feat: add native registry integration #101
Conversation
Aboudjem
requested review from
Aboudjem,
livingrockrises and
filmakarov
and removed request for
Aboudjem and
livingrockrises
contracts/Nexus.sol
Outdated
| @@ -306,6 +320,10 @@ contract Nexus is INexus, EIP712, BaseAccount, ExecutionHelper, ModuleManager, U | |||
| return _ACCOUNT_IMPLEMENTATION_ID; | |||
| } | |||
|
|
|||
| function setRegistry(IERC7484 newRegistry, address[] calldata attesters, uint8 threshold) external onlyEntryPointOrSelf { | |||
| _configureRegistry(newRegistry, attesters, threshold); | |||
There was a problem hiding this comment.
at which point SA is made to call
function trustAttesters(
uint8 threshold,
address[] memory attesters // deliberately using memory to allow sorting and uniquifying
)
?
That's an optional step with initcode approach we talked about right with specific factory when deploying the account?
There was a problem hiding this comment.
yes, this could be called during the initialization by the factory (eg see bootstrap) or after an account has been created already
contracts/base/RegistryAdapter.sol
Outdated
| IERC7484 _registry = registry; | ||
| if (address(_registry) != address(0)) { | ||
| // this will revert if attestations / threshold are not met | ||
| _registry.check(module, moduleType); |
There was a problem hiding this comment.
if we do this everytime through modifier
_checkRegistry
that means, we will always call check() function
and SA should have called trustAttestors before that?
There was a problem hiding this comment.
when could these be used?
function checkN(address module, address[] calldata attesters, uint256 threshold) external view;
function checkN(address module, uint256 moduleType, address[] calldata attesters, uint256 threshold) external view;
if we enshrine this current code
There was a problem hiding this comment.
yes thats right, the smart account should've set their trusted attesters before
There was a problem hiding this comment.
imo it makes more sense to store attesters in the registry since they can then also eg be used by a session key module to check sub-modules on the registry
| @@ -76,7 +97,7 @@ contract K1ValidatorFactory is Stakeable { | |||
|
|
|||
| // Create the validator configuration using the Bootstrap library | |||
| BootstrapConfig memory validator = BootstrapLib.createSingleConfig(K1_VALIDATOR, abi.encodePacked(eoaOwner)); | |||
| bytes memory initData = BOOTSTRAPPER.getInitNexusWithSingleValidatorCalldata(validator); | |||
| bytes memory initData = BOOTSTRAPPER.getInitNexusWithSingleValidatorCalldata(validator, REGISTRY, attesters, threshold); | |||
There was a problem hiding this comment.
this would set the registry and also add the attesters during bootstrap?
and we can pass 0 addresses for registry, array of address 0 for attesters and threshold also 0.
| error ZeroAddressNotAllowed(); | ||
|
|
||
| IERC7484 public immutable REGISTRY; | ||
| address[] public attesters; |
There was a problem hiding this comment.
this would maintain attesters here instead of calling trust attesters from the account?
There was a problem hiding this comment.
in this case, the factory has its own attesters but the users account will also call trust attesters if the registry provided is not address(0). so this factory behaves pretty much like the whitelist that was there before but the whitelist is in the registry using the attesters set by the owner of the factory
There was a problem hiding this comment.
initData in createAccount() allows attesters and threshold to be provided externally. how does it align with attesters and threshold (dynamic cause of ownable) stored in the contract's storage?
There was a problem hiding this comment.
So this specific factory will use the factory-native attesters to query the initial modules and then set trustAttesters with the user provided ones and from then on use this
contracts/base/RegistryAdapter.sol
Outdated
| abstract contract RegistryAdapter { | ||
| event ERC7484RegistryConfigured(IERC7484 indexed registry); | ||
|
|
||
| IERC7484 registry; |
There was a problem hiding this comment.
| IERC7484 registry; | |
| IERC7484 public registry; |
There was a problem hiding this comment.
can we also rename to moduleRegistry and add ERC7484 in natspecs
There was a problem hiding this comment.
yeah I havent added natspec yet but happy to add it
| } | ||
|
|
||
| function setThreshold(uint8 newThreshold) external onlyOwner { | ||
| threshold = newThreshold; |
There was a problem hiding this comment.
should check current array size
contracts/utils/Bootstrap.sol
Outdated
There was a problem hiding this comment.
yes. I think we can get our questions answered and get started with decided changes / intervene.
|
|
||
| /// @title Bootstrap | ||
| /// @notice Manages the installation of modules into Nexus smart accounts using delegatecalls. | ||
| contract Bootstrap is ModuleManager { |
There was a problem hiding this comment.
If we assume this will be used on all factories and part of Nexus, can we merge the RegistryAdapter into ModuleManager and move the state variable to Storage.sol?
There was a problem hiding this comment.
different contracts are good for separation of concern.
Bootstrap could be is ModuleManager, RegistryAdapter (keeping registry storage in adapter)
or maybe just moving storage to Storage.sol
| /// @param executors The configuration array for executor modules. | ||
| /// @param hook The configuration for the hook module. | ||
| /// @param fallbacks The configuration array for fallback handler modules. | ||
| function initNexus( |
There was a problem hiding this comment.
is it okay to have two kinds of methods here withRegistry and withoutRegistry
and similarly K1ValidatorFactory and K1ValidatorFactoryWithRegistry
if I use K1ValidatorFactoryWithRegistry with 0 addresses then it would unnecessarily increase gas. we can do comparison benchmark though @Aboudjem
| error ZeroAddressNotAllowed(); | ||
|
|
||
| IERC7484 public immutable REGISTRY; | ||
| address[] public attesters; |
There was a problem hiding this comment.
initData in createAccount() allows attesters and threshold to be provided externally. how does it align with attesters and threshold (dynamic cause of ownable) stored in the contract's storage?
livingrockrises
merged commit 14cfa4b
into
bcnmy:feature/native-registry
This adds an integration into ERC-7484 natively into the account. Users can use the account as is or with a Registry for higher default security.