From 74bd2cbe37f08b08d8e8a8e0c6a7d7ac42bd8553 Mon Sep 17 00:00:00 2001 From: Conner Swenberg Date: Mon, 7 Oct 2024 23:06:00 -0700 Subject: [PATCH] Add SpendPermissions (#59) * Add initial RecurringAllowanceManager * Add sample diagram of withdraw * Update diagram * Add explicit permit function * Replace smart wallet executeBatch with execute * Update diagrams * Add isAuthorized function * Add modifier and internal virtual _withdraw function * Rename withdraw spender to recipient * Rename withdraw account to owner * Update comments and light refactor * Add token address field for withdraw event * Add recipient argument for withdraw * Add dedicated withdraw function for 7715 permissions context * Add paymaster extension * Update docs and contract name * Add internal virtual _execute * Update paymaster diagram * Revert locks and go with withdrawable state * Add EIP712 support * Update paymaster diagram * Rename contracts * Refactor function order --- docs/diagrams/onchain/paymaster.md | 32 ++ docs/diagrams/onchain/withdraw.md | 28 ++ script/Debug.s.sol | 40 +-- script/Deploy.s.sol | 16 +- src/EIP712.sol | 80 +++++ src/SpendPermissions.sol | 337 ++++++++++++++++++ src/SpendPermissionsPaymaster.sol | 196 ++++++++++ test/base/Static.sol | 8 + test/src/SpendPermissions/Debug.t.sol | 53 +++ .../src/SpendPermissionsPaymaster/Debug.t.sol | 109 ++++++ 10 files changed, 851 insertions(+), 48 deletions(-) create mode 100644 docs/diagrams/onchain/paymaster.md create mode 100644 docs/diagrams/onchain/withdraw.md create mode 100644 src/EIP712.sol create mode 100644 src/SpendPermissions.sol create mode 100644 src/SpendPermissionsPaymaster.sol create mode 100644 test/base/Static.sol create mode 100644 test/src/SpendPermissions/Debug.t.sol create mode 100644 test/src/SpendPermissionsPaymaster/Debug.t.sol diff --git a/docs/diagrams/onchain/paymaster.md b/docs/diagrams/onchain/paymaster.md new file mode 100644 index 0000000..3c85502 --- /dev/null +++ b/docs/diagrams/onchain/paymaster.md @@ -0,0 +1,32 @@ +# Use Spend Permissions as a Paymaster + +Using Spend Permissions as a Paymaster enables spending a recurring allowance on gas so that the spender does not need to have gas in their account to initiate a withdraw. Native token in excess of gas payment can be withdrawn simultaneously and withdrawing ERC-20s must be done with the explicit `withdraw` call in execution phase. + +```mermaid +sequenceDiagram + autonumber + participant E as Entrypoint + participant S as Spender + participant SP as Spend Permissions + participant U as Smart Wallet + + Note over E: Validation phase + E->>S: validateUserOp + E->>SP: validatePaymasterUserOp + SP->>U: execute(paymasterDeposit) + U->>SP: paymasterDeposit + SP->>E: deposit + Note over SP,E: Deposit required prefund + Note over E: Execution phase + E->>S: executeBatch + opt + S->>SP: withdrawGasExcess + SP->>S: call{value}() + end + E->>SP: postOp + opt + SP->>E: withdrawTo + E->>S: call{value}() + Note over E,S: Refund unused gas + end +``` diff --git a/docs/diagrams/onchain/withdraw.md b/docs/diagrams/onchain/withdraw.md new file mode 100644 index 0000000..2eb8b2c --- /dev/null +++ b/docs/diagrams/onchain/withdraw.md @@ -0,0 +1,28 @@ +# Withdraw from Spend Permissions + +The first time using a recurring allowance, the spender needs to pack an additional `permit` call before withdrawing to validate and store the approval. After a recurring allowance has been approved, the spender only needs to call `withdraw` to transfer tokens from the Smart Wallet. + +```mermaid +sequenceDiagram + autonumber + participant S as Spender + participant M as Spend Permissions + participant A as Smart Wallet + participant ERC20 + + opt + S->>M: permit(recurringAllowance, signature) + end + Note over M: validate signature and store approval + S->>M: withdraw(recurringAllowance, value) + Note over M: validate recurring allowance authorized
and withdraw value within allowance + M->>A: execute(target, value, data) + Note over M,A: transfer tokens + alt token is address(e) + A->>S: call{value}() + Note over A,S: transfer native token to spender + else else is ERC20 contract + A->>ERC20: transfer(spender, value) + Note over A,ERC20: transfer ERC20 to spender + end +``` diff --git a/script/Debug.s.sol b/script/Debug.s.sol index 60c1a04..50802a0 100644 --- a/script/Debug.s.sol +++ b/script/Debug.s.sol @@ -3,9 +3,12 @@ pragma solidity ^0.8.20; import {Script, console2} from "forge-std/Script.sol"; import {Strings} from "openzeppelin-contracts/contracts/utils/Strings.sol"; +import {CoinbaseSmartWallet} from "smart-wallet/CoinbaseSmartWallet.sol"; +import {CoinbaseSmartWalletFactory} from "smart-wallet/CoinbaseSmartWalletFactory.sol"; import {ECDSA} from "solady/utils/ECDSA.sol"; import {PermissionManager} from "../src/PermissionManager.sol"; +import {SpendPermissions} from "../src/SpendPermissions.sol"; import {PermissionCallableAllowedContractNativeTokenRecurringAllowance as PermissionContract} from "../src/permissions/PermissionCallableAllowedContractNativeTokenRecurringAllowance.sol"; @@ -15,50 +18,19 @@ contract Debug is Script { /// https://github.com/coinbase/magic-spend/releases/tag/v1.0.0 address public constant MAGIC_SPEND = 0x011A61C07DbF256A68256B1cB51A5e246730aB92; address public constant OWNER = 0x6EcB18183838265968039955F1E8829480Db5329; // dev wallet + address public constant OWNER_2 = 0x0BFc799dF7e440b7C88cC2454f12C58f8a29D986; // work wallet address public constant COSIGNER = 0xAda9897F517018cc51831B9691F0e94b50df50B8; // tmp private key address public constant CDP_PAYMASTER = 0xf5d253B62543C6Ef526309D497f619CeF95aD430; + address public constant FACTORY = 0x0BA5ED0c6AA8c49038F819E587E2633c4A9F428a; - // recent deploys - address public constant MANAGER = 0x384E8b4617886C7070ABd6037c4D5AbeC5B1d14d; - - PermissionManager permissionManager; - PermissionContract permissionContract; + address public constant ETHER = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE; function run() public { vm.startBroadcast(); - // debugCosignature(userOpHash, userOpCosignature); - debugBeforeCalls(); - vm.stopBroadcast(); } - function debugCosignature() public view { - bytes32 userOpHash = 0x41c969e7044df9a75d8b66d33641885b5eab3a03bb1cda2a6f1be720a40aaf44; - bytes memory userOpCosignature = - hex"d72c4bebbf8f8df9e05b5a8454c9a2c80f1391b6ba6f8692828e7b93baeedda87e5ec5229ace02083b44827764ace31fe6b393dcb84da0e257ca58f528683aa81b"; - address userOpCosigner = ECDSA.recover(userOpHash, userOpCosignature); - logAddress("userOpCosigner", userOpCosigner); - } - - function debugBeforeCalls() public pure { - bytes memory beforeCallsData = - hex"00000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ada9897f517018cc51831b9691f0e94b50df50b80000000000000000000000004233130972b43c51e25997cf21b6257a0049cb4c0000000000000000000000000000000000000000000000000000000000014a340000000000000000000000000000000000000000000000000000000066c6f0cf000000000000000000000000000000000000000000000000000000000000010000000000000000000000000008f955bc6665250c8ad546ba225b2352bc6cd1d5000000000000000000000000000000000000000000000000000000000000016000000000000000000000000098549c7a6513c20b66facad469b3d94a3b7b69920000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000004085dc1abbbf84ae03c6526396408436b558f6ee4f7ad1ccb59ab92277889fdae2cf772cb4cee4c8639e085b0ebb343d61955b153bb395fc83d0d2d47868040a1b00000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000066c59f4f0000000000000000000000000000000000000000000000000000000000015180000000000000000000000000000000000000000000000000016345785d8a00000000000000000000000000008af2fa0c32891f1b32a75422ed3c9a8b22951f2f00000000000000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000013d57997c1187dcd0d167796392154d6f311deaf8d0b476a6381cec32899f0ddf69c5728e6fe533a495bc7f505c979146eeeaac9c62937e588de87db169205c98000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000867b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22324e4c50375145334d324b7733484a454d6b376b705864766448355530726c786a7a36574b437837526373222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a33303035222c2263726f73734f726967696e223a66616c73657d0000000000000000000000000000000000000000000000000000"; - (, address paymaster, address cosigner) = - abi.decode(beforeCallsData, (PermissionManager.Permission, address, address)); - - logAddress("paymaster", paymaster); - logAddress("cosigner", cosigner); - } - - function deploy() internal { - // permissionManager = new PermissionManager{salt: 0}(OWNER, COSIGNER); - // logAddress("PermissionManager", address(permissionManager)); - - // permissionContract = new PermissionContract{salt: 0}(address(permissionManager)); - // logAddress("PermissionCallableAllowedContractNativeTokenRecurringAllowance", address(permissionContract)); - } - function logAddress(string memory name, address addr) internal pure { console2.logString(string.concat(name, ": ", Strings.toHexString(addr))); } diff --git a/script/Deploy.s.sol b/script/Deploy.s.sol index 6cbc906..bac6f60 100644 --- a/script/Deploy.s.sol +++ b/script/Deploy.s.sol @@ -5,6 +5,7 @@ import {Script, console2} from "forge-std/Script.sol"; import {Strings} from "openzeppelin-contracts/contracts/utils/Strings.sol"; import {PermissionManager} from "../src/PermissionManager.sol"; +import {SpendPermissions} from "../src/SpendPermissions.sol"; import {PermissionCallableAllowedContractNativeTokenRecurringAllowance as PermissionContract} from "../src/permissions/PermissionCallableAllowedContractNativeTokenRecurringAllowance.sol"; @@ -21,31 +22,18 @@ contract Deploy is Script { address public constant CDP_PAYMASTER = 0xC484bCD10aB8AD132843872DEb1a0AdC1473189c; // limiting paymaster address public constant CDP_PAYMASTER_PUBLIC = 0xf5d253B62543C6Ef526309D497f619CeF95aD430; // public - // recent deploys - // address public constant MANAGER = 0x384E8b4617886C7070ABd6037c4D5AbeC5B1d14d; - // address public constant MANAGER = 0xc81ff7b47839c957Afd1C9CFac82a94B0625550F; - PermissionManager permissionManager; PermissionContract permissionContract; function run() public { vm.startBroadcast(); - // permissionManager = PermissionManager(MANAGER); deploy(); - permissionManager.setPermissionContractEnabled(address(permissionContract), true); - vm.stopBroadcast(); } - function deploy() internal { - permissionManager = new PermissionManager{salt: 0}(OWNER, COSIGNER); - logAddress("PermissionManager", address(permissionManager)); - - permissionContract = new PermissionContract{salt: 0}(address(permissionManager), MAGIC_SPEND); - logAddress("PermissionContract", address(permissionContract)); - } + function deploy() internal {} function logAddress(string memory name, address addr) internal pure { console2.logString(string.concat(name, ": ", Strings.toHexString(addr))); diff --git a/src/EIP712.sol b/src/EIP712.sol new file mode 100644 index 0000000..567e98e --- /dev/null +++ b/src/EIP712.sol @@ -0,0 +1,80 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.4; + +/// @title EIP-712 +/// +/// @notice Abstract EIP-712 implementation. +abstract contract EIP712 { + /// @notice Returns information about the `EIP712Domain` used to create EIP-712 compliant hashes. + /// + /// @dev Follows ERC-5267 (see https://eips.ethereum.org/EIPS/eip-5267). + /// + /// @return fields The bitmap of used fields. + /// @return name The value of the `EIP712Domain.name` field. + /// @return version The value of the `EIP712Domain.version` field. + /// @return chainId The value of the `EIP712Domain.chainId` field. + /// @return verifyingContract The value of the `EIP712Domain.verifyingContract` field. + /// @return salt The value of the `EIP712Domain.salt` field. + /// @return extensions The list of EIP numbers, that extends EIP-712 with new domain fields. + function eip712Domain() + external + view + virtual + returns ( + bytes1 fields, + string memory name, + string memory version, + uint256 chainId, + address verifyingContract, + bytes32 salt, + uint256[] memory extensions + ) + { + fields = hex"0f"; // `0b1111`. + (name, version) = _domainNameAndVersion(); + chainId = block.chainid; + verifyingContract = address(this); + salt = salt; // `bytes32(0)`. + extensions = extensions; // `new uint256[](0)`. + } + + /// @notice Returns the EIP-712 typed hash of the `CoinbaseSmartWalletMessage(bytes32 hash)` data structure. + /// + /// @dev Implements encode(domainSeparator : 𝔹²⁵⁶, message : 𝕊) = "\x19\x01" || domainSeparator || + /// hashStruct(message). + /// @dev See https://eips.ethereum.org/EIPS/eip-712#specification. + /// + /// @param messageHash The hash of message values. + //// + /// @return The resulting EIP-712 hash. + function _eip712Hash(bytes32 messageHash) internal view virtual returns (bytes32) { + return keccak256(abi.encodePacked("\x19\x01", _domainSeparator(), messageHash)); + } + + /// @notice Returns the `domainSeparator` used to create EIP-712 compliant hashes. + /// + /// @dev Implements domainSeparator = hashStruct(eip712Domain). + /// See https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator. + /// + /// @return The 32 bytes domain separator result. + function _domainSeparator() internal view returns (bytes32) { + (string memory name, string memory version) = _domainNameAndVersion(); + return keccak256( + abi.encode( + keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), + keccak256(bytes(name)), + keccak256(bytes(version)), + block.chainid, + address(this) + ) + ); + } + + /// @notice Returns the domain name and version to use when creating EIP-712 signatures. + /// + /// @dev MUST be defined by the implementation. + /// + /// @return name The user readable name of signing domain. + /// @return version The current major version of the signing domain. + function _domainNameAndVersion() internal view virtual returns (string memory name, string memory version); +} diff --git a/src/SpendPermissions.sol b/src/SpendPermissions.sol new file mode 100644 index 0000000..b256ac1 --- /dev/null +++ b/src/SpendPermissions.sol @@ -0,0 +1,337 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {IERC1271} from "openzeppelin-contracts/contracts/interfaces/IERC1271.sol"; +import {IERC20} from "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol"; +import {CoinbaseSmartWallet} from "smart-wallet/CoinbaseSmartWallet.sol"; + +import {EIP712} from "./EIP712.sol"; + +/// @title SpendPermissions +/// +/// @notice Allow spending native and ERC20 tokens with a recurring allowance. +/// +/// @dev Allowance and spend values capped at uint160 ~ 1e48. +/// +/// @author Coinbase (https://github.com/coinbase/smart-wallet-permissions) +contract SpendPermissions is EIP712 { + /// @notice A recurring allowance for an external spender to withdraw an account's tokens. + struct RecurringAllowance { + /// @dev Smart account this recurring allowance is valid for. + address account; + /// @dev Entity that can spend user funds. + address spender; + /// @dev Token address (ERC-7528 ether address or ERC-20 contract). + address token; + /// @dev Timestamp this recurring allowance is valid after (unix seconds). + uint48 start; + /// @dev Timestamp this recurring allowance is valid until (unix seconds). + uint48 end; + /// @dev Time duration for resetting used allowance on a recurring basis (seconds). + uint48 period; + /// @dev Maximum allowed value to spend within a recurring cycle. + uint160 allowance; + } + + /// @notice Cycle parameters and spend usage. + struct CycleUsage { + /// @dev Start time of the cycle (unix seconds). + uint48 start; + /// @dev End time of the cycle (unix seconds). + uint48 end; + /// @dev Accumulated spend amount for cycle. + uint160 spend; + } + + /// @notice Hash of EIP-712 message type + bytes32 private constant _MESSAGE_TYPEHASH = keccak256( + "RecurringAllowance(address account,address spender,address token,uint48 start,uint48 end,uint48 period,uint160 allowance)" + ); + + /// @notice ERC-7528 address convention for ether (https://eips.ethereum.org/EIPS/eip-7528). + address public constant ETHER = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE; + + /// @notice Recurring allowance is revoked. + mapping(bytes32 hash => mapping(address account => bool revoked)) internal _isRevoked; + + /// @notice Recurring allowance is approved. + mapping(bytes32 hash => mapping(address account => bool approved)) internal _isApproved; + + /// @notice Last updated cycle for a recurring allowance. + mapping(bytes32 hash => mapping(address account => CycleUsage)) internal _lastUpdatedCycle; + + /// @notice Invalid sender for the external call. + /// + /// @param sender Expected sender to be valid. + error InvalidSender(address sender); + + /// @notice Unauthorized recurring allowance. + error UnauthorizedRecurringAllowance(); + + /// @notice Recurring cycle has not started yet. + /// + /// @param start Timestamp this recurring allowance is valid after (unix seconds). + error BeforeRecurringAllowanceStart(uint48 start); + + /// @notice Recurring cycle has not started yet. + /// + /// @param end Timestamp this recurring allowance is valid until (unix seconds). + error AfterRecurringAllowanceEnd(uint48 end); + + /// @notice Withdraw value exceeds max size of uint160. + /// + /// @param value Spend value that triggered overflow. + error WithdrawValueOverflow(uint256 value); + + /// @notice Spend value exceeds recurring allowance. + /// + /// @param value Spend value that exceeded allowance. + /// @param allowance Allowance value that was exceeded. + error ExceededRecurringAllowance(uint256 value, uint256 allowance); + + /// @notice RecurringAllowance was approved via transaction. + /// + /// @param hash The unique hash representing the recurring allowance. + /// @param account The smart contract account the recurring allowance controls. + /// @param recurringAllowance Details of the recurring allowance. + event RecurringAllowanceApproved( + bytes32 indexed hash, address indexed account, RecurringAllowance recurringAllowance + ); + + /// @notice RecurringAllowance was revoked prematurely by account. + /// + /// @param hash The unique hash representing the recurring allowance. + /// @param account The smart contract account the recurring allowance controlled. + /// @param recurringAllowance Details of the recurring allowance. + event RecurringAllowanceRevoked( + bytes32 indexed hash, address indexed account, RecurringAllowance recurringAllowance + ); + + /// @notice Register native token spend for a recurring allowance cycle. + /// + /// @param hash Hash of the recurring allowance. + /// @param account Account that spent native token via a recurring allowance. + /// @param token Account that spent native token via a recurring allowance. + /// @param newUsage Start and end of the current cycle with new spend usage (struct). + event RecurringAllowanceWithdrawn( + bytes32 indexed hash, address indexed account, address indexed token, CycleUsage newUsage + ); + + /// @notice Require a specific sender for an external call, + /// + /// @param sender Expected sender for call to be valid. + modifier requireSender(address sender) { + if (msg.sender != sender) revert InvalidSender(sender); + _; + } + + /// @notice Approve a recurring allowance via a direct call from the account. + /// + /// @dev Prevent phishing approvals by rejecting simulated transactions with the approval event. + /// + /// @param recurringAllowance Details of the recurring allowance. + function approve(RecurringAllowance calldata recurringAllowance) + external + requireSender(recurringAllowance.account) + { + _approve(recurringAllowance); + } + + /// @notice Revoke a recurring allowance to disable its use indefinitely. + /// + /// @param recurringAllowance Details of the recurring allowance. + function revoke(RecurringAllowance calldata recurringAllowance) + external + requireSender(recurringAllowance.account) + { + bytes32 hash = getHash(recurringAllowance); + _isRevoked[hash][recurringAllowance.account] = true; + emit RecurringAllowanceRevoked(hash, recurringAllowance.account, recurringAllowance); + } + + /// @notice Withdraw tokens using a recurring allowance and approval signature. + /// + /// @dev Convenience function for offchain preparation from apps that have an ERC-7715 permissions context. + /// + /// @param context Flat bytes value representing an approved recurring allowance. + /// @param recipient Address to withdraw tokens to. + /// @param value Amount of token attempting to withdraw (wei). + function withdraw(bytes calldata context, address recipient, uint160 value) external { + (RecurringAllowance memory recurringAllowance, bytes memory signature) = + abi.decode(context, (RecurringAllowance, bytes)); + permit(recurringAllowance, signature); + withdraw(recurringAllowance, recipient, value); + } + + /// @notice Approve a recurring allowance via a signature from the account. + /// + /// @param recurringAllowance Details of the recurring allowance. + /// @param signature Signed hash of the recurring allowance data. + function permit(RecurringAllowance memory recurringAllowance, bytes memory signature) public { + // validate signature over recurring allowance data + if ( + IERC1271(recurringAllowance.account).isValidSignature(getHash(recurringAllowance), signature) + != IERC1271.isValidSignature.selector + ) { + revert UnauthorizedRecurringAllowance(); + } + + _approve(recurringAllowance); + } + + /// @notice Withdraw tokens using a recurring allowance. + /// + /// @param recurringAllowance Details of the recurring allowance. + /// @param recipient Address to withdraw tokens to. + /// @param value Amount of token attempting to withdraw (wei). + function withdraw(RecurringAllowance memory recurringAllowance, address recipient, uint160 value) + public + requireSender(recurringAllowance.spender) + { + _useRecurringAllowance(recurringAllowance, value); + + // transfer tokens from account to recipient + if (recurringAllowance.token == ETHER) { + _execute({account: recurringAllowance.account, target: recipient, value: value, data: hex""}); + } else { + _execute({ + account: recurringAllowance.account, + target: recurringAllowance.token, + value: 0, + data: abi.encodeWithSelector(IERC20.transfer.selector, recipient, value) + }); + } + } + + /// @notice Hash a RecurringAllowance struct for signing. + /// + /// @dev Prevent phishing permits by making the hash incompatible with EIP-191/712. + /// @dev Include chainId and contract address in hash for cross-chain and cross-contract replay protection. + /// + /// @param recurringAllowance Details of the recurring allowance. + /// + /// @return hash Hash of the recurring allowance and replay protection parameters. + function getHash(RecurringAllowance memory recurringAllowance) public view returns (bytes32) { + return _eip712Hash(keccak256(abi.encode(_MESSAGE_TYPEHASH, recurringAllowance))); + } + + /// @notice Return if recurring allowance is authorized i.e. approved and not revoked. + /// + /// @param recurringAllowance Details of the recurring allowance. + /// + /// @return authorized True if recurring allowance is approved and not revoked. + function isAuthorized(RecurringAllowance memory recurringAllowance) public view returns (bool) { + bytes32 hash = getHash(recurringAllowance); + return !_isRevoked[hash][recurringAllowance.account] && _isApproved[hash][recurringAllowance.account]; + } + + /// @notice Get current cycle usage. + /// + /// @dev Reverts if recurring allowance has not started or has already ended. + /// @dev Cycle boundaries are at fixed intervals of [start + n * period, start + (n + 1) * period - 1]. + /// + /// @param recurringAllowance Details of the recurring allowance. + /// + /// @return currentCycle Currently active cycle with spend usage (struct). + function getCurrentCycle(RecurringAllowance memory recurringAllowance) public view returns (CycleUsage memory) { + // check current timestamp is within recurring allowance time range + uint48 currentTimestamp = uint48(block.timestamp); + if (currentTimestamp < recurringAllowance.start) { + revert BeforeRecurringAllowanceStart(recurringAllowance.start); + } else if (currentTimestamp > recurringAllowance.end) { + revert AfterRecurringAllowanceEnd(recurringAllowance.end); + } + + // return last cycle if still active, otherwise compute new active cycle start time with no spend + CycleUsage memory lastUpdatedCycle = _lastUpdatedCycle[getHash(recurringAllowance)][recurringAllowance.account]; + + // last cycle exists if spend is non-zero + bool lastCycleExists = lastUpdatedCycle.spend != 0; + + // last cycle still active if current timestamp within [start, end - 1] range. + bool lastCycleStillActive = + currentTimestamp < uint256(lastUpdatedCycle.start) + uint256(recurringAllowance.period); + + if (lastCycleExists && lastCycleStillActive) { + return lastUpdatedCycle; + } else { + // last active cycle does not exist or is outdated, determine current cycle + + // current cycle progress is remainder of time since first recurring cycle mod reset period + uint48 currentCycleProgress = (currentTimestamp - recurringAllowance.start) % recurringAllowance.period; + + // current cycle start is progress duration before current time + uint48 start = currentTimestamp - currentCycleProgress; + + // current cycle end will overflow if period is sufficiently large + bool endOverflow = uint256(start) + uint256(recurringAllowance.period) > type(uint48).max; + + // end is one period after start or maximum uint48 if overflow + uint48 end = endOverflow ? type(uint48).max : start + recurringAllowance.period; + + return CycleUsage({start: start, end: end, spend: 0}); + } + } + + /// @notice Approve recurring allowance. + /// + /// @param recurringAllowance Details of the recurring allowance. + function _approve(RecurringAllowance memory recurringAllowance) internal { + bytes32 hash = getHash(recurringAllowance); + _isApproved[hash][recurringAllowance.account] = true; + emit RecurringAllowanceApproved(hash, recurringAllowance.account, recurringAllowance); + } + + /// @notice Use a recurring allowance. + /// + /// @param recurringAllowance Details of the recurring allowance. + /// @param value Amount of token attempting to withdraw (wei). + function _useRecurringAllowance(RecurringAllowance memory recurringAllowance, uint160 value) internal { + // early return if no value spent + if (value == 0) return; + + // require recurring allowance is approved and not revoked + if (!isAuthorized(recurringAllowance)) revert UnauthorizedRecurringAllowance(); + + CycleUsage memory currentCycle = getCurrentCycle(recurringAllowance); + uint256 totalSpend = uint256(value) + uint256(currentCycle.spend); + + // check total spend value does not overflow max value + if (totalSpend > type(uint160).max) revert WithdrawValueOverflow(totalSpend); + + // check total spend value does not exceed recurring allowance + if (totalSpend > recurringAllowance.allowance) { + revert ExceededRecurringAllowance(totalSpend, recurringAllowance.allowance); + } + + bytes32 hash = getHash(recurringAllowance); + + // save new withdraw for active cycle + currentCycle.spend = uint160(totalSpend); + _lastUpdatedCycle[hash][recurringAllowance.account] = currentCycle; + emit RecurringAllowanceWithdrawn( + hash, + recurringAllowance.account, + recurringAllowance.token, + CycleUsage(currentCycle.start, currentCycle.end, uint160(value)) + ); + } + + /// @notice Execute a single call on an account. + /// + /// @param account Address of the user account. + /// @param target Address of the target contract. + /// @param value Amount of native token to send in call. + /// @param data Bytes data to send in call. + function _execute(address account, address target, uint256 value, bytes memory data) internal virtual { + CoinbaseSmartWallet(payable(account)).execute({target: target, value: value, data: data}); + } + + /// @notice Returns the domain name and version to use when creating EIP-712 signatures. + /// + /// @return name The user readable name of signing domain. + /// @return version The current major version of the signing domain. + function _domainNameAndVersion() internal pure override returns (string memory name, string memory version) { + return ("SpendPermissions", "1"); + } +} diff --git a/src/SpendPermissionsPaymaster.sol b/src/SpendPermissionsPaymaster.sol new file mode 100644 index 0000000..898ab36 --- /dev/null +++ b/src/SpendPermissionsPaymaster.sol @@ -0,0 +1,196 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {IEntryPoint} from "account-abstraction/interfaces/IEntryPoint.sol"; +import {IPaymaster} from "account-abstraction/interfaces/IPaymaster.sol"; +import {UserOperation} from "account-abstraction/interfaces/UserOperation.sol"; +import {Ownable} from "openzeppelin-contracts/contracts/access/Ownable.sol"; +import {Ownable2Step} from "openzeppelin-contracts/contracts/access/Ownable2Step.sol"; +import {CoinbaseSmartWallet} from "smart-wallet/CoinbaseSmartWallet.sol"; +import {SafeTransferLib} from "solady/utils/SafeTransferLib.sol"; + +import {SpendPermissions} from "./SpendPermissions.sol"; + +/// @title SpendPermissionsPaymaster +/// +/// @notice A recurring alowance mechanism for native and ERC-20 tokens for Coinbase Smart Wallet. +/// +/// @dev Supports withdrawing tokens through direct call or spending gas as an ERC-4337 Paymaster. +/// +/// @author Coinbase (https://github.com/coinbase/smart-wallet-permissions) +contract SpendPermissionsPaymaster is SpendPermissions, Ownable2Step, IPaymaster { + /// @notice Track the amount of native asset available to be withdrawn per user. + mapping(address user => uint256 amount) internal _withdrawable; + + /// @notice Thrown during validation in the context of ERC4337, when the withdraw request amount is insufficient + /// to sponsor the transaction gas. + /// + /// @param withdraw The withdraw request amount. + /// @param maxGasCost The max gas cost required by the Entrypoint. + error LessThanGasMaxCost(uint256 withdraw, uint256 maxGasCost); + + /// @notice Thrown when the withdraw request `asset` is not ETH (zero address). + /// + /// @param asset The requested asset. + error UnsupportedPaymasterAsset(address asset); + + /// @notice Thrown when trying to withdraw funds but nothing is available. + error NoExcess(); + + /// @notice Thrown when `postOp()` is called a second time with `PostOpMode.postOpReverted`. + /// + /// @dev This should only really occur if, for unknown reasons, the transfer of the withdrawable + /// funds to the user account failed (i.e. this contract's ETH balance is insufficient or + /// the user account refused the funds or ran out of gas on receive). + error UnexpectedPostOpRevertedMode(); + + /// @notice Constructor + /// + /// @param initialOwner address of the owner who can manage Entrypoint stake + constructor(address initialOwner) Ownable(initialOwner) {} + + /// @inheritdoc IPaymaster + function validatePaymasterUserOp(UserOperation calldata userOp, bytes32, uint256 maxGasCost) + external + requireSender(entryPoint()) + returns (bytes memory postOpContext, uint256 validationData) + { + // todo allow passing signature for first-time allowance use + (RecurringAllowance memory recurringAllowance, bytes memory signature, uint256 withdrawAmount) = + abi.decode(userOp.paymasterAndData[20:], (RecurringAllowance, bytes, uint256)); + + // require withdraw amount not less than max gas cost + if (withdrawAmount < maxGasCost) { + revert LessThanGasMaxCost(withdrawAmount, maxGasCost); + } + + // require recurring allowance token is ether + if (recurringAllowance.token != ETHER) { + revert UnsupportedPaymasterAsset(recurringAllowance.token); + } + + // require userOp sender is the recurring allowance spender + if (userOp.sender != recurringAllowance.spender) { + revert InvalidSender(userOp.sender); + } + + // apply permit if signature length non-zero + if (signature.length > 0) { + permit(recurringAllowance, signature); + } + + // check total spend value does not overflow max value + if (withdrawAmount > type(uint160).max) revert WithdrawValueOverflow(withdrawAmount); + + // use recurring allowance for withdraw amount + _useRecurringAllowance(recurringAllowance, uint160(withdrawAmount)); + + // pull funds from account into paymaster + _execute({ + account: recurringAllowance.account, + target: address(this), + value: withdrawAmount, + data: abi.encodeWithSelector(this.paymasterDeposit.selector, maxGasCost, userOp.sender) + }); + + postOpContext = abi.encode(maxGasCost, userOp.sender); + validationData = (uint256(recurringAllowance.end) << 160) | (uint256(recurringAllowance.start) << 208); + return (postOpContext, validationData); + } + + /// @notice Deposit native token into the paymaster for gas sponsorship. + /// + /// @dev Called within `this.validatePaymasterUserOp` execution. + /// @dev `this.validatePaymasterUserOp` enforces `msg.value` will always be greater than `entryPointPrefund`. + /// + /// @param entryPointPrefund Amount of native token to deposit into the Entrypoint for required prefund. + /// @param gasExcessRecipient Address to send native token in excess of gas cost to. + function paymasterDeposit(uint256 entryPointPrefund, address gasExcessRecipient) external payable { + if (msg.value < entryPointPrefund) revert LessThanGasMaxCost(msg.value, entryPointPrefund); + + // deposit into Entrypoint for required prefund + SafeTransferLib.safeTransferETH(entryPoint(), entryPointPrefund); + + // transfer withdraw amount exceeding gas cost to account + uint256 gasExcess = msg.value - entryPointPrefund; + if (gasExcess > 0) { + _withdrawable[gasExcessRecipient] += gasExcess; + } + } + + /// @notice Allows the sender to withdraw any available funds associated with their account. + /// + /// @dev Can be called back during the `UserOperation` execution to sponsor funds for non-gas related + /// use cases (e.g., swap or mint). + function withdrawGasExcess() external { + uint256 amount = _withdrawable[msg.sender]; + // we could allow 0 value transfers, but prefer to be explicit + if (amount == 0) revert NoExcess(); + + delete _withdrawable[msg.sender]; + SafeTransferLib.safeTransferETH(msg.sender, amount); + } + + /// @inheritdoc IPaymaster + function postOp(IPaymaster.PostOpMode mode, bytes calldata context, uint256 actualGasCost) + external + requireSender(entryPoint()) + { + // `PostOpMode.postOpReverted` should never happen. + // The flow here can only revert if there are > maxWithdrawDenominator + // withdraws in the same transaction, which should be highly unlikely. + // If the ETH transfer fails, the entire bundle will revert due an issue in the EntryPoint + // https://github.com/eth-infinitism/account-abstraction/pull/293 + if (mode == PostOpMode.postOpReverted) { + revert UnexpectedPostOpRevertedMode(); + } + + (uint256 maxGasCost, address payable account) = abi.decode(context, (uint256, address)); + + // Send unused gas to the user accout. + IEntryPoint(entryPoint()).withdrawTo(account, maxGasCost - actualGasCost); + + // Compute the total remaining funds available for the user accout. + uint256 withdrawable = _withdrawable[account]; + + // Send the all remaining funds to the user accout. + delete _withdrawable[account]; + if (withdrawable > 0) { + SafeTransferLib.forceSafeTransferETH(account, withdrawable, SafeTransferLib.GAS_STIPEND_NO_STORAGE_WRITES); + } + } + + /// @notice Adds stake to the EntryPoint. + /// + /// @dev Reverts if not called by the owner of the contract. Calling this while an unstake + /// is pending will first cancel the pending unstake. + /// + /// @param amount The amount to stake in the Entrypoint. + /// @param unstakeDelaySeconds The duration for which the stake cannot be withdrawn. Must be + /// equal to or greater than the current unstake delay. + function entryPointAddStake(uint256 amount, uint32 unstakeDelaySeconds) external payable onlyOwner { + IEntryPoint(entryPoint()).addStake{value: amount}(unstakeDelaySeconds); + } + + /// @notice Unlocks stake in the EntryPoint. + /// + /// @dev Reverts if not called by the owner of the contract. + function entryPointUnlockStake() external onlyOwner { + IEntryPoint(entryPoint()).unlockStake(); + } + + /// @notice Withdraws stake from the EntryPoint. + /// + /// @dev Reverts if not called by the owner of the contract. Only call this after the unstake delay + /// has passed since the last `entryPointUnlockStake` call. + /// + /// @param to The beneficiary address. + function entryPointWithdrawStake(address payable to) external onlyOwner { + IEntryPoint(entryPoint()).withdrawStake(to); + } + + /// @notice Returns the canonical ERC-4337 EntryPoint v0.6 contract. + function entryPoint() public pure returns (address) { + return 0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789; + } +} diff --git a/test/base/Static.sol b/test/base/Static.sol new file mode 100644 index 0000000..e2e2c8b --- /dev/null +++ b/test/base/Static.sol @@ -0,0 +1,8 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.21; + +library Static { + /// @dev 1-9-2023: cast code 0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789 --rpc-url https://goerli.base.org + bytes constant ENTRY_POINT_BYTES = + hex""; +} diff --git a/test/src/SpendPermissions/Debug.t.sol b/test/src/SpendPermissions/Debug.t.sol new file mode 100644 index 0000000..f1a3728 --- /dev/null +++ b/test/src/SpendPermissions/Debug.t.sol @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {Test, console2} from "forge-std/Test.sol"; + +import {SpendPermissions} from "../../../../src/SpendPermissions.sol"; + +import {Base} from "../../base/Base.sol"; + +contract DebugTest is Test, Base { + address public constant ETHER = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE; + + SpendPermissions spendPermissions; + + function setUp() public { + _initialize(); + + spendPermissions = new SpendPermissions(); + + vm.prank(owner); + account.addOwnerAddress(address(spendPermissions)); + } + + function test_approve() public { + SpendPermissions.RecurringAllowance memory recurringAllowance = _createRecurringAllowance(); + + vm.prank(address(account)); + spendPermissions.approve(recurringAllowance); + } + + function test_withdraw(address recipient) public { + SpendPermissions.RecurringAllowance memory recurringAllowance = _createRecurringAllowance(); + + vm.prank(address(account)); + spendPermissions.approve(recurringAllowance); + + vm.deal(address(account), 1 ether); + vm.prank(owner); + spendPermissions.withdraw(recurringAllowance, recipient, 1 ether / 2); + } + + function _createRecurringAllowance() internal view returns (SpendPermissions.RecurringAllowance memory) { + return SpendPermissions.RecurringAllowance({ + account: address(account), + spender: owner, + token: ETHER, + start: 0, + end: 1758791693, // 1 year from now + period: 86400, // 1 day + allowance: 1 ether + }); + } +} diff --git a/test/src/SpendPermissionsPaymaster/Debug.t.sol b/test/src/SpendPermissionsPaymaster/Debug.t.sol new file mode 100644 index 0000000..ddddeb7 --- /dev/null +++ b/test/src/SpendPermissionsPaymaster/Debug.t.sol @@ -0,0 +1,109 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {IPaymaster} from "account-abstraction/interfaces/IPaymaster.sol"; +import {UserOperation} from "account-abstraction/interfaces/UserOperation.sol"; +import {Test, console2} from "forge-std/Test.sol"; +import {IERC1271} from "openzeppelin-contracts/contracts/interfaces/IERC1271.sol"; + +import {SpendPermissions} from "../../../src/SpendPermissions.sol"; +import {SpendPermissionsPaymaster} from "../../../src/SpendPermissionsPaymaster.sol"; + +import {Base} from "../../base/Base.sol"; +import {Static} from "../../base/Static.sol"; + +contract DebugTest is Test, Base { + address constant ETHER = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE; + + SpendPermissionsPaymaster spendPermissions; + + function setUp() public { + _initialize(); + vm.etch(ENTRY_POINT_V06, Static.ENTRY_POINT_BYTES); + + spendPermissions = new SpendPermissionsPaymaster(owner); + + vm.prank(owner); + account.addOwnerAddress(address(spendPermissions)); + } + + function test_validatePaymasterUserOp_success(uint160 allowance, uint160 maxGasCost) public { + vm.assume(maxGasCost > 1e6); + vm.assume(maxGasCost < type(uint112).max); + vm.assume(allowance > maxGasCost); + + SpendPermissions.RecurringAllowance memory recurringAllowance = _createRecurringAllowance(); + recurringAllowance.allowance = allowance; + + UserOperation memory userOp = _createUserOperation(); + userOp.sender = recurringAllowance.spender; + userOp.callGasLimit = 1; + userOp.verificationGasLimit = 1; + userOp.preVerificationGas = 1; + userOp.maxFeePerGas = 1; + userOp.maxPriorityFeePerGas = 1; + + bytes32 hash = spendPermissions.getHash(recurringAllowance); + bytes32 replaySafeHash = account.replaySafeHash(hash); + bytes memory signature = _applySignatureWrapper(0, _sign(ownerPk, replaySafeHash)); + + vm.assertEq(account.isValidSignature(hash, signature), IERC1271.isValidSignature.selector); + + bytes memory paymasterData = abi.encode(recurringAllowance, signature, allowance); + + userOp.paymasterAndData = abi.encodePacked(address(spendPermissions), paymasterData); + + vm.deal(recurringAllowance.account, allowance); + vm.prank(ENTRY_POINT_V06); + (bytes memory postOpContext, uint256 validationData) = + spendPermissions.validatePaymasterUserOp(userOp, bytes32(0), maxGasCost); + + vm.assertEq(ENTRY_POINT_V06.balance, maxGasCost); + vm.assertEq(address(spendPermissions).balance, allowance - maxGasCost); + vm.assertEq(recurringAllowance.spender.balance, 0); + + vm.prank(ENTRY_POINT_V06); + spendPermissions.postOp(IPaymaster.PostOpMode.opSucceeded, postOpContext, maxGasCost - 1); + + vm.assertEq(recurringAllowance.spender.balance, allowance - maxGasCost + 1); + } + + function test_withdraw_success(uint160 allowance) public { + vm.assume(allowance > 0); + + SpendPermissions.RecurringAllowance memory recurringAllowance = _createRecurringAllowance(); + recurringAllowance.allowance = allowance; + + bytes32 hash = spendPermissions.getHash(recurringAllowance); + bytes32 replaySafeHash = account.replaySafeHash(hash); + bytes memory signature = _applySignatureWrapper(0, _sign(ownerPk, replaySafeHash)); + + vm.assertEq(account.isValidSignature(hash, signature), IERC1271.isValidSignature.selector); + + spendPermissions.permit(recurringAllowance, signature); + + vm.assertTrue(spendPermissions.isAuthorized(recurringAllowance)); + + vm.deal(recurringAllowance.account, allowance); + vm.prank(recurringAllowance.spender); + spendPermissions.withdraw(recurringAllowance, recurringAllowance.spender, 1); + + vm.assertEq(recurringAllowance.spender.balance, 1); + } + + function _createRecurringAllowance() + internal + view + returns (SpendPermissions.RecurringAllowance memory recurringAllowance) + { + recurringAllowance = SpendPermissions.RecurringAllowance({ + account: address(account), + spender: owner, + token: ETHER, + start: 0, + end: type(uint48).max, + period: type(uint48).max, + allowance: 0 + }); + } +}