From 255a2c9a95ca1c16b622fdb39a59528ea45fde74 Mon Sep 17 00:00:00 2001 From: howydev <132113803+howydev@users.noreply.github.com> Date: Fri, 9 Feb 2024 12:58:07 -0500 Subject: [PATCH 1/6] fix: improve session key gas estimation --- src/plugins/session/ISessionKeyPlugin.sol | 1 + src/plugins/session/SessionKeyPlugin.sol | 15 ++++++++---- .../SessionKeyERC20SpendLimits.t.sol | 2 +- .../permissions/SessionKeyGasLimits.t.sol | 12 +++++----- .../SessionKeyNativeTokenSpendLimits.t.sol | 12 +++++----- .../permissions/SessionKeyPermissions.t.sol | 23 +++++++++++-------- 6 files changed, 38 insertions(+), 27 deletions(-) diff --git a/src/plugins/session/ISessionKeyPlugin.sol b/src/plugins/session/ISessionKeyPlugin.sol index a5270dfd..b5cea3f3 100644 --- a/src/plugins/session/ISessionKeyPlugin.sol +++ b/src/plugins/session/ISessionKeyPlugin.sol @@ -77,6 +77,7 @@ interface ISessionKeyPlugin { error LengthMismatch(); error NativeTokenSpendLimitExceeded(address account, address sessionKey); error SessionKeyNotFound(address sessionKey); + error PermissionsCheckFailed(); // ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ // ┃ Execution functions ┃ diff --git a/src/plugins/session/SessionKeyPlugin.sol b/src/plugins/session/SessionKeyPlugin.sol index 0bdf7721..1c225c8e 100644 --- a/src/plugins/session/SessionKeyPlugin.sol +++ b/src/plugins/session/SessionKeyPlugin.sol @@ -35,7 +35,9 @@ import {Call, IStandardExecutor} from "../../interfaces/IStandardExecutor.sol"; import { AssociatedLinkedListSet, AssociatedLinkedListSetLib } from "../../libraries/AssociatedLinkedListSetLib.sol"; -import {SetValue, SENTINEL_VALUE, SIG_VALIDATION_FAILED} from "../../libraries/Constants.sol"; +import { + SetValue, SENTINEL_VALUE, SIG_VALIDATION_PASSED, SIG_VALIDATION_FAILED +} from "../../libraries/Constants.sol"; import {BasePlugin} from "../BasePlugin.sol"; import {ISessionKeyPlugin} from "./ISessionKeyPlugin.sol"; import {SessionKeyPermissions} from "./permissions/SessionKeyPermissions.sol"; @@ -183,10 +185,13 @@ contract SessionKeyPlugin is ISessionKeyPlugin, SessionKeyPermissions, BasePlugi (address recoveredSig, ECDSA.RecoverError err) = hash.tryRecover(userOp.signature); if (err == ECDSA.RecoverError.NoError) { - if ( - _sessionKeys.contains(msg.sender, CastLib.toSetValue(sessionKey)) && sessionKey == recoveredSig - ) { - return _checkUserOpPermissions(userOp, calls, sessionKey); + if (_sessionKeys.contains(msg.sender, CastLib.toSetValue(sessionKey))) { + uint256 validation = _checkUserOpPermissions(userOp, calls, sessionKey); + if (uint160(validation) > 0) { + revert PermissionsCheckFailed(); + } + return + validation | (sessionKey == recoveredSig ? SIG_VALIDATION_PASSED : SIG_VALIDATION_FAILED); } return SIG_VALIDATION_FAILED; } diff --git a/test/plugin/session/permissions/SessionKeyERC20SpendLimits.t.sol b/test/plugin/session/permissions/SessionKeyERC20SpendLimits.t.sol index c090aeda..8913667d 100644 --- a/test/plugin/session/permissions/SessionKeyERC20SpendLimits.t.sol +++ b/test/plugin/session/permissions/SessionKeyERC20SpendLimits.t.sol @@ -220,7 +220,7 @@ contract SessionKeyERC20SpendLimitsTest is Test { _runSessionKeyUserOp( calls, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); } diff --git a/test/plugin/session/permissions/SessionKeyGasLimits.t.sol b/test/plugin/session/permissions/SessionKeyGasLimits.t.sol index 1ead5e0a..c1d0d95a 100644 --- a/test/plugin/session/permissions/SessionKeyGasLimits.t.sol +++ b/test/plugin/session/permissions/SessionKeyGasLimits.t.sol @@ -166,7 +166,7 @@ contract SessionKeyGasLimitsTest is Test { 1, 200_000 wei, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); } @@ -206,7 +206,7 @@ contract SessionKeyGasLimitsTest is Test { 1_000 gwei, 0.6 ether, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); } @@ -223,7 +223,7 @@ contract SessionKeyGasLimitsTest is Test { 100_000, 300_000, 1_000 gwei, 0.4 ether, sessionKey1Private, uint256(nonceKey << 64) ); - vm.expectRevert(abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error")); + vm.expectRevert(abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)")); entryPoint.handleOps(userOps, beneficiary); } @@ -240,7 +240,7 @@ contract SessionKeyGasLimitsTest is Test { 2_000 gwei, 1.2 ether, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); } @@ -289,7 +289,7 @@ contract SessionKeyGasLimitsTest is Test { // Run the user ops // The second op (index 1) should be the one that fails signature validation. - vm.expectRevert(abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 1, "AA24 signature error")); + vm.expectRevert(abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 1, "AA23 reverted (or OOG)")); entryPoint.handleOps(userOps, beneficiary); // The lack of usage update should be reflected in the limits @@ -492,7 +492,7 @@ contract SessionKeyGasLimitsTest is Test { // actually usable. skip(1 days + 1 minutes); - vm.expectRevert(abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 2, "AA24 signature error")); + vm.expectRevert(abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 2, "AA23 reverted (or OOG)")); entryPoint.handleOps(userOps, beneficiary); } diff --git a/test/plugin/session/permissions/SessionKeyNativeTokenSpendLimits.t.sol b/test/plugin/session/permissions/SessionKeyNativeTokenSpendLimits.t.sol index 2c16762f..c0579cb9 100644 --- a/test/plugin/session/permissions/SessionKeyNativeTokenSpendLimits.t.sol +++ b/test/plugin/session/permissions/SessionKeyNativeTokenSpendLimits.t.sol @@ -187,7 +187,7 @@ contract SessionKeyNativeTokenSpendLimitsTest is Test { _runSessionKeyUserOp( calls, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); // Run a user op that spends 0 wei, should succeed @@ -233,7 +233,7 @@ contract SessionKeyNativeTokenSpendLimitsTest is Test { _runSessionKeyUserOp( calls, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); } @@ -258,7 +258,7 @@ contract SessionKeyNativeTokenSpendLimitsTest is Test { _runSessionKeyUserOp( calls, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); } @@ -302,7 +302,7 @@ contract SessionKeyNativeTokenSpendLimitsTest is Test { _runSessionKeyUserOp( calls, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); // Assert that the limit is NOT updated @@ -360,7 +360,7 @@ contract SessionKeyNativeTokenSpendLimitsTest is Test { _runSessionKeyUserOp( calls, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); // Assert that the limit is NOT updated @@ -702,7 +702,7 @@ contract SessionKeyNativeTokenSpendLimitsTest is Test { _runSessionKeyUserOp( calls, sessionKey1Private, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); // Assert that limits are NOT updated diff --git a/test/plugin/session/permissions/SessionKeyPermissions.t.sol b/test/plugin/session/permissions/SessionKeyPermissions.t.sol index a6aebfda..e2796076 100644 --- a/test/plugin/session/permissions/SessionKeyPermissions.t.sol +++ b/test/plugin/session/permissions/SessionKeyPermissions.t.sol @@ -139,7 +139,7 @@ contract SessionKeyPermissionsTest is Test { sessionKey1Private, abi.encodeCall(Counter.increment, ()), 0 wei, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); // Call should fail before removing the allowlist @@ -198,7 +198,7 @@ contract SessionKeyPermissionsTest is Test { sessionKey1Private, abi.encodeCall(Counter.increment, ()), 0 wei, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); assertEq(counter2.number(), 1); @@ -223,7 +223,7 @@ contract SessionKeyPermissionsTest is Test { sessionKey1Private, abi.encodeCall(Counter.increment, ()), 0 wei, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); assertEq(counter1.number(), 1); @@ -284,7 +284,7 @@ contract SessionKeyPermissionsTest is Test { sessionKey1Private, abi.encodeCall(Counter.setNumber, (5)), 0 wei, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); assertEq(counter1.number(), 2); @@ -314,7 +314,7 @@ contract SessionKeyPermissionsTest is Test { sessionKey1Private, abi.encodeCall(Counter.increment, ()), 0 wei, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); assertEq(counter1.number(), 1); @@ -328,8 +328,12 @@ contract SessionKeyPermissionsTest is Test { } function testFuzz_sessionKeyTimeRange(uint48 startTime, uint48 endTime) public { - bytes[] memory updates = new bytes[](1); + bytes[] memory updates = new bytes[](2); updates[0] = abi.encodeCall(ISessionKeyPermissionsUpdates.updateTimeRange, (startTime, endTime)); + updates[1] = abi.encodeCall( + ISessionKeyPermissionsUpdates.setAccessListType, + (ISessionKeyPlugin.ContractAccessControlType.ALLOW_ALL_ACCESS) + ); vm.prank(owner1); SessionKeyPlugin(address(account1)).updateKeyPermissions(sessionKey1, updates); @@ -504,15 +508,16 @@ contract SessionKeyPermissionsTest is Test { vm.prank(owner1); SessionKeyPlugin(address(account1)).updateKeyPermissions(sessionKey1, updates2); - vm.prank(address(entryPoint)); - validationData = account1.validateUserOp(userOp, userOpHash, 0); + vm.startPrank(address(entryPoint)); if (requiredPaymaster == providedPaymaster || requiredPaymaster == address(0)) { // Assert that validation passes + validationData = account1.validateUserOp(userOp, userOpHash, 0); assertEq(uint160(validationData), 0); } else { // Assert that validation fails - assertEq(uint160(validationData), 1); + vm.expectRevert(ISessionKeyPlugin.PermissionsCheckFailed.selector); + validationData = account1.validateUserOp(userOp, userOpHash, 0); } } From ea0c779f4149a553829c8b78442de91b1307ed5b Mon Sep 17 00:00:00 2001 From: howydev <132113803+howydev@users.noreply.github.com> Date: Fri, 9 Feb 2024 14:14:55 -0500 Subject: [PATCH 2/6] pr review fix --- src/plugins/session/SessionKeyPlugin.sol | 23 ++++++++++--------- .../SessionKeyPluginWithMultiOwner.t.sol | 9 ++++---- .../permissions/SessionKeyPermissions.t.sol | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/plugins/session/SessionKeyPlugin.sol b/src/plugins/session/SessionKeyPlugin.sol index 1c225c8e..bec370f2 100644 --- a/src/plugins/session/SessionKeyPlugin.sol +++ b/src/plugins/session/SessionKeyPlugin.sol @@ -184,18 +184,19 @@ contract SessionKeyPlugin is ISessionKeyPlugin, SessionKeyPermissions, BasePlugi bytes32 hash = userOpHash.toEthSignedMessageHash(); (address recoveredSig, ECDSA.RecoverError err) = hash.tryRecover(userOp.signature); - if (err == ECDSA.RecoverError.NoError) { - if (_sessionKeys.contains(msg.sender, CastLib.toSetValue(sessionKey))) { - uint256 validation = _checkUserOpPermissions(userOp, calls, sessionKey); - if (uint160(validation) > 0) { - revert PermissionsCheckFailed(); - } - return - validation | (sessionKey == recoveredSig ? SIG_VALIDATION_PASSED : SIG_VALIDATION_FAILED); - } - return SIG_VALIDATION_FAILED; + if (err != ECDSA.RecoverError.NoError) { + revert InvalidSignature(sessionKey); } - revert InvalidSignature(sessionKey); + + if (!_sessionKeys.contains(msg.sender, CastLib.toSetValue(sessionKey))) { + revert InvalidSignature(sessionKey); + } + + uint256 validation = _checkUserOpPermissions(userOp, calls, sessionKey); + if (uint160(validation) > 0) { + revert PermissionsCheckFailed(); + } + return validation | (sessionKey == recoveredSig ? SIG_VALIDATION_PASSED : SIG_VALIDATION_FAILED); } revert NotImplemented(msg.sig, functionId); } diff --git a/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol b/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol index b614c046..485605f2 100644 --- a/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol +++ b/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol @@ -372,7 +372,7 @@ contract SessionKeyPluginWithMultiOwnerTest is Test { assertEq(result, 0); } - function testFuzz_sessionKey_userOpValidation_mismathcedSig(uint8 sessionKeysSeed, uint64 signerSeed) public { + function testFuzz_sessionKey_userOpValidation_mismatchedSig(uint8 sessionKeysSeed, uint64 signerSeed) public { _createSessionKeys(sessionKeysSeed); (address signer, uint256 signerPrivate) = @@ -405,12 +405,11 @@ contract SessionKeyPluginWithMultiOwnerTest is Test { (uint8 v, bytes32 r, bytes32 s) = vm.sign(signerPrivate, userOpHash.toEthSignedMessageHash()); userOp.signature = abi.encodePacked(r, s, v); - vm.prank(address(account1)); - uint256 result = sessionKeyPlugin.userOpValidationFunction( + vm.startPrank(address(account1)); + vm.expectRevert(abi.encodeWithSelector(ISessionKeyPlugin.InvalidSignature.selector, signer)); + sessionKeyPlugin.userOpValidationFunction( uint8(ISessionKeyPlugin.FunctionId.USER_OP_VALIDATION_SESSION_KEY), userOp, userOpHash ); - - assertEq(result, 1); } function testFuzz_sessionKey_userOpValidation_invalidSig(uint8 sessionKeysSeed, uint64 signerSeed) public { diff --git a/test/plugin/session/permissions/SessionKeyPermissions.t.sol b/test/plugin/session/permissions/SessionKeyPermissions.t.sol index e2796076..4bd801c6 100644 --- a/test/plugin/session/permissions/SessionKeyPermissions.t.sol +++ b/test/plugin/session/permissions/SessionKeyPermissions.t.sol @@ -399,7 +399,7 @@ contract SessionKeyPermissionsTest is Test { sessionKey1Private, abi.encodeCall(Counter.increment, ()), 0 wei, - abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA24 signature error") + abi.encodeWithSelector(IEntryPoint.FailedOp.selector, 0, "AA23 reverted (or OOG)") ); // Attempting to use the new key should succeed From b3c4e88200c2dcd974a1243e7e4a769401cfb6cb Mon Sep 17 00:00:00 2001 From: howydev <132113803+howydev@users.noreply.github.com> Date: Fri, 9 Feb 2024 14:39:03 -0500 Subject: [PATCH 3/6] review fix --- src/plugins/session/ISessionKeyPlugin.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/session/ISessionKeyPlugin.sol b/src/plugins/session/ISessionKeyPlugin.sol index b5cea3f3..d2a76467 100644 --- a/src/plugins/session/ISessionKeyPlugin.sol +++ b/src/plugins/session/ISessionKeyPlugin.sol @@ -76,8 +76,8 @@ interface ISessionKeyPlugin { error InvalidToken(address token); error LengthMismatch(); error NativeTokenSpendLimitExceeded(address account, address sessionKey); - error SessionKeyNotFound(address sessionKey); error PermissionsCheckFailed(); + error SessionKeyNotFound(address sessionKey); // ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ // ┃ Execution functions ┃ From fd4b7219220bf1393b0a79c3f51280b846110365 Mon Sep 17 00:00:00 2001 From: howydev <132113803+howydev@users.noreply.github.com> Date: Mon, 12 Feb 2024 11:55:52 -0500 Subject: [PATCH 4/6] review fix --- src/plugins/session/SessionKeyPlugin.sol | 2 +- test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/plugins/session/SessionKeyPlugin.sol b/src/plugins/session/SessionKeyPlugin.sol index bec370f2..1ba0d7fa 100644 --- a/src/plugins/session/SessionKeyPlugin.sol +++ b/src/plugins/session/SessionKeyPlugin.sol @@ -189,7 +189,7 @@ contract SessionKeyPlugin is ISessionKeyPlugin, SessionKeyPermissions, BasePlugi } if (!_sessionKeys.contains(msg.sender, CastLib.toSetValue(sessionKey))) { - revert InvalidSignature(sessionKey); + revert PermissionsCheckFailed(); } uint256 validation = _checkUserOpPermissions(userOp, calls, sessionKey); diff --git a/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol b/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol index 485605f2..c832ee11 100644 --- a/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol +++ b/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol @@ -406,7 +406,7 @@ contract SessionKeyPluginWithMultiOwnerTest is Test { userOp.signature = abi.encodePacked(r, s, v); vm.startPrank(address(account1)); - vm.expectRevert(abi.encodeWithSelector(ISessionKeyPlugin.InvalidSignature.selector, signer)); + vm.expectRevert(ISessionKeyPlugin.PermissionsCheckFailed.selector); sessionKeyPlugin.userOpValidationFunction( uint8(ISessionKeyPlugin.FunctionId.USER_OP_VALIDATION_SESSION_KEY), userOp, userOpHash ); From 9e6002a263842aa0a66e8d8058ddb42aa154ed58 Mon Sep 17 00:00:00 2001 From: howydev <132113803+howydev@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:10:59 -0500 Subject: [PATCH 5/6] spearbit review fix --- src/plugins/session/SessionKeyPlugin.sol | 3 ++- src/plugins/session/permissions/SessionKeyPermissions.sol | 6 ++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/plugins/session/SessionKeyPlugin.sol b/src/plugins/session/SessionKeyPlugin.sol index 1ba0d7fa..a5fe0540 100644 --- a/src/plugins/session/SessionKeyPlugin.sol +++ b/src/plugins/session/SessionKeyPlugin.sol @@ -193,9 +193,10 @@ contract SessionKeyPlugin is ISessionKeyPlugin, SessionKeyPermissions, BasePlugi } uint256 validation = _checkUserOpPermissions(userOp, calls, sessionKey); - if (uint160(validation) > 0) { + if (uint160(validation) != uint160(SIG_VALIDATION_PASSED)) { revert PermissionsCheckFailed(); } + // return SIG_VALIDATION_FAILED on sig validation failure only, all other failure modes should revert return validation | (sessionKey == recoveredSig ? SIG_VALIDATION_PASSED : SIG_VALIDATION_FAILED); } revert NotImplemented(msg.sig, functionId); diff --git a/src/plugins/session/permissions/SessionKeyPermissions.sol b/src/plugins/session/permissions/SessionKeyPermissions.sol index f8a42ed0..3d47af48 100644 --- a/src/plugins/session/permissions/SessionKeyPermissions.sol +++ b/src/plugins/session/permissions/SessionKeyPermissions.sol @@ -140,10 +140,8 @@ abstract contract SessionKeyPermissions is ISessionKeyPlugin, SessionKeyPermissi address userOpPaymaster = address(bytes20(userOp.paymasterAndData)); validationSuccess = validationSuccess && (userOpPaymaster == sessionKeyData.requiredPaymaster); } - // Validation return data is 1 in the case of an invalid signature, - // otherwise a packed struct of the aggregator address (0 here), and two - // 6-byte timestamps indicating the start and end times at which the op - // is valid. + // A packed struct of the SIG_VALIDATION_PASSED or SIG_VALIDATION_FAILED, and two + // 6-byte timestamps indicating the start and end times at which the op is valid. return uint160(validationSuccess ? SIG_VALIDATION_PASSED : SIG_VALIDATION_FAILED) | (uint256(validUntil) << 160) | (uint256(currentValidAfter) << (208)); } From 94561503ae4eaeaac30adea82cb0219d38a7b088 Mon Sep 17 00:00:00 2001 From: howydev <132113803+howydev@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:13:15 -0500 Subject: [PATCH 6/6] review fix --- src/plugins/session/permissions/SessionKeyPermissions.sol | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/plugins/session/permissions/SessionKeyPermissions.sol b/src/plugins/session/permissions/SessionKeyPermissions.sol index 3d47af48..57cd17c8 100644 --- a/src/plugins/session/permissions/SessionKeyPermissions.sol +++ b/src/plugins/session/permissions/SessionKeyPermissions.sol @@ -140,10 +140,10 @@ abstract contract SessionKeyPermissions is ISessionKeyPlugin, SessionKeyPermissi address userOpPaymaster = address(bytes20(userOp.paymasterAndData)); validationSuccess = validationSuccess && (userOpPaymaster == sessionKeyData.requiredPaymaster); } - // A packed struct of the SIG_VALIDATION_PASSED or SIG_VALIDATION_FAILED, and two + // A packed struct of: SIG_VALIDATION_PASSED or SIG_VALIDATION_FAILED, and two // 6-byte timestamps indicating the start and end times at which the op is valid. return uint160(validationSuccess ? SIG_VALIDATION_PASSED : SIG_VALIDATION_FAILED) - | (uint256(validUntil) << 160) | (uint256(currentValidAfter) << (208)); + | (uint256(validUntil) << 160) | (uint256(currentValidAfter) << 208); } /// @dev Checks permissions on a per-call basis. Should be run during user op validation once per `Call` struct