fix: [S7] don't return exec hooks in getExecutionData for native functions that don't execute msg.sig-based hooks

[jaypaik]

Address potential inconsistencies in ModularAccountView.getExecutionData if a module with execution hooks on native functions that DO NOT use the wrapNativeFunction modifier is installed. Native functions without wrapNativeFunction do not run msg.sig-based execution hooks. Since we allow installations of modules that clash with native function selectors, it is probably best to give a consistent view of what will actually be executed via our ModularAccountView functions.

This PR also includes some refactoring to simplify things, as well as addresses some other consistency issues.

1. Adds initializeWithValidation to the native function checks for ModularAccount.
2. Adds initialize to the native function checks for SemiModularAccountStorageOnly.
3. Adds entryPoint() as a native function check.
4. Update comment on wrapNativeFunction to include all native functions that have the modifier applied within ModularAccountBase.
5. Removes unnecessary overriding of _globalValidationAllowed within SemiModularAccountBase. _isGlobalValidationAllowedNativeFunction which is overridden there handles it.
6. Updated _isGlobalValidationAllowedNativeFunction to take uint32 instead of bytes4 for consistency and codesize.

[octane-security-app]

Summary by Octane

New Contracts

No new contracts were added in this PR.

Updated Contracts

• ModularAccount.sol: Added _isNativeFunction override to include initializeWithValidation as a native function.
• ModularAccountBase.sol: The smart contract now includes validation management with new functions for installing/uninstalling validations and updates to fallback signer data management.
• ModularAccountView.sol: Enhanced native function handling, added execution hooks, global validation checks modified.
• SemiModularAccountBase.sol: Removed global validation allowance for a specific selector and added a wrapped native function check.
• SemiModularAccountStorageOnly.sol: Added override to _isNativeFunction to include the initialize function selector as native.
• NativeFunctionDelegate.sol: The smart contract now checks for AccountBase methods instead of IAccount methods in function selection logic.

---

🔗 Commit Hash: 48bb15a

[jaypaik]

• chore: update licenses #308
• refactor: remove NativeFunctionDelegate #302
• fix: [S7] don't return exec hooks in getExecutionData for native functions that don't execute msg.sig-based hooks #300 👈 (View in Graphite)
• develop

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Contract sizes:

 | Contract                      | Runtime Size (B) | Initcode Size (B) | Runtime Margin (B) | Initcode Margin (B) |
 |-------------------------------|------------------|-------------------|--------------------|---------------------|
 | AccountFactory                |            6,121 |             6,595 |             18,455 |              42,557 |
 | AllowlistModule               |            9,602 |             9,629 |             14,974 |              39,523 |
 | ExecutionInstallDelegate      |            5,947 |             5,993 |             18,629 |              43,159 |
-| ModularAccount                |           22,274 |            23,309 |              2,302 |              25,843 |
-| NativeFunctionDelegate        |              539 |               566 |             24,037 |              48,586 |
+| ModularAccount                |           22,022 |            23,078 |              2,554 |              26,074 |
+| NativeFunctionDelegate        |              560 |               587 |             24,016 |              48,565 |
 | NativeTokenLimitModule        |            4,583 |             4,610 |             19,993 |              44,542 |
 | PaymasterGuardModule          |            1,845 |             1,872 |             22,731 |              47,280 |
-| SemiModularAccount7702        |           23,465 |            24,493 |              1,111 |              24,659 |
-| SemiModularAccountBytecode    |           23,947 |            24,982 |                629 |              24,170 |
-| SemiModularAccountStorageOnly |           24,419 |            25,454 |                157 |              23,698 |
+| SemiModularAccount7702        |           23,120 |            24,169 |              1,456 |              24,983 |
+| SemiModularAccountBytecode    |           23,602 |            24,658 |                974 |              24,494 |
+| SemiModularAccountStorageOnly |           24,095 |            25,151 |                481 |              24,001 |
 | SingleSignerValidationModule  |            3,646 |             3,673 |             20,930 |              45,479 |
 | TimeRangeModule               |            2,223 |             2,250 |             22,353 |              46,902 |
 | WebAuthnValidationModule      |            7,854 |             7,881 |             16,722 |              41,271 |

Code coverage:

File	% Lines	% Statements	% Branches	% Funcs
src/account/AccountBase.sol	100.00% (8/8)	100.00% (7/7)	100.00% (2/2)	100.00% (4/4)
src/account/AccountStorageInitializable.sol	100.00% (19/19)	100.00% (26/26)	100.00% (5/5)	100.00% (2/2)
src/account/ModularAccount.sol	100.00% (3/3)	100.00% (6/6)	100.00% (0/0)	100.00% (3/3)
src/account/ModularAccountBase.sol	98.98% (290/293)	96.23% (357/371)	77.59% (45/58)	97.30% (36/37)
src/account/ModularAccountView.sol	100.00% (30/30)	100.00% (35/35)	100.00% (3/3)	100.00% (6/6)
src/account/ModuleManagerInternals.sol	93.94% (62/66)	95.24% (80/84)	63.64% (7/11)	100.00% (4/4)
src/account/SemiModularAccount7702.sol	0.00% (0/6)	0.00% (0/6)	0.00% (0/1)	0.00% (0/3)
src/account/SemiModularAccountBase.sol	88.24% (60/68)	91.84% (90/98)	64.71% (11/17)	100.00% (16/16)
src/account/SemiModularAccountBytecode.sol	100.00% (6/6)	100.00% (7/7)	100.00% (1/1)	100.00% (2/2)
src/account/SemiModularAccountStorageOnly.sol	66.67% (4/6)	50.00% (5/10)	100.00% (0/0)	33.33% (1/3)
src/account/TokenReceiver.sol	33.33% (1/3)	33.33% (1/3)	100.00% (0/0)	33.33% (1/3)
src/factory/AccountFactory.sol	84.78% (39/46)	87.10% (54/62)	50.00% (3/6)	62.50% (10/16)
src/helpers/ExecutionInstallDelegate.sol	88.14% (52/59)	89.47% (68/76)	25.00% (2/8)	100.00% (7/7)
src/helpers/NativeFunctionDelegate.sol	100.00% (22/22)	100.00% (42/42)	100.00% (0/0)	100.00% (1/1)
src/libraries/ExecutionLib.sol	99.64% (276/277)	98.89% (268/271)	90.91% (30/33)	100.00% (24/24)
src/libraries/KnownSelectorsLib.sol	100.00% (16/16)	100.00% (34/34)	100.00% (0/0)	100.00% (2/2)
src/libraries/LinkedListSetLib.sol	94.00% (47/50)	96.25% (77/80)	66.67% (4/6)	100.00% (8/8)
src/libraries/MemManagementLib.sol	100.00% (54/54)	100.00% (70/70)	100.00% (0/0)	100.00% (12/12)
src/libraries/ModuleInstallCommonsLib.sol	57.14% (8/14)	42.11% (8/19)	75.00% (3/4)	100.00% (3/3)
src/libraries/ValidationLocatorLib.sol	65.48% (55/84)	70.97% (66/93)	45.83% (11/24)	85.00% (17/20)
src/modules/ModuleBase.sol	100.00% (13/13)	94.12% (16/17)	100.00% (2/2)	100.00% (3/3)
src/modules/permissions/AllowlistModule.sol	86.21% (75/87)	85.84% (97/113)	78.26% (18/23)	50.00% (9/18)
src/modules/permissions/NativeTokenLimitModule.sol	89.13% (41/46)	90.48% (57/63)	100.00% (13/13)	66.67% (8/12)
src/modules/permissions/PaymasterGuardModule.sol	83.33% (10/12)	82.35% (14/17)	66.67% (2/3)	71.43% (5/7)
src/modules/permissions/TimeRangeModule.sol	89.47% (17/19)	85.71% (24/28)	100.00% (5/5)	87.50% (7/8)
src/modules/validation/SingleSignerValidationModule.sol	92.00% (23/25)	81.58% (31/38)	62.50% (5/8)	90.00% (9/10)
src/modules/validation/WebAuthnValidationModule.sol	61.11% (11/18)	66.67% (18/27)	100.00% (3/3)	60.00% (6/10)
Total	92.00% (1242/1350)	91.49% (1558/1703)	74.15% (175/236)	84.43% (206/244)

[octane-security-app]

Overview

Vulnerabilities found:	7

Detailed findings

src/account/ModularAccountBase.sol

• Review potential Denial of Service issue that is exposed in the executeWithRuntimeValidation function
• Review potential Denial of Service issue that is exposed in the upgradeToAndCall function
• Review potential Denial of Service issue that is exposed in the uninstallValidation function
• Review potential Denial of Service issue that is exposed in the __fallback__ function
• Review potential Incorrectly Payable issue that is exposed in the executeWithRuntimeValidation function
• Review potential Reentrancy issue that is exposed in the uninstallValidation function
• Review potential Reentrancy issue that is exposed in the __fallback__ function

---

🔗 Commit Hash: 48bb15a
🛡️ Octane Dashboard: All vulnerabilities

[jaypaik]

Merge activity

• Nov 24, 10:28 PM EST: A user started a stack merge that includes this pull request via Graphite.
• Nov 24, 10:30 PM EST: A user merged this pull request with Graphite.

[0xrubes]

Overall lgtm. I do want to note that we can still technically install execution hooks that won't end up being invoked, so execution hooks on native functions with _isWrappedNativeFunction() == false. It might be worth adding as one additional check in installExecution(), but it might also not be worth the hassle/gas costs.