New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ERC: Modular Accounts with Delegated Validation #170
base: master
Are you sure you want to change the base?
Changes from all commits
2648468
e92faf5
ab430f4
5e7c062
b0c5986
f561a3b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||
---|---|---|---|---|
@@ -0,0 +1,100 @@ | ||||
--- | ||||
eip: 7582 | ||||
title: Modular Accounts with Delegated Validation | ||||
description: Extends ERC-4337 interface with nonce-based plugins | ||||
author: Shivanshi Tyagi (@nerderlyne), Ross Campbell (@z0r0z) | ||||
discussions-to: https://ethereum-magicians.org/t/erc-7582-modular-accounts-with-delegated-validation/17640 | ||||
status: Draft | ||||
type: Standards Track | ||||
category: ERC | ||||
created: 2023-12-25 | ||||
requires: 4337 | ||||
--- | ||||
|
||||
Check failure on line 13 in ERCS/erc-7582.md GitHub Actions / EIP Walidatorbody is missing section(s): `Rationale`
|
||||
## Abstract | ||||
|
||||
This proposal standardizes a method for adding plugins and composable logic to smart contract accounts built on existing interfaces like [ERC-4337](./eip-4337.md) (e.g., ERC-4337's `IAccount`). Specifically, by formalizing how applications can use the ERC-4337 Entry Point `NonceManager` and the emission of the `IEntryPoint` `UserOperationEvent` to account for plugin interactions, as well, as how to extract designated validators (in this case, by means of `IAccount`'s `validateUserOp`), accounts can specify how they call plugin contracts and grant special executory access for more advanced operations. Furthermore, this minimalist plugin approach is developer-friendly and complimentary to existing account abstraction standards by not requiring any additional functions for contracts that follow the `IAccount` interface (itself minimalist in only specifying one function, `validateUserOp`). | ||||
|
||||
## Motivation | ||||
|
||||
Smart contract accounts (contract accounts) are a powerful tool for managing digital assets and executing transactions by allowing users to program their interactions with blockchains. However, they are often limited in their functionality and flexibility without sufficient consensus around secure abstraction designs (albeit, the adoption of ERC-4337 is the preferred path of this proposal). For example, contract accounts are often unable to support social recovery, payment schedules, and other features that are common in traditional financial systems without efficient and predictable schemes to delegate execution and other access rights to approximate the UX of custodial and more specialized applications. | ||||
|
||||
Account abstraction standards like ERC-4337 have achieved simplification of many core contract account concerns such as transaction fee payments, but to fully leverage the expressive capability of these systems to accomplish user intents, simple methods to delegate contract account access and validation to other contracts would aid their UX and extend the benefits of centering operations around the Entry Point. | ||||
|
||||
While the `IAccount` interface from ERC-4337 does not specify a way to add custom validation logic to contract accounts to support plugins and similar extensions without upgrades or migrations, it nevertheless contains sufficient information to do so efficiently. This proposal therefore offers a method for adding plugins and other composable validation logic to smart contract accounts built on existing interfaces with singleton nonce-tracking like ERC-4337's `IAccount` and `NonceManager`. | ||||
|
||||
## Specification | ||||
|
||||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. | ||||
|
||||
![diagram showing basic 7582 flow](../assets/eip-7582/base-flow.svg) | ||||
|
||||
We leverage the key in ERC-4337 semi-abstracted nonce as the pointer to `validator` address. If a non-sequential key (`>type(uint64).max`) is used as an ERC-4337 Entry Point `UserOperation` (userOp) `nonce`, the `validateUserOp` function in the `sender` contract account MUST extract the validator contract address paired to this key from storage. If the validator contract address is found (i.e., no null return), the ERC7582 contract account MUST forward the userOp calldata to the validator. This calldata SHOULD be the entire userOp. In response to this delegated validation, the validator contract MUST return the ERC-4337 `validationData`, and the ERC7582 `sender` account MUST return this as the `validationData` to the Entry Point. | ||||
Check failure on line 32 in ERCS/erc-7582.md GitHub Actions / EIP Walidatorproposals must be referenced with the form `ERC-N` (not `ERCN` or `ERC N`)
Check failure on line 32 in ERCS/erc-7582.md GitHub Actions / EIP Walidatorproposals must be referenced with the form `ERC-N` (not `ERCN` or `ERC N`)
|
||||
|
||||
In all of the above validation steps, the validator contract MUST respect the ERC-4337 Entry Point conventions. Note, that while validator key data might be included elsewhere in a `UserOperation` to achieve similar contract account modularity, for example, by packing this data into the `signature` field, this proposal opts to repurpose `nonce` for this pointer to minimize calldata costs and to benefit from the EntryPoint's `getNonce` accounting, as well as the discoverability of user plugin interactions in the `UserOperationEvent` which exposes `nonce` but not other userOp data. | ||||
|
||||
ERC-4337 references: | ||||
|
||||
[UserOperation](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/interfaces/UserOperation.sol): | ||||
Check failure on line 38 in ERCS/erc-7582.md GitHub Actions / EIP Walidatornon-relative link or image
|
||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please refer to the ERC-4337 definition and not to an external repository. |
||||
|
||||
```solidity | ||||
struct UserOperation { | ||||
address sender; /*contract account*/ | ||||
uint256 nonce; /*validator data*/ | ||||
bytes initCode; | ||||
bytes callData; | ||||
uint256 callGasLimit; | ||||
uint256 verificationGasLimit; | ||||
uint256 preVerificationGas; | ||||
uint256 maxFeePerGas; | ||||
uint256 maxPriorityFeePerGas; | ||||
bytes paymasterAndData; | ||||
bytes signature; | ||||
} | ||||
``` | ||||
|
||||
[`IAccount`](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/interfaces/IAccount.sol): | ||||
Check failure on line 56 in ERCS/erc-7582.md GitHub Actions / EIP Walidatornon-relative link or image
|
||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please refer to the definition in ERC-4337 and not to an external repository. |
||||
|
||||
```solidity | ||||
function validateUserOp( | ||||
UserOperation calldata userOp, /*userOp.nonce: validator data*/ | ||||
bytes32 userOpHash, | ||||
uint256 missingAccountFunds | ||||
) external returns (uint256 validationData); | ||||
``` | ||||
|
||||
[`IEntryPoint`](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/interfaces/IEntryPoint.sol): | ||||
Check failure on line 66 in ERCS/erc-7582.md GitHub Actions / EIP Walidatornon-relative link or image
|
||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please refer to the definition in ERC-4337 and not to an external repository. |
||||
|
||||
```solidity | ||||
event UserOperationEvent( | ||||
bytes32 indexed userOpHash, | ||||
address indexed sender, | ||||
address indexed paymaster, | ||||
uint256 nonce, /*validator data*/ | ||||
bool success, | ||||
uint256 actualGasCost, | ||||
uint256 actualGasUsed | ||||
); | ||||
``` | ||||
|
||||
[NonceManager](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/core/NonceManager.sol) | ||||
Check failure on line 80 in ERCS/erc-7582.md GitHub Actions / EIP Walidatornon-relative link or image
|
||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please move the interface definition into this proposal, and remove this link. Note that EIPs should only describe the externally visible behaviour of a contract, and not define any implementation details. |
||||
|
||||
```solidity | ||||
function getNonce(address sender, uint192 key /*validator data*/) external view returns (uint256 nonce); | ||||
``` | ||||
|
||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You'll need a Rationale section, where you explain any technical decisions you've made within your proposal. |
||||
## Backwards Compatibility | ||||
|
||||
No backward compatibility issues found. | ||||
|
||||
## Reference Implementation | ||||
|
||||
See `https://github.com/NaniDAO/7582-account` | ||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You'll either need to add your reference implementation into your
Suggested change
|
||||
|
||||
## Security Considerations | ||||
|
||||
As this proposal introduces no new functions and leaves implementation of the validator extraction method and approval logic open to developers, the surface for security issues is intentionally kept small. Nevertheless, specific validator use cases require further discussion and consideration of the overall ERC-4337 verification flow and its underlying security. | ||||
|
||||
## Copyright | ||||
|
||||
Copyright and related rights waived via [CC0](../LICENSE.md). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We prefer not self-referencing the current document by number if possible. Instead use "this proposal" or similar.
In this particular case, you could define a term for compliant contracts (maybe "MADV contracts"?) and use that throughout.