sender) { revert InvalidStaticSignatureWrongCaller(opHash, msg.sender, addr); } return (true, opHash); } // Static signature is not used, recover and validate imageHash uint256 threshold; uint256 weight; bytes32 imageHash; (threshold, weight, imageHash,, opHash) = BaseSig.recover(_payload, _signature, false, address(0)); // Validate the weight if (weight < threshold) { revert InvalidSignatureWeight(threshold, weight); } isValid = _isValidImage(imageHash); } /// @inheritdoc ISapient function recoverSapientSignature( Payload.Decoded memory _payload, bytes calldata _signature ) external view returns (bytes32) { // Copy parent wallets + add caller at the end address[] memory parentWallets = new address[](_payload.parentWallets.length + 1); for (uint256 i = 0; i < _payload.parentWallets.length; i++) { parentWallets[i] = _payload.parentWallets[i]; } parentWallets[_payload.parentWallets.length] = msg.sender; _payload.parentWallets = parentWallets; (bool isValid,) = signatureValidation(_payload, _signature); if (!isValid) { revert InvalidSapientSignature(_payload, _signature); } return bytes32(uint256(1)); } /// @inheritdoc IERC1271 function isValidSignature(bytes32 _hash, bytes calldata _signature) external view returns (bytes4) { Payload.Decoded memory payload = Payload.fromDigest(_hash); (bool isValid,) = signatureValidation(payload, _signature); if (!isValid) { return bytes4(0); } return IERC1271_MAGIC_VALUE_HASH; } /// @inheritdoc IPartialAuth function recoverPartialSignature( Payload.Decoded memory _payload, bytes calldata _signature ) external view returns ( uint256 threshold, uint256 weight, bool isValidImage, bytes32 imageHash, uint256 checkpoint, bytes32 opHash ) { (threshold, weight, imageHash, checkpoint, opHash) = BaseSig.recover(_payload, _signature, false, address(0)); isValidImage = _isValidImage(imageHash); } }
BaseSig.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { LibBytes } from "../../utils/LibBytes.sol"; import { LibOptim } from "../../utils/LibOptim.sol"; import { Payload } from "../Payload.sol"; import { ICheckpointer, Snapshot } from "../interfaces/ICheckpointer.sol"; import { IERC1271, IERC1271_MAGIC_VALUE_HASH } from "../interfaces/IERC1271.sol"; import { ISapient, ISapientCompact } from "../interfaces/ISapient.sol"; using LibBytes for bytes; using Payload for Payload.Decoded; /// @title BaseSig /// @author Agustin Aguilar, Michael Standen, William Hua, Shun Kakinoki /// @notice Library for recovering signatures from the base-auth payload library BaseSig { uint256 internal constant FLAG_SIGNATURE_HASH = 0; uint256 internal constant FLAG_ADDRESS = 1; uint256 internal constant FLAG_SIGNATURE_ERC1271 = 2; uint256 internal constant FLAG_NODE = 3; uint256 internal constant FLAG_BRANCH = 4; uint256 internal constant FLAG_SUBDIGEST = 5; uint256 internal constant FLAG_NESTED = 6; uint256 internal constant FLAG_SIGNATURE_ETH_SIGN = 7; uint256 internal constant FLAG_SIGNATURE_ANY_ADDRESS_SUBDIGEST = 8; uint256 internal constant FLAG_SIGNATURE_SAPIENT = 9; uint256 internal constant FLAG_SIGNATURE_SAPIENT_COMPACT = 10; /// @notice Error thrown when the weight is too low for a chained signature error LowWeightChainedSignature(bytes _signature, uint256 _threshold, uint256 _weight); /// @notice Error thrown when the ERC1271 signature is invalid error InvalidERC1271Signature(bytes32 _opHash, address _signer, bytes _signature); /// @notice Error thrown when the checkpoint order is wrong error WrongChainedCheckpointOrder(uint256 _nextCheckpoint, uint256 _checkpoint); /// @notice Error thrown when the snapshot is unused error UnusedSnapshot(Snapshot _snapshot); /// @notice Error thrown when the signature flag is invalid error InvalidSignatureFlag(uint256 _flag); function _leafForAddressAndWeight(address _addr, uint256 _weight) internal pure returns (bytes32) { return keccak256(abi.encodePacked("Sequence signer:\n", _addr, _weight)); } function _leafForNested(bytes32 _node, uint256 _threshold, uint256 _weight) internal pure returns (bytes32) { return keccak256(abi.encodePacked("Sequence nested config:\n", _node, _threshold, _weight)); } function _leafForSapient(address _addr, uint256 _weight, bytes32 _imageHash) internal pure returns (bytes32) { return keccak256(abi.encodePacked("Sequence sapient config:\n", _addr, _weight, _imageHash)); } function _leafForHardcodedSubdigest( bytes32 _subdigest ) internal pure returns (bytes32) { return keccak256(abi.encodePacked("Sequence static digest:\n", _subdigest)); } function _leafForAnyAddressSubdigest( bytes32 _anyAddressSubdigest ) internal pure returns (bytes32) { return keccak256(abi.encodePacked("Sequence any address subdigest:\n", _anyAddressSubdigest)); } function recover( Payload.Decoded memory _payload, bytes calldata _signature, bool _ignoreCheckpointer, address _checkpointer ) internal view returns (uint256 threshold, uint256 weight, bytes32 imageHash, uint256 checkpoint, bytes32 opHash) { // First byte is the signature flag (uint256 signatureFlag, uint256 rindex) = _signature.readFirstUint8(); // The possible flags are: // - 0000 00XX (bits [1..0]): signature type (00 = normal, 01/11 = chained, 10 = no chain id) // - 000X XX00 (bits [4..2]): checkpoint size (00 = 0 bytes, 001 = 1 byte, 010 = 2 bytes...) // - 00X0 0000 (bit [5]): threshold size (0 = 1 byte, 1 = 2 bytes) // - 0X00 0000 (bit [6]): set if imageHash checkpointer is used // - X000 0000 (bit [7]): reserved by base-auth Snapshot memory snapshot; // Recover the imageHash checkpointer if any // but checkpointer passed as argument takes precedence // since it can be defined by the chained signatures if (signatureFlag & 0x40 == 0x40 && _checkpointer == address(0)) { // Override the checkpointer // not ideal, but we don't have much room in the stack (_checkpointer, rindex) = _signature.readAddress(rindex); if (!_ignoreCheckpointer) { // Next 3 bytes determine the checkpointer data size uint256 checkpointerDataSize; (checkpointerDataSize, rindex) = _signature.readUint24(rindex); // Read the checkpointer data bytes memory checkpointerData = _signature[rindex:rindex + checkpointerDataSize]; // Call the middleware snapshot = ICheckpointer(_checkpointer).snapshotFor(address(this), checkpointerData); rindex += checkpointerDataSize; } } // If signature type is 01 or 11 we do a chained signature if (signatureFlag & 0x01 == 0x01) { return recoverChained(_payload, _checkpointer, snapshot, _signature[rindex:]); } // If the signature type is 10 we do a no chain id signature _payload.noChainId = signatureFlag & 0x02 == 0x02; { // Recover the checkpoint using the size defined by the flag uint256 checkpointSize = (signatureFlag & 0x1c) >> 2; (checkpoint, rindex) = _signature.readUintX(rindex, checkpointSize); } // Recover the threshold, using the flag for the size { uint256 thresholdSize = ((signatureFlag & 0x20) >> 5) + 1; (threshold, rindex) = _signature.readUintX(rindex, thresholdSize); } // Recover the tree opHash = _payload.hash(); (weight, imageHash) = recoverBranch(_payload, opHash, _signature[rindex:]); imageHash = LibOptim.fkeccak256(imageHash, bytes32(threshold)); imageHash = LibOptim.fkeccak256(imageHash, bytes32(checkpoint)); imageHash = LibOptim.fkeccak256(imageHash, bytes32(uint256(uint160(_checkpointer)))); // If the snapshot is used, either the imageHash must match // or the checkpoint must be greater than the snapshot checkpoint if (snapshot.imageHash != bytes32(0) && snapshot.imageHash != imageHash && checkpoint <= snapshot.checkpoint) { revert UnusedSnapshot(snapshot); } } function recoverChained( Payload.Decoded memory _payload, address _checkpointer, Snapshot memory _snapshot, bytes calldata _signature ) internal view returns (uint256 threshold, uint256 weight, bytes32 imageHash, uint256 checkpoint, bytes32 opHash) { Payload.Decoded memory linkedPayload; linkedPayload.kind = Payload.KIND_CONFIG_UPDATE; uint256 rindex; uint256 prevCheckpoint = type(uint256).max; while (rindex < _signature.length) { uint256 nrindex; { uint256 sigSize; (sigSize, rindex) = _signature.readUint24(rindex); nrindex = sigSize + rindex; } address checkpointer = nrindex == _signature.length ? _checkpointer : address(0); if (prevCheckpoint == type(uint256).max) { (threshold, weight, imageHash, checkpoint, opHash) = recover(_payload, _signature[rindex:nrindex], true, checkpointer); } else { (threshold, weight, imageHash, checkpoint,) = recover(linkedPayload, _signature[rindex:nrindex], true, checkpointer); } if (weight < threshold) { revert LowWeightChainedSignature(_signature[rindex:nrindex], threshold, weight); } rindex = nrindex; if (_snapshot.imageHash == imageHash) { _snapshot.imageHash = bytes32(0); } if (checkpoint >= prevCheckpoint) { revert WrongChainedCheckpointOrder(checkpoint, prevCheckpoint); } linkedPayload.imageHash = imageHash; prevCheckpoint = checkpoint; } if (_snapshot.imageHash != bytes32(0) && checkpoint <= _snapshot.checkpoint) { revert UnusedSnapshot(_snapshot); } } function recoverBranch( Payload.Decoded memory _payload, bytes32 _opHash, bytes calldata _signature ) internal view returns (uint256 weight, bytes32 root) { unchecked { uint256 rindex; // Iterate until the image is completed while (rindex < _signature.length) { // The first byte is half flag (the top nibble) // and the second set of 4 bits can freely be used by the part // Read next item type uint256 firstByte; (firstByte, rindex) = _signature.readUint8(rindex); // The top 4 bits are the flag uint256 flag = (firstByte & 0xf0) >> 4; // Signature hash (0x00) if (flag == FLAG_SIGNATURE_HASH) { // Free bits layout: // - bits [3..0]: Weight (0000 = dynamic, 0001 = 1, ..., 1111 = 15) // We read 64 bytes for an ERC-2098 compact signature (r, yParityAndS). // The top bit of yParityAndS is yParity, the remaining 255 bits are s. uint8 addrWeight = uint8(firstByte & 0x0f); if (addrWeight == 0) { (addrWeight, rindex) = _signature.readUint8(rindex); } bytes32 r; bytes32 s; uint8 v; (r, s, v, rindex) = _signature.readRSVCompact(rindex); address addr = ecrecover(_opHash, v, r, s); weight += addrWeight; bytes32 node = _leafForAddressAndWeight(addr, addrWeight); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Address (0x01) (without signature) if (flag == FLAG_ADDRESS) { // Free bits layout: // - bits [3..0]: Weight (0000 = dynamic, 0001 = 1, 0010 = 2, ...) // Read weight uint8 addrWeight = uint8(firstByte & 0x0f); if (addrWeight == 0) { (addrWeight, rindex) = _signature.readUint8(rindex); } // Read address address addr; (addr, rindex) = _signature.readAddress(rindex); // Compute the merkle root WITHOUT adding the weight bytes32 node = _leafForAddressAndWeight(addr, addrWeight); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Signature ERC1271 (0x02) if (flag == FLAG_SIGNATURE_ERC1271) { // Free bits layout: // - XX00 : Signature size size (00 = 0 byte, 01 = 1 byte, 10 = 2 bytes, 11 = 3 bytes) // - 00XX : Weight (00 = dynamic, 01 = 1, 10 = 2, 11 = 3) // Read weight uint8 addrWeight = uint8(firstByte & 0x03); if (addrWeight == 0) { (addrWeight, rindex) = _signature.readUint8(rindex); } // Read signer address addr; (addr, rindex) = _signature.readAddress(rindex); // Read signature size uint256 sizeSize = uint8(firstByte & 0x0c) >> 2; uint256 size; (size, rindex) = _signature.readUintX(rindex, sizeSize); // Read dynamic size signature uint256 nrindex = rindex + size; // Call the ERC1271 contract to check if the signature is valid if (IERC1271(addr).isValidSignature(_opHash, _signature[rindex:nrindex]) != IERC1271_MAGIC_VALUE_HASH) { revert InvalidERC1271Signature(_opHash, addr, _signature[rindex:nrindex]); } rindex = nrindex; // Add the weight and compute the merkle root weight += addrWeight; bytes32 node = _leafForAddressAndWeight(addr, addrWeight); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Node (0x03) if (flag == FLAG_NODE) { // Free bits left unused // Read node hash bytes32 node; (node, rindex) = _signature.readBytes32(rindex); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Branch (0x04) if (flag == FLAG_BRANCH) { // Free bits layout: // - XXXX : Size size (0000 = 0 byte, 0001 = 1 byte, 0010 = 2 bytes, ...) // Read size uint256 sizeSize = uint8(firstByte & 0x0f); uint256 size; (size, rindex) = _signature.readUintX(rindex, sizeSize); // Enter a branch of the signature merkle tree uint256 nrindex = rindex + size; (uint256 nweight, bytes32 node) = recoverBranch(_payload, _opHash, _signature[rindex:nrindex]); rindex = nrindex; weight += nweight; root = LibOptim.fkeccak256(root, node); continue; } // Nested (0x06) if (flag == FLAG_NESTED) { // Unused free bits: // - XX00 : Weight (00 = dynamic, 01 = 1, 10 = 2, 11 = 3) // - 00XX : Threshold (00 = dynamic, 01 = 1, 10 = 2, 11 = 3) // Enter a branch of the signature merkle tree // but with an internal threshold and an external fixed weight uint256 externalWeight = uint8(firstByte & 0x0c) >> 2; if (externalWeight == 0) { (externalWeight, rindex) = _signature.readUint8(rindex); } uint256 internalThreshold = uint8(firstByte & 0x03); if (internalThreshold == 0) { (internalThreshold, rindex) = _signature.readUint16(rindex); } uint256 size; (size, rindex) = _signature.readUint24(rindex); uint256 nrindex = rindex + size; (uint256 internalWeight, bytes32 internalRoot) = recoverBranch(_payload, _opHash, _signature[rindex:nrindex]); rindex = nrindex; if (internalWeight >= internalThreshold) { weight += externalWeight; } bytes32 node = _leafForNested(internalRoot, internalThreshold, externalWeight); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Subdigest (0x05) if (flag == FLAG_SUBDIGEST) { // Free bits left unused // A hardcoded always accepted digest // it pushes the weight to the maximum bytes32 hardcoded; (hardcoded, rindex) = _signature.readBytes32(rindex); if (hardcoded == _opHash) { weight = type(uint256).max; } bytes32 node = _leafForHardcodedSubdigest(hardcoded); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Signature ETH Sign (0x07) if (flag == FLAG_SIGNATURE_ETH_SIGN) { // Free bits layout: // - bits [3..0]: Weight (0000 = dynamic, 0001 = 1, ..., 1111 = 15) // We read 64 bytes for an ERC-2098 compact signature (r, yParityAndS). // The top bit of yParityAndS is yParity, the remaining 255 bits are s. uint8 addrWeight = uint8(firstByte & 0x0f); if (addrWeight == 0) { (addrWeight, rindex) = _signature.readUint8(rindex); } bytes32 r; bytes32 s; uint8 v; (r, s, v, rindex) = _signature.readRSVCompact(rindex); address addr = ecrecover(keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", _opHash)), v, r, s); weight += addrWeight; bytes32 node = _leafForAddressAndWeight(addr, addrWeight); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Signature Any address subdigest (0x08) // similar to subdigest, but allows for counter-factual payloads if (flag == FLAG_SIGNATURE_ANY_ADDRESS_SUBDIGEST) { // Free bits left unused // A hardcoded always accepted digest // it pushes the weight to the maximum bytes32 hardcoded; (hardcoded, rindex) = _signature.readBytes32(rindex); bytes32 anyAddressOpHash = _payload.hashFor(address(0)); if (hardcoded == anyAddressOpHash) { weight = type(uint256).max; } bytes32 node = _leafForAnyAddressSubdigest(hardcoded); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Signature Sapient (0x09) if (flag == FLAG_SIGNATURE_SAPIENT) { // Free bits layout: // - XX00 : Signature size size (00 = 0 byte, 01 = 1 byte, 10 = 2 bytes, 11 = 3 bytes) // - 00XX : Weight (00 = dynamic, 01 = 1, 10 = 2, 11 = 3) // Read signer and weight uint8 addrWeight = uint8(firstByte & 0x03); if (addrWeight == 0) { (addrWeight, rindex) = _signature.readUint8(rindex); } address addr; (addr, rindex) = _signature.readAddress(rindex); // Read signature size uint256 size; { uint256 sizeSize = uint8(firstByte & 0x0c) >> 2; (size, rindex) = _signature.readUintX(rindex, sizeSize); } // Read dynamic size signature uint256 nrindex = rindex + size; // Call the ERC1271 contract to check if the signature is valid bytes32 sapientImageHash = ISapient(addr).recoverSapientSignature(_payload, _signature[rindex:nrindex]); rindex = nrindex; // Add the weight and compute the merkle root weight += addrWeight; bytes32 node = _leafForSapient(addr, addrWeight, sapientImageHash); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } // Signature Sapient Compact (0x0A) if (flag == FLAG_SIGNATURE_SAPIENT_COMPACT) { // Free bits layout: // - XX00 : Signature size size (00 = 0 byte, 01 = 1 byte, 10 = 2 bytes, 11 = 3 bytes) // - 00XX : Weight (00 = dynamic, 01 = 1, 10 = 2, 11 = 3) // Read signer and weight uint8 addrWeight = uint8(firstByte & 0x03); if (addrWeight == 0) { (addrWeight, rindex) = _signature.readUint8(rindex); } address addr; (addr, rindex) = _signature.readAddress(rindex); // Read signature size uint256 sizeSize = uint8(firstByte & 0x0c) >> 2; uint256 size; (size, rindex) = _signature.readUintX(rindex, sizeSize); // Read dynamic size signature uint256 nrindex = rindex + size; // Call the Sapient contract to check if the signature is valid bytes32 sapientImageHash = ISapientCompact(addr).recoverSapientSignatureCompact(_opHash, _signature[rindex:nrindex]); rindex = nrindex; // Add the weight and compute the merkle root weight += addrWeight; bytes32 node = _leafForSapient(addr, addrWeight, sapientImageHash); root = root != bytes32(0) ? LibOptim.fkeccak256(root, node) : node; continue; } revert InvalidSignatureFlag(flag); } } } }
SelfAuth.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; /// @title SelfAuth /// @author Agustin Aguilar, Michael Standen /// @notice Modifier for checking if the caller is the same as the contract abstract contract SelfAuth { /// @notice Error thrown when the caller is not the same as the contract error OnlySelf(address _sender); modifier onlySelf() { if (msg.sender != address(this)) { revert OnlySelf(msg.sender); } _; } }
IAuth.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; /// @title IAuth /// @author Agustin Aguilar, Michael Standen, William Hua /// @notice Internal interface for the auth modules abstract contract IAuth { function _isValidImage( bytes32 imageHash ) internal view virtual returns (bool isValid); function _updateImageHash( bytes32 imageHash ) internal virtual; }
ICheckpointer.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { Payload } from "../Payload.sol"; /// @notice Snapshot for a specific wallet /// @param imageHash Image hash of the wallet /// @param checkpoint Checkpoint identifier struct Snapshot { bytes32 imageHash; uint256 checkpoint; } /// @title ICheckpointer /// @author Agustin Aguilar /// @notice Interface for the checkpointer module interface ICheckpointer { /// @notice Get the snapshot for a specific wallet /// @param _wallet The wallet address /// @param _proof The proof /// @return snapshot The snapshot function snapshotFor(address _wallet, bytes calldata _proof) external view returns (Snapshot memory snapshot); }
IDelegatedExtension.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; /// @title IDelegatedExtension /// @author Agustin Aguilar /// @notice Interface for the delegated extension module interface IDelegatedExtension { /// @notice Handle a sequence delegate call /// @param _opHash The operation hash /// @param _startingGas The starting gas /// @param _index The index /// @param _numCalls The number of calls /// @param _space The space /// @param _data The data function handleSequenceDelegateCall( bytes32 _opHash, uint256 _startingGas, uint256 _index, uint256 _numCalls, uint256 _space, bytes calldata _data ) external; }
IERC1271.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.18; bytes4 constant IERC1271_MAGIC_VALUE_HASH = 0x1626ba7e; bytes4 constant IERC1271_MAGIC_VALUE_BYTES = 0x20c13b0b; /// @title IERC1271 /// @notice Interface for ERC1271 interface IERC1271 { /// @notice Verifies whether the provided signature is valid with respect to the provided hash /// @dev MUST return the correct magic value if the signature provided is valid for the provided hash /// > The bytes4 magic value to return when signature is valid is 0x1626ba7e : bytes4(keccak256("isValidSignature(bytes32,bytes)") /// > This function MAY modify Ethereum's state /// @param _hash keccak256 hash that was signed /// @param _signature Signature byte array associated with _data /// @return magicValue Magic value 0x1626ba7e if the signature is valid and 0x0 otherwise function isValidSignature(bytes32 _hash, bytes calldata _signature) external view returns (bytes4 magicValue); } /// @title IERC1271Data /// @notice Deprecated interface for ERC1271 using bytes instead of bytes32 interface IERC1271Data { /// @notice Verifies whether the provided signature is valid with respect to the provided hash /// @dev MUST return the correct magic value if the signature provided is valid for the provided hash /// > The bytes4 magic value to return when signature is valid is 0x20c13b0b : bytes4(keccak256("isValidSignature(bytes,bytes)") /// > This function MAY modify Ethereum's state /// @param _data Data that was signed /// @param _signature Signature byte array associated with _data /// @return magicValue Magic value 0x20c13b0b if the signature is valid and 0x0 otherwise function isValidSignature(bytes calldata _data, bytes calldata _signature) external view returns (bytes4 magicValue); }
IPartialAuth.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { Payload } from "../Payload.sol"; /// @title IPartialAuth /// @author Agustin Aguilar /// @notice Interface for the partial auth module interface IPartialAuth { /// @notice Recover the partial signature /// @param _payload The payload /// @param _signature The signature to recover /// @return threshold The signature threshold /// @return weight The derived weight /// @return isValidImage Whether the image hash is valid /// @return imageHash The derived image hash /// @return checkpoint The checkpoint identifier /// @return opHash The hash of the payload function recoverPartialSignature( Payload.Decoded calldata _payload, bytes calldata _signature ) external view returns ( uint256 threshold, uint256 weight, bool isValidImage, bytes32 imageHash, uint256 checkpoint, bytes32 opHash ); }
ISapient.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.27; import { Payload } from "../Payload.sol"; /// @title ISapient /// @author Agustin Aguilar, Michael Standen /// @notice Sapient signers take an explicit payload and return their own "imageHash" as result /// @dev The consumer of this signer must validate if the imageHash is valid or not, for the desired configuration interface ISapient { /// @notice Recovers the image hash of a given signature /// @param payload The payload to recover the signature from /// @param signature The signature to recover the image hash from /// @return imageHash The recovered image hash function recoverSapientSignature( Payload.Decoded calldata payload, bytes calldata signature ) external view returns (bytes32 imageHash); } /// @title ISapientCompact /// @author Agustin Aguilar, Michael Standen /// @notice Sapient signers take a compacted payload and return their own "imageHash" as result /// @dev The consumer of this signer must validate if the imageHash is valid or not, for the desired configuration interface ISapientCompact { /// @notice Recovers the image hash of a given signature, using a hashed payload /// @param digest The digest of the payload /// @param signature The signature to recover the image hash from /// @return imageHash The recovered image hash function recoverSapientSignatureCompact( bytes32 digest, bytes calldata signature ) external view returns (bytes32 imageHash); }
LibBytes.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.18; /// @title Library for reading data from bytes arrays /// @author Agustin Aguilar (aa@horizon.io), Michael Standen (mstan@horizon.io) /// @notice This library contains functions for reading data from bytes arrays. /// @dev These functions do not check if the input index is within the bounds of the data array. /// @dev Reading out of bounds may return dirty values. library LibBytes { function readFirstUint8( bytes calldata _data ) internal pure returns (uint8 a, uint256 newPointer) { assembly { let word := calldataload(_data.offset) a := shr(248, word) newPointer := 1 } } function readUint8(bytes calldata _data, uint256 _index) internal pure returns (uint8 a, uint256 newPointer) { assembly { let word := calldataload(add(_index, _data.offset)) a := shr(248, word) newPointer := add(_index, 1) } } function readUint16(bytes calldata _data, uint256 _index) internal pure returns (uint16 a, uint256 newPointer) { assembly { let word := calldataload(add(_index, _data.offset)) a := shr(240, word) newPointer := add(_index, 2) } } function readUint24(bytes calldata _data, uint256 _index) internal pure returns (uint24 a, uint256 newPointer) { assembly { let word := calldataload(add(_index, _data.offset)) a := shr(232, word) newPointer := add(_index, 3) } } function readUint64(bytes calldata _data, uint256 _index) internal pure returns (uint64 a, uint256 newPointer) { assembly { let word := calldataload(add(_index, _data.offset)) a := shr(192, word) newPointer := add(_index, 8) } } function readUint160(bytes calldata _data, uint256 _index) internal pure returns (uint160 a, uint256 newPointer) { assembly { let word := calldataload(add(_index, _data.offset)) a := shr(96, word) newPointer := add(_index, 20) } } function readUint256(bytes calldata _data, uint256 _index) internal pure returns (uint256 a, uint256 newPointer) { assembly { a := calldataload(add(_index, _data.offset)) newPointer := add(_index, 32) } } function readUintX( bytes calldata _data, uint256 _index, uint256 _length ) internal pure returns (uint256 a, uint256 newPointer) { assembly { let word := calldataload(add(_index, _data.offset)) let shift := sub(256, mul(_length, 8)) a := and(shr(shift, word), sub(shl(mul(8, _length), 1), 1)) newPointer := add(_index, _length) } } function readBytes4(bytes calldata _data, uint256 _pointer) internal pure returns (bytes4 a, uint256 newPointer) { assembly { let word := calldataload(add(_pointer, _data.offset)) a := and(word, 0xffffffff00000000000000000000000000000000000000000000000000000000) newPointer := add(_pointer, 4) } } function readBytes32(bytes calldata _data, uint256 _pointer) internal pure returns (bytes32 a, uint256 newPointer) { assembly { a := calldataload(add(_pointer, _data.offset)) newPointer := add(_pointer, 32) } } function readAddress(bytes calldata _data, uint256 _index) internal pure returns (address a, uint256 newPointer) { assembly { let word := calldataload(add(_index, _data.offset)) a := and(shr(96, word), 0xffffffffffffffffffffffffffffffffffffffff) newPointer := add(_index, 20) } } /// @dev ERC-2098 Compact Signature function readRSVCompact( bytes calldata _data, uint256 _index ) internal pure returns (bytes32 r, bytes32 s, uint8 v, uint256 newPointer) { uint256 yParityAndS; assembly { r := calldataload(add(_index, _data.offset)) yParityAndS := calldataload(add(_index, add(_data.offset, 32))) newPointer := add(_index, 64) } uint256 yParity = uint256(yParityAndS >> 255); s = bytes32(uint256(yParityAndS) & ((1 << 255) - 1)); v = uint8(yParity) + 27; } }
LibOptim.sol
// SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.18; /// @title LibOptim /// @author Agustin Aguilar /// @notice Library for optimized EVM operations library LibOptim { /** * @notice Computes the keccak256 hash of two 32-byte inputs. * @dev It uses only scratch memory space. * @param _a The first 32 bytes of the hash. * @param _b The second 32 bytes of the hash. * @return c The keccak256 hash of the two 32-byte inputs. */ function fkeccak256(bytes32 _a, bytes32 _b) internal pure returns (bytes32 c) { assembly { mstore(0, _a) mstore(32, _b) c := keccak256(0, 64) } } /** * @notice Returns the return data from the last call. * @return r The return data from the last call. */ function returnData() internal pure returns (bytes memory r) { assembly { let size := returndatasize() r := mload(0x40) let start := add(r, 32) mstore(0x40, add(start, size)) mstore(r, size) returndatacopy(start, 0, size) } } /** * @notice Calls another contract with the given parameters. * @dev This method doesn't increase the memory pointer. * @param _to The address of the contract to call. * @param _val The value to send to the contract. * @param _gas The amount of gas to provide for the call. * @param _data The data to send to the contract. * @return r The success status of the call. */ function call(address _to, uint256 _val, uint256 _gas, bytes memory _data) internal returns (bool r) { assembly { r := call(_gas, _to, _val, add(_data, 32), mload(_data), 0, 0) } } /** * @notice Calls another contract with the given parameters, using delegatecall. * @dev This method doesn't increase the memory pointer. * @param _to The address of the contract to call. * @param _gas The amount of gas to provide for the call. * @param _data The data to send to the contract. * @return r The success status of the call. */ function delegatecall(address _to, uint256 _gas, bytes memory _data) internal returns (bool r) { assembly { r := delegatecall(_gas, _to, add(_data, 32), mload(_data), 0, 0) } } }
Gas Token: