-
Notifications
You must be signed in to change notification settings - Fork 25
/
NativeTokenLimitModule.sol
153 lines (129 loc) · 6.3 KB
/
NativeTokenLimitModule.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.20;
import {UserOperationLib} from "@eth-infinitism/account-abstraction/core/UserOperationLib.sol";
import {PackedUserOperation} from "@eth-infinitism/account-abstraction/interfaces/PackedUserOperation.sol";
import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
import {IExecutionHookModule} from "../../interfaces/IExecutionHookModule.sol";
import {Call, IModularAccount} from "../../interfaces/IModularAccount.sol";
import {IModule} from "../../interfaces/IModule.sol";
import {IValidationHookModule} from "../../interfaces/IValidationHookModule.sol";
import {BaseModule, IERC165} from "../BaseModule.sol";
/// @title Native Token Limit Module
/// @author ERC-6900 Authors
/// @notice This module supports a single total native token spend limit.
/// It tracks a total spend limit across UserOperation gas limits and native token transfers.
/// If a non whitelisted paymaster is used, UO gas would not cause the limit to decrease.
/// If a whitelisted paymaster is used, gas is still counted towards the limit
contract NativeTokenLimitModule is BaseModule, IExecutionHookModule, IValidationHookModule {
using UserOperationLib for PackedUserOperation;
using EnumerableSet for EnumerableSet.Bytes32Set;
mapping(uint256 funcIds => mapping(address account => uint256 limit)) public limits;
// Accounts should add paymasters that still use the accounts tokens here
// E.g. ERC20 paymasters that pull funds from the account
mapping(address paymaster => mapping(address account => bool allowed)) public specialPaymasters;
error ExceededNativeTokenLimit();
error ExceededNumberOfEntities();
function updateLimits(uint32 entityId, uint256 newLimit) external {
limits[entityId][msg.sender] = newLimit;
}
function updateSpecialPaymaster(address paymaster, bool allowed) external {
specialPaymasters[paymaster][msg.sender] = allowed;
}
/// @inheritdoc IValidationHookModule
function preUserOpValidationHook(uint32 entityId, PackedUserOperation calldata userOp, bytes32)
external
returns (uint256)
{
// Decrease limit only if no paymaster is used, or if its a special paymaster
if (
userOp.paymasterAndData.length == 0
|| specialPaymasters[address(bytes20(userOp.paymasterAndData[:20]))][msg.sender]
) {
uint256 vgl = UserOperationLib.unpackVerificationGasLimit(userOp);
uint256 cgl = UserOperationLib.unpackCallGasLimit(userOp);
uint256 pvgl;
uint256 ppogl;
if (userOp.paymasterAndData.length > 0) {
// Can skip the EP length check here since it would have reverted there if it was invalid
(, pvgl, ppogl) = UserOperationLib.unpackPaymasterStaticFields(userOp.paymasterAndData);
}
uint256 totalGas = userOp.preVerificationGas + vgl + cgl + pvgl + ppogl;
uint256 usage = totalGas * UserOperationLib.unpackMaxFeePerGas(userOp);
uint256 limit = limits[entityId][msg.sender];
if (usage > limit) {
revert ExceededNativeTokenLimit();
}
limits[entityId][msg.sender] = limit - usage;
}
return 0;
}
/// @inheritdoc IExecutionHookModule
function preExecutionHook(uint32 entityId, address, uint256, bytes calldata data)
external
override
returns (bytes memory)
{
return _checkAndDecrementLimit(entityId, data);
}
/// @inheritdoc IModule
function onInstall(bytes calldata data) external override {
(uint32 startEntityId, uint256[] memory spendLimits) = abi.decode(data, (uint32, uint256[]));
if (startEntityId + spendLimits.length > type(uint32).max) {
revert ExceededNumberOfEntities();
}
for (uint256 i = 0; i < spendLimits.length; i++) {
limits[i + startEntityId][msg.sender] = spendLimits[i];
}
}
/// @inheritdoc IModule
function onUninstall(bytes calldata data) external override {
// This is the highest entityId that's being used by the account
uint32 entityId = abi.decode(data, (uint32));
for (uint256 i = 0; i < entityId; i++) {
delete limits[i][msg.sender];
}
}
/// @inheritdoc IExecutionHookModule
function postExecutionHook(uint32, bytes calldata) external pure override {
revert NotImplemented();
}
// No implementation, no revert
// Runtime spends no account gas, and we check native token spend limits in exec hooks
function preRuntimeValidationHook(uint32, address, uint256, bytes calldata, bytes calldata)
external
pure
override
{} // solhint-disable-line no-empty-blocks
// solhint-disable-next-line no-empty-blocks
function preSignatureValidationHook(uint32, address, bytes32, bytes calldata) external pure override {}
/// @inheritdoc IModule
function moduleId() external pure returns (string memory) {
return "erc6900.native-token-limit-module.1.0.0";
}
// ┏━━━━━━━━━━━━━━━┓
// ┃ EIP-165 ┃
// ┗━━━━━━━━━━━━━━━┛
/// @inheritdoc BaseModule
function supportsInterface(bytes4 interfaceId) public view override(BaseModule, IERC165) returns (bool) {
return interfaceId == type(IExecutionHookModule).interfaceId || super.supportsInterface(interfaceId);
}
function _checkAndDecrementLimit(uint32 entityId, bytes calldata data) internal returns (bytes memory) {
(bytes4 selector, bytes memory callData) = _getSelectorAndCalldata(data);
uint256 value;
// Get value being sent
if (selector == IModularAccount.execute.selector) {
(, value) = abi.decode(callData, (address, uint256));
} else if (selector == IModularAccount.executeBatch.selector) {
Call[] memory calls = abi.decode(callData, (Call[]));
for (uint256 i = 0; i < calls.length; i++) {
value += calls[i].value;
}
}
uint256 limit = limits[entityId][msg.sender];
if (value > limit) {
revert ExceededNativeTokenLimit();
}
limits[entityId][msg.sender] = limit - value;
return "";
}
}