@@ -343,37 +343,6 @@ abstract contract ValidationManager is EIP712, SelectorManager, HookManager, Exe
343343 }
344344 }
345345
346- function _verifySignature (bytes32 hash , bytes calldata signature ) internal view returns (bytes4 ) {
347- ValidationStorage storage vs = _validationStorage ();
348- (ValidationId vId , bytes calldata sig ) = ValidatorLib.decodeSignature (signature);
349- if (ValidatorLib.getType (vId) == VALIDATION_TYPE_ROOT) {
350- vId = vs.rootValidator;
351- }
352- bool isReplayable = sig.length >= 32 && bytes32 (sig[0 :32 ]) == MAGIC_VALUE_SIG_REPLAYABLE;
353- if (isReplayable) {
354- sig = sig[32 :];
355- }
356- ValidationType vType = ValidatorLib.getType (vId);
357- if (address (vs.validationConfig[vId].hook) == HOOK_MODULE_NOT_INSTALLED && vType != VALIDATION_TYPE_7702) {
358- revert InvalidValidator ();
359- }
360- if (vType == VALIDATION_TYPE_VALIDATOR) {
361- IValidator validator = ValidatorLib.getValidator (vId);
362- return validator.isValidSignatureWithSender (msg .sender , _toWrappedHash (hash, isReplayable), sig);
363- } else if (vType == VALIDATION_TYPE_PERMISSION) {
364- PermissionId pId = ValidatorLib.getPermissionId (vId);
365- PassFlag permissionFlag = vs.permissionConfig[pId].permissionFlag;
366- if (PassFlag.unwrap (permissionFlag) & PassFlag.unwrap (SKIP_SIGNATURE) != 0 ) {
367- revert PermissionNotAlllowedForSignature ();
368- }
369- return _checkPermissionSignature (pId, msg .sender , hash, sig, isReplayable);
370- } else if (vType == VALIDATION_TYPE_7702) {
371- return _verify7702Signature (_toWrappedHash (hash, isReplayable), sig);
372- } else {
373- revert InvalidValidationType ();
374- }
375- }
376-
377346 function replayableUserOpHash (PackedUserOperation calldata userOp , address entryPoint )
378347 public
379348 pure
@@ -429,13 +398,13 @@ abstract contract ValidationManager is EIP712, SelectorManager, HookManager, Exe
429398 bool isReplayable
430399 ) internal returns (ValidationData validationData ) {
431400 (ValidationConfig memory config , bytes32 digest ) = _enableDigest (vId, hook, enableData, isReplayable);
432- validationData = _checkEnableSig (digest, enableData.enableSig);
401+ validationData = _verifyEnableSig (digest, enableData.enableSig);
433402 _installValidation (vId, config, enableData.validatorData, enableData.hookData);
434403 _configureSelector (enableData.selectorData);
435404 _grantAccess (vId, bytes4 (enableData.selectorData[0 :4 ]), true );
436405 }
437406
438- function _checkEnableSig (bytes32 digest , bytes calldata enableSig )
407+ function _verifyEnableSig (bytes32 digest , bytes calldata enableSig )
439408 internal
440409 view
441410 returns (ValidationData validationData )
@@ -461,42 +430,57 @@ abstract contract ValidationManager is EIP712, SelectorManager, HookManager, Exe
461430 }
462431 }
463432
464- function _configureSelector (bytes calldata selectorData ) internal {
465- bytes4 selector = bytes4 (selectorData[0 :4 ]);
466-
467- if (selectorData.length >= 4 ) {
468- if (selectorData.length >= 44 ) {
469- SelectorDataFormat calldata data;
470- assembly {
471- data := add (selectorData.offset, 44 )
472- }
473- // install selector with hook and target contract
474- IModule selectorModule = IModule (address (bytes20 (selectorData[4 :24 ])));
475- if (
476- CallType.wrap (bytes1 (data.selectorInitData[0 ])) == CALLTYPE_SINGLE && selectorModule.isModuleType (2 )
477- ) {
478- // also adds as executor when fallback module is also a executor
479- SelectorDataFormatWithExecutorData calldata dataWithExecutor;
480- assembly {
481- dataWithExecutor := data
482- }
483- IHook executorHook = IHook (address (bytes20 (dataWithExecutor.executorHookData[0 :20 ])));
484- // if module is also executor, install as executor
485- _installExecutorWithoutInit (IExecutor (address (selectorModule)), executorHook);
486- _installHook (executorHook, dataWithExecutor.executorHookData[20 :]);
487- }
488- _installSelector (
489- selector,
490- address (selectorModule),
491- IHook (address (bytes20 (selectorData[24 :44 ]))),
492- data.selectorInitData
493- );
494- _installHook (IHook (address (bytes20 (selectorData[24 :44 ]))), data.hookInitData);
495- } else {
496- // set without install
497- require (selectorData.length == 4 , "Invalid selectorData " );
433+ function _verifySignature (bytes32 hash , bytes calldata signature ) internal view returns (bytes4 ) {
434+ ValidationStorage storage vs = _validationStorage ();
435+ (ValidationId vId , bytes calldata sig ) = ValidatorLib.decodeSignature (signature);
436+ if (ValidatorLib.getType (vId) == VALIDATION_TYPE_ROOT) {
437+ vId = vs.rootValidator;
438+ }
439+ bool isReplayable = sig.length >= 32 && bytes32 (sig[0 :32 ]) == MAGIC_VALUE_SIG_REPLAYABLE;
440+ if (isReplayable) {
441+ sig = sig[32 :];
442+ }
443+ ValidationType vType = ValidatorLib.getType (vId);
444+ ValidationConfig memory vc = vs.validationConfig[vId];
445+ if (address (vc.hook) == HOOK_MODULE_NOT_INSTALLED && vType != VALIDATION_TYPE_7702) {
446+ revert InvalidValidator ();
447+ }
448+ if (vType != VALIDATION_TYPE_ROOT && vc.nonce < vs.validNonceFrom) {
449+ revert InvalidNonce ();
450+ }
451+ if (vType == VALIDATION_TYPE_VALIDATOR) {
452+ IValidator validator = ValidatorLib.getValidator (vId);
453+ return validator.isValidSignatureWithSender (msg .sender , _toWrappedHash (hash, isReplayable), sig);
454+ } else if (vType == VALIDATION_TYPE_PERMISSION) {
455+ PermissionId pId = ValidatorLib.getPermissionId (vId);
456+ PassFlag permissionFlag = vs.permissionConfig[pId].permissionFlag;
457+ if (PassFlag.unwrap (permissionFlag) & PassFlag.unwrap (SKIP_SIGNATURE) != 0 ) {
458+ revert PermissionNotAlllowedForSignature ();
498459 }
460+ return _checkPermissionSignature (pId, msg .sender , hash, sig, isReplayable);
461+ } else if (vType == VALIDATION_TYPE_7702) {
462+ return _verify7702Signature (_toWrappedHash (hash, isReplayable), sig);
463+ } else {
464+ revert InvalidValidationType ();
465+ }
466+ }
467+
468+ function _checkPermissionSignature (
469+ PermissionId pId ,
470+ address caller ,
471+ bytes32 hash ,
472+ bytes calldata sig ,
473+ bool isReplayable
474+ ) internal view returns (bytes4 ) {
475+ (ISigner signer , ValidationData valdiationData , bytes calldata validatorSig ) =
476+ _checkSignaturePolicy (pId, msg .sender , hash, sig);
477+ (ValidAfter validAfter , ValidUntil validUntil ,) = parseValidationData (ValidationData.unwrap (valdiationData));
478+ if (block .timestamp < ValidAfter.unwrap (validAfter) || block .timestamp > ValidUntil.unwrap (validUntil)) {
479+ return ERC1271_INVALID ;
499480 }
481+ return signer.checkSignature (
482+ bytes32 (PermissionId.unwrap (pId)), msg .sender , _toWrappedHash (hash, isReplayable), validatorSig
483+ );
500484 }
501485
502486 function _enableDigest (
@@ -525,6 +509,37 @@ abstract contract ValidationManager is EIP712, SelectorManager, HookManager, Exe
525509 digest = isReplayable ? _chainAgnosticHashTypedData (structHash) : _hashTypedData (structHash);
526510 }
527511
512+ function _configureSelector (bytes calldata selectorData ) internal {
513+ bytes4 selector = bytes4 (selectorData[0 :4 ]);
514+
515+ if (selectorData.length >= 44 ) {
516+ SelectorDataFormat calldata data;
517+ assembly {
518+ data := add (selectorData.offset, 44 )
519+ }
520+ // install selector with hook and target contract
521+ IModule selectorModule = IModule (address (bytes20 (selectorData[4 :24 ])));
522+ if (CallType.wrap (bytes1 (data.selectorInitData[0 ])) == CALLTYPE_SINGLE && selectorModule.isModuleType (2 )) {
523+ // also adds as executor when fallback module is also a executor
524+ SelectorDataFormatWithExecutorData calldata dataWithExecutor;
525+ assembly {
526+ dataWithExecutor := data
527+ }
528+ IHook executorHook = IHook (address (bytes20 (dataWithExecutor.executorHookData[0 :20 ])));
529+ // if module is also executor, install as executor
530+ _installExecutorWithoutInit (IExecutor (address (selectorModule)), executorHook);
531+ _installHook (executorHook, dataWithExecutor.executorHookData[20 :]);
532+ }
533+ _installSelector (
534+ selector, address (selectorModule), IHook (address (bytes20 (selectorData[24 :44 ]))), data.selectorInitData
535+ );
536+ _installHook (IHook (address (bytes20 (selectorData[24 :44 ]))), data.hookInitData);
537+ } else {
538+ // set without install
539+ require (selectorData.length == 4 , "Invalid selectorData " );
540+ }
541+ }
542+
528543 function _verify7702Signature (bytes32 hash , bytes calldata sig ) internal view returns (bytes4 ) {
529544 return ECDSA.recover (hash, sig) == address (this ) ? ERC1271_MAGICVALUE : ERC1271_INVALID ;
530545 }
@@ -625,24 +640,6 @@ abstract contract ValidationManager is EIP712, SelectorManager, HookManager, Exe
625640 }
626641 }
627642
628- function _checkPermissionSignature (
629- PermissionId pId ,
630- address caller ,
631- bytes32 hash ,
632- bytes calldata sig ,
633- bool isReplayable
634- ) internal view returns (bytes4 ) {
635- (ISigner signer , ValidationData valdiationData , bytes calldata validatorSig ) =
636- _checkSignaturePolicy (pId, caller, hash, sig);
637- (ValidAfter validAfter , ValidUntil validUntil ,) = parseValidationData (ValidationData.unwrap (valdiationData));
638- if (block .timestamp < ValidAfter.unwrap (validAfter) || block .timestamp > ValidUntil.unwrap (validUntil)) {
639- return ERC1271_INVALID ;
640- }
641- return signer.checkSignature (
642- bytes32 (PermissionId.unwrap (pId)), caller, _toWrappedHash (hash, isReplayable), validatorSig
643- );
644- }
645-
646643 function _toWrappedHash (bytes32 hash , bool isReplayable ) internal view returns (bytes32 ) {
647644 bytes32 structHash = keccak256 (abi.encode (KERNEL_WRAPPER_TYPE_HASH, hash));
648645 return isReplayable ? _chainAgnosticHashTypedData (structHash) : _hashTypedData (structHash);
0 commit comments