Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: accountstorage coverage, natspec, storage root derivation #246

Merged
merged 2 commits into from
Oct 15, 2024
Merged

fix: accountstorage coverage, natspec, storage root derivation #246

merged 2 commits into from
Oct 15, 2024

Conversation

adamegyed
Copy link
Contributor

Motivation

Cleanup pass on AccountStorage.sol and AccountStorageInitializable.sol.

Solution

Expand and clarify natspec.

Test an edge case for the disableInitializers logic (impossible to reach in MA/SMA code).

Update the derivation of the storage root. Previously, we were not actually using ERC-7201, and the hash calculation was wrong. Both of those are now corrected, and the derivation matches the pattern used in MAv1, but with the major version number increased to 2.

@adamegyed adamegyed requested a review from a team October 15, 2024 19:49
@octane-security-app Octane Security App
Copy link

octane-security-app bot commented Oct 15, 2024
edited
Loading

Summary by Octane

New Contracts

No new contracts were added in this PR.

Updated Contracts

  • AccountStorage.sol: Updated storage structure, enhanced documentation, new validation data structure, improved runtime validation, and nonce tracking for actions.
  • AccountStorageInitializable.sol: Added custom storage layout to initialization, modified logic from OpenZeppelin v5.0 for initialization control.
  • MockDiamondStorageContract.sol: Added badDisableInitializers function to prevent disabling initializers during initialization.

🔗 Commit Hash: b9a7366

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 15, 2024
edited
Loading

Contract sizes:

| Contract                      | Size (B) | Margin (B) |
|-------------------------------|----------|------------|
| AccountFactory                |    4,814 |     19,762 |
| AllowlistModule               |    9,230 |     15,346 |
| ECDSAValidationModule         |    3,646 |     20,930 |
| ModularAccount                |   25,655 |     -1,079 |
| NativeTokenLimitModule        |    4,714 |     19,862 |
| PaymasterGuardModule          |    1,797 |     22,779 |
| SemiModularAccountBytecode    |   27,553 |     -2,977 |
| SemiModularAccountStorageOnly |   28,071 |     -3,495 |
| TimeRangeModule               |    2,000 |     22,576 |
| WebauthnValidationModule      |    7,854 |     16,722 |

Code coverage:

File % Lines % Statements % Branches % Funcs
src/account/AccountStorageInitializable.sol 100.00% (19/19) 100.00% (26/26) 100.00% (5/5) 100.00% (2/2)
src/account/BaseAccount.sol 87.50% (7/8) 85.71% (6/7) 50.00% (1/2) 100.00% (4/4)
src/account/ModularAccount.sol 100.00% (1/1) 100.00% (1/1) 100.00% (0/0) 100.00% (2/2)
src/account/ModularAccountBase.sol 95.39% (290/304) 93.51% (360/385) 67.80% (40/59) 100.00% (38/38)
src/account/ModularAccountView.sol 100.00% (26/26) 100.00% (33/33) 100.00% (2/2) 100.00% (2/2)
src/account/ModuleManagerInternals.sol 88.10% (111/126) 86.83% (145/167) 50.00% (8/16) 100.00% (12/12)
src/account/SemiModularAccountBase.sol 87.69% (57/65) 91.21% (83/91) 66.67% (10/15) 94.74% (18/19)
src/account/SemiModularAccountBytecode.sol 100.00% (5/5) 100.00% (6/6) 100.00% (1/1) 50.00% (1/2)
src/account/SemiModularAccountStorageOnly.sol 100.00% (4/4) 100.00% (5/5) 100.00% (0/0) 100.00% (2/2)
src/account/TokenReceiver.sol 33.33% (1/3) 33.33% (1/3) 100.00% (0/0) 33.33% (1/3)
src/factory/AccountFactory.sol 70.59% (24/34) 76.09% (35/46) 40.00% (2/5) 58.33% (7/12)
src/libraries/ExecutionLib.sol 98.39% (244/248) 97.18% (241/248) 88.00% (22/25) 100.00% (22/22)
src/libraries/KnownSelectorsLib.sol 100.00% (29/29) 100.00% (64/64) 100.00% (0/0) 100.00% (3/3)
src/libraries/LinkedListSetLib.sol 94.00% (47/50) 96.25% (77/80) 66.67% (4/6) 100.00% (8/8)
src/libraries/MemManagementLib.sol 100.00% (54/54) 100.00% (70/70) 100.00% (0/0) 100.00% (12/12)
src/libraries/SemiModularKnownSelectorsLib.sol 100.00% (6/6) 100.00% (12/12) 100.00% (0/0) 100.00% (1/1)
src/modules/BaseModule.sol 100.00% (13/13) 94.12% (16/17) 100.00% (2/2) 100.00% (3/3)
src/modules/permissions/AllowlistModule.sol 86.05% (74/86) 85.71% (96/112) 78.26% (18/23) 50.00% (9/18)
src/modules/permissions/NativeTokenLimitModule.sol 87.80% (36/41) 89.66% (52/58) 88.89% (8/9) 54.55% (6/11)
src/modules/permissions/PaymasterGuardModule.sol 80.00% (8/10) 66.67% (10/15) 100.00% (2/2) 57.14% (4/7)
src/modules/permissions/TimeRangeModule.sol 83.33% (10/12) 80.00% (16/20) 100.00% (1/1) 75.00% (6/8)
src/modules/validation/ECDSAValidationModule.sol 92.00% (23/25) 81.58% (31/38) 62.50% (5/8) 90.00% (9/10)
src/modules/validation/WebauthnValidationModule.sol 61.11% (11/18) 66.67% (18/27) 100.00% (3/3) 60.00% (6/10)
Total 92.67% (1100/1187) 91.70% (1404/1531) 72.83% (134/184) 84.36% (178/211)

jaypaik
jaypaik reviewed Oct 15, 2024
View reviewed changes
src/account/AccountStorage.sol Outdated
bytes32 constant _ACCOUNT_STORAGE_SLOT = 0xc531f081ecdb5a90f38c197521797881a6e5c752a7d451780f325a95f8b91f45;
// ERC-7201 derived storage slot.
// keccak256(abi.encode(uint256(keccak256("Alchemy.ModularAccount.Storage_V2")) - 1)) & ~bytes32(uint256(0xff))
bytes32 constant _ACCOUNT_STORAGE_SLOT = 0x596912a710dec01bac203cb0ed2c7e56a2ce6b2a68276967fff6dd57561bdd00;

// Represents data associated with a specifc function selector.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we natspec this? I think foundry picks it up

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, updating

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I meant this line (also a typo)

Suggested change
// Represents data associated with a specifc function selector.
/// @dev Represents data associated with a specific function selector.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed!

@octane-security-app Octane Security App
Copy link

octane-security-app bot commented Oct 15, 2024
edited
Loading

Overview

Octane AI analysis has finished. No vulnerabilities were found. Cheers! 🎉🎉🎉

🔗 Commit Hash: b9a7366

@adamegyed adamegyed force-pushed the adam/accountstorage-fixes branch from 4225666 to b9a7366 Compare October 15, 2024 20:38
@adamegyed adamegyed merged commit 7c8d013 into develop Oct 15, 2024
6 checks passed
@adamegyed adamegyed deleted the adam/accountstorage-fixes branch October 15, 2024 20:54
howydev pushed a commit that referenced this pull request Oct 16, 2024
@adamegyed @howydev
fix: accountstorage coverage, natspec, storage root derivation (#246)
b6256e1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaypaik jaypaik jaypaik approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamegyed @jaypaik