From f9d4f0d48039a1fb1558521c98019661c4c69cc1 Mon Sep 17 00:00:00 2001 From: wshino Date: Thu, 4 Jul 2024 23:10:36 +0900 Subject: [PATCH 1/3] Update callling function name in DeployEmailRecoveryModuleScript. --- script/DeployEmailRecoveryModule.s.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/DeployEmailRecoveryModule.s.sol b/script/DeployEmailRecoveryModule.s.sol index 259d5fd0..bc0b55a2 100644 --- a/script/DeployEmailRecoveryModule.s.sol +++ b/script/DeployEmailRecoveryModule.s.sol @@ -58,7 +58,7 @@ contract DeployEmailRecoveryModuleScript is Script { type(EmailRecoverySubjectHandler).creationCode, dkimRegistry, validatorAddr, - bytes4(keccak256(bytes("changeOwner(address)"))) + bytes4(keccak256(bytes("resetOwners(bytes)"))) ); console.log("Deployed Email Recovery Module at", vm.toString(module)); From 81fd19dbd812275ab50bf0ed5593ad13519db2e2 Mon Sep 17 00:00:00 2001 From: wshino Date: Mon, 8 Jul 2024 08:23:30 +0200 Subject: [PATCH 2/3] Add FUNCTION_NAME into .env the deployer can override the call function name in DeployEmailRecoveryModule. --- .env.example | 7 +++++++ foundry.toml | 7 +++++++ script/DeployEmailRecoveryModule.s.sol | 17 ++++++++++++++--- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 03b8f8e7..6b3c5338 100644 --- a/.env.example +++ b/.env.example @@ -1,3 +1,10 @@ BASE_SEPOLIA_RPC_URL= PRIVATE_KEY= BASE_SCAN_API_KEY= +PRIVATE_KEY= +VERIFIER= +DKIM_REGISTRY= +SIGNER= +EMAIL_AUTH_IMPL= +VALIDATOR= +FUNCTION_NAME= # It's used to override the function name in DeployEmailRecoveryModule.s.sol \ No newline at end of file diff --git a/foundry.toml b/foundry.toml index 91fcb045..87db4252 100644 --- a/foundry.toml +++ b/foundry.toml @@ -10,6 +10,7 @@ libs = [ fs_permissions = [ { access = "read", path = "out-optimized" }, { access = "read-write", path = "gas_calculations" }, + { access = "read", path = "./zkout/ERC1967Proxy.sol/ERC1967Proxy.json" }, ] allow_paths = [ "*", @@ -21,6 +22,9 @@ ignored_warnings_from = [ "lib", ] +#libraries = ["{PROJECT_ROOT}/lib/ether-email-auth/packages/contracts/src/libraries/DecimalUtils.sol:DecimalUtils:0x91cc0f0a227b8dd56794f9391e8af48b40420a0b", "{PROJECT_ROOT}/lib/ether-email-auth/packages/contracts/src/libraries/SubjectUtils.sol:SubjectUtils:0x981e3df952358a57753c7b85de7949da4abcf54a"] +solc = "0.8.26" + [rpc_endpoints] sepolia = "${BASE_SEPOLIA_RPC_URL}" @@ -39,3 +43,6 @@ wrap_comments = true ignore = [ "./src/zksyncDeps/contracts/L2ContractHelper.sol", ] + +[profile.default.zksync] +zksolc = "1.5.0" \ No newline at end of file diff --git a/script/DeployEmailRecoveryModule.s.sol b/script/DeployEmailRecoveryModule.s.sol index bc0b55a2..ae3674b4 100644 --- a/script/DeployEmailRecoveryModule.s.sol +++ b/script/DeployEmailRecoveryModule.s.sol @@ -41,13 +41,24 @@ contract DeployEmailRecoveryModuleScript is Script { console.log("Deployed Ownable Validator at", validatorAddr); } - EmailRecoverySubjectHandler emailRecoveryHandler = new EmailRecoverySubjectHandler(); + { + EmailRecoverySubjectHandler emailRecoveryHandler = new EmailRecoverySubjectHandler(); + } address _factory = vm.envOr("RECOVERY_FACTORY", address(0)); if (_factory == address(0)) { _factory = address(new EmailRecoveryFactory(verifier, emailAuthImpl)); console.log("Deployed Email Recovery Factory at", _factory); } + + bytes4 functionSelector; + { + string memory functionName = vm.envOr("FUNCTION_NAME", string("changeOwner(address)")); + functionSelector = bytes4(keccak256(bytes(functionName))); + console.log("Function Name", functionName); + console.log("Function Selector"); + console.logBytes4(functionSelector); + } { EmailRecoveryFactory factory = EmailRecoveryFactory(_factory); (address module, address manager, address subjectHandler) = factory @@ -58,9 +69,9 @@ contract DeployEmailRecoveryModuleScript is Script { type(EmailRecoverySubjectHandler).creationCode, dkimRegistry, validatorAddr, - bytes4(keccak256(bytes("resetOwners(bytes)"))) + functionSelector ); - + console.log("Deployed Email Recovery Module at", vm.toString(module)); console.log("Deployed Email Recovery Manager at", vm.toString(manager)); console.log("Deployed Email Recovery Handler at", vm.toString(subjectHandler)); From 2d09d5e2bfde8c1ff9943340058b57cc501b2d80 Mon Sep 17 00:00:00 2001 From: wshino Date: Mon, 8 Jul 2024 08:35:52 +0200 Subject: [PATCH 3/3] Add deployment chapter into README.md. --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8389f9b2..ee6a8cc6 100644 --- a/README.md +++ b/README.md @@ -156,4 +156,11 @@ The `recover()` function on the module holds the core logic for the module. It d `completeRecovery()` calls into the account specific recovery module and can call executeFromExecutor to execute the account specific recovery logic. ## Threat model -Importantly this contract offers the functonality to recover an account via email in a scenario where a private key has been lost. This contract does NOT provide an adequate mechanism to protect an account from a stolen private key by a malicious actor. This attack vector requires a holistic approach to security that takes specific implementation details of an account into consideration. For example, adding additional access control when cancelling recovery to prevent a malicious actor stopping recovery attempts, and adding spending limits to prevent account draining. This contract is designed to be extended to take these additional considerations into account, but does not provide them by default. \ No newline at end of file +Importantly this contract offers the functonality to recover an account via email in a scenario where a private key has been lost. This contract does NOT provide an adequate mechanism to protect an account from a stolen private key by a malicious actor. This attack vector requires a holistic approach to security that takes specific implementation details of an account into consideration. For example, adding additional access control when cancelling recovery to prevent a malicious actor stopping recovery attempts, and adding spending limits to prevent account draining. This contract is designed to be extended to take these additional considerations into account, but does not provide them by default. + +# Deployment + +``` +source .env +forge script script/DeployEmailRecoveryModule.s.sol:DeployEmailRecoveryModuleScript --rpc-url $BASE_SEPOLIA_RPC_URL --etherscan-api-key $BASE_SCAN_API_KEY --verify --broadcast -vvvv +```