first commit

Author: conorpp

.github/workflows/test.yml

@@ -0,0 +1,43 @@
+name: CI
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  check:
+    strategy:
+      fail-fast: true
+
+    name: Foundry project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
+
+      - name: Show Forge version
+        run: |
+          forge --version
+
+      - name: Run Forge fmt
+        run: |
+          forge fmt --check
+        id: fmt
+
+      - name: Run Forge build
+        run: |
+          forge build --sizes
+        id: build
+
+      - name: Run Forge tests
+        run: |
+          forge test -vvv
+        id: test

.gitignore

@@ -0,0 +1,15 @@
+# Compiler files
+cache/
+out/
+
+# Ignores development broadcast logs
+!/broadcast
+/broadcast/*/31337/
+/broadcast/**/dry-run/
+broadcast/
+
+# Docs
+docs/
+
+# Dotenv file
+.env

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std

README.md

@@ -0,0 +1,121 @@
+# Basic Smart Account
+
+This smart contract uses the SafeLite example: https://github.com/5afe/safe-eip7702/blob/main/safe-eip7702-contracts/contracts/experimental/SafeLite.sol
+It was stripped from all unecessary logic to only keep the batch functionality.
+It uses no dependencies and relies on some assembly to save on gas usage.
+
+DFNS is also using a modfied [SafeLite example and completed an audit for it](https://github.com/dfns/dfns-smart-account).
+
+It is deployed on the following chains:
+
+| Blockchain          | Contract Address                                                                                                                      |
+| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| Arbitrum            | [0x19A6c30398c5276466Bf13AF2Ba568ef75026B86](https://arbiscan.io/address/0x19A6c30398c5276466Bf13AF2Ba568ef75026B86#code)             |
+| Base                | [0x19A6c30398c5276466Bf13AF2Ba568ef75026B86](https://basescan.org/address/0x19A6c30398c5276466Bf13AF2Ba568ef75026B86#code)            |
+| Berachain           | [0x19A6c30398c5276466Bf13AF2Ba568ef75026B86](https://berascan.org/address/0x19A6c30398c5276466Bf13AF2Ba568ef75026B86#code)            |
+| Binance Smart Chain | [0x19A6c30398c5276466Bf13AF2Ba568ef75026B86](https://bscscan.com/address/0x19A6c30398c5276466Bf13AF2Ba568ef75026B86#code)             |
+| Ethereum Mainnet    | [0x19A6c30398c5276466Bf13AF2Ba568ef75026B86](https://etherscan.io/address/0x19A6c30398c5276466Bf13AF2Ba568ef75026B86#code)            |
+| Ethereum Holesky    | [0x19A6c30398c5276466Bf13AF2Ba568ef75026B86](https://holesky.etherscan.io/address/0x19A6c30398c5276466Bf13AF2Ba568ef75026B86#code)    |
+| Optimism            | [0x19A6c30398c5276466Bf13AF2Ba568ef75026B86](https://optimistic.etherscan.io/address/0x19A6c30398c5276466Bf13AF2Ba568ef75026B86#code) |
+
+## EIP 7702
+
+### Overview
+
+EIP7702 allows EOA addresses to be treated as contract addresses. This is introduced as a new EVM transaction type which adds
+a new field called "authorization list".
+
+Each authorization in the list makes a temporary delegation to a contract address for some EOA. This authorization must be signed by that EOA.
+It is temporary in that the EOA can be delegated to this contract only in transactions containing a proper authorization for it.
+
+Note that the transaction itself does not need to be signed by the EOA's being delegated. So a "fee-payer" address can craft a transaction
+containing these authorizations for other EOA's and thus sponsor actions for them.
+
+### EIP 7702 contract
+
+For the authorized EOA, this contract is executed as if EOA is the contract. Meaning the contract can move funds, call other contracts for the EOA.
+Thus it's important that the EOA additionally signs the actions done by the contract (stored in the `data` of the transaction). This protects the EOA
+from the "fee-payer" address inserting arbitrary actions.
+
+The input to `BasicSmartAccount` is a list of `(to address, value uint256, data bytes)` tuples, all of which are signed by the EOA. The
+input is simply verified and executed.
+
+In summary:
+
+- Any EOA can delegate to `BasicSmartAccount` contract by signing an authorization.
+- By delegating to `BasicSmartAccount` in a transaction, an EOA is trusting `BasicSmartAccount` to correctly execute any signed `(address, value, data)` tuples included in that same transaction.
+- The transaction containing the authorization list and `(address, value, data)` data itself can be signed by a separate address. This address pays the fees.
+
+## Foundry
+
+**Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.**
+
+Foundry consists of:
+
+- **Forge**: Ethereum testing framework (like Truffle, Hardhat and DappTools).
+- **Cast**: Swiss army knife for interacting with EVM smart contracts, sending transactions and getting chain data.
+- **Anvil**: Local Ethereum node, akin to Ganache, Hardhat Network.
+- **Chisel**: Fast, utilitarian, and verbose solidity REPL.
+
+## Documentation
+
+https://book.getfoundry.sh/
+
+## Usage
+
+### Build
+
+```shell
+forge build
+```
+
+### Test
+
+```shell
+forge test
+```
+
+### Format
+
+```shell
+forge fmt
+```
+
+### Gas Snapshots
+
+```shell
+forge snapshot
+```
+
+### Anvil
+
+```shell
+anvil
+```
+
+### Deploy
+
+Deployment is done using deterministic `CREATE2` instruction. Meaning any address can deploy this contract to a chain (for the given `EVM_SALT`),
+and it will have the expected contract address. Note that if any part of the contract changes, then the contract address will also be different.
+
+```shell
+# keccak256("BasicSmartAccount")
+export EVM_SALT=bdfee0231e0903cde9ca6fd75d08a500062dc3d87718f712bc6958ed697617c3
+ forge script ./script/DeployBasicSmartAccount.s.sol --rpc-url <your_rpc_url> --private-key <your_private_key>
+```
+
+Add `--broadcast` when you are ready to transmit for real.
+
+### Cast
+
+```shell
+$ cast <subcommand>
+```
+
+### Help
+
+```shell
+$ forge --help
+$ anvil --help
+$ cast --help
+```

foundry.toml

@@ -0,0 +1,9 @@
+[profile.default]
+src = "src"
+out = "out"
+libs = ["lib"]
+
+# Pin these settings to ensure deterministic contract address
+solc = "0.8.30"
+
+# See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options

lib/forge-std

@@ -0,0 +1,18 @@
+// SPDX-License-Identifier : MIT
+pragma solidity ^0.8.18;
+
+import {Script} from "forge-std/Script.sol";
+import {console} from "forge-std/console.sol";
+import {BasicSmartAccount} from "../src/BasicSmartAccount.sol";
+
+contract DeployBasicSmartAccount is Script {
+    function run() external {
+        bytes32 salt = vm.envBytes32("EVM_SALT");
+
+        vm.startBroadcast();
+        BasicSmartAccount impl = new BasicSmartAccount{salt: salt}();
+        vm.stopBroadcast();
+
+        console.log("contract address: ", address(impl));
+    }
+}

script/DeployBasicSmartAccount.s.sol

@@ -0,0 +1,124 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity ^0.8.30;
+
+/**
+ * @title BasicSmartAccount - This contract support batch execution of transactions.
+ * The only storage is a nonce to prevent replay attacks.
+ * The contract is intended to be used with EIP-7702 where EOA delegates to this contract.
+ */
+contract BasicSmartAccount {
+    struct Storage {
+        uint256 nonce;
+    }
+
+    // Reserve a unique storage slot for the nonce.
+    // * keccak256("BasicSmartAccount") & (~0xff)
+    bytes32 private constant _STORAGE =
+        0xbdfee0231e0903cde9ca6fd75d08a500062dc3d87718f712bc6958ed69761700;
+
+    // Domain typehash for EIP712 message.
+    // * keccak256("EIP712Domain(uint256 chainId,address verifyingContract)");
+    bytes32 private constant _DOMAIN_TYPEHASH =
+        0x47e79534a245952e8b16893a336b85a3d9ea9fa8c573f3d803afb92a79469218;
+
+    // The struct typehash for the EIP712 message.
+    // * keccak256("HandleOps(bytes32 data,uint256 nonce)")
+    bytes32 private constant _HANDLEOPS_TYPEHASH =
+        0x4f8bb4631e6552ac29b9d6bacf60ff8b5481e2af7c2104fe0261045fa6988111;
+
+    address private immutable ENTRY_POINT;
+
+    error InvalidSignature();
+
+    /**
+     * @dev Sends multiple transactions with signature validation and reverts all if one fails.
+     * @param userOps Encoded User Ops.
+     * @param r The r part of the signature.
+     * @param vs The v and s part of the signature.
+     */
+    function handleOps(
+        bytes memory userOps,
+        uint256 r,
+        uint256 vs
+    ) public payable {
+        Storage storage $ = _storage();
+        uint256 nonce = $.nonce;
+
+        // Calculate the hash of transactions data and nonce for signature verification
+        bytes32 domainSeparator = keccak256(
+            abi.encode(_DOMAIN_TYPEHASH, block.chainid, address(this))
+        );
+
+        bytes32 structHash = keccak256(
+            abi.encode(_HANDLEOPS_TYPEHASH, keccak256(userOps), nonce)
+        );
+        bytes32 digest = keccak256(
+            abi.encodePacked("\x19\x01", domainSeparator, structHash)
+        );
+
+        // Verify the signature of EIP712 message
+        require(_isValidSignature(digest, r, vs), InvalidSignature());
+
+        // Update nonce for the sender to prevent replay attacks
+        unchecked {
+            $.nonce = nonce + 1;
+        }
+
+        /* solhint-disable no-inline-assembly */
+        assembly ("memory-safe") {
+            let length := mload(userOps)
+            let i := 0x20
+            for {
+
+            } lt(i, length) {
+
+            } {
+                let to := shr(0x60, mload(add(userOps, i)))
+                let value := mload(add(userOps, add(i, 0x14)))
+                let dataLength := mload(add(userOps, add(i, 0x34)))
+                let data := add(userOps, add(i, 0x54))
+                let success := call(gas(), to, value, data, dataLength, 0, 0)
+
+                if eq(success, 0) {
+                    returndatacopy(0, 0, returndatasize())
+                    revert(0, returndatasize())
+                }
+                i := add(i, add(0x54, dataLength))
+            }
+        }
+        /* solhint-enable no-inline-assembly */
+    }
+
+    /**
+     * @dev Validates the signature by extracting `v` and `s` from `vs` and using `ecrecover`.
+     * @param hash The hash of the signed data.
+     * @param r The r part of the signature.
+     * @param vs The v and s part of the signature combined.
+     * @return bool True if the signature is valid, false otherwise.
+     */
+    function _isValidSignature(
+        bytes32 hash,
+        uint256 r,
+        uint256 vs
+    ) internal view returns (bool) {
+        unchecked {
+            uint256 v = (vs >> 255) + 27;
+            uint256 s = vs &
+                0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;
+
+            return
+                address(this) ==
+                ecrecover(hash, uint8(v), bytes32(r), bytes32(s));
+        }
+    }
+
+    function _storage() private pure returns (Storage storage $) {
+        assembly ("memory-safe") {
+            $.slot := _STORAGE
+        }
+    }
+
+    function getNonce() external view returns (uint256) {
+        return _storage().nonce;
+    }
+}