Skip to content

feat: make replaySafeHash wrapping optional with validation option #353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dancoombs wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

feat: make replaySafeHash wrapping optional with validation option #353

dancoombs wants to merge 1 commit into from

Conversation

@dancoombs
Copy link
Collaborator

@dancoombs dancoombs commented Dec 18, 2025

Motivation

Solution

@dancoombs dancoombs changed the base branch from danc/skip-replay-hash-module-domain to develop December 19, 2025 00:48
@dancoombs dancoombs force-pushed the danc/skip-replay-hash-moduleentity branch from 6198497 to f07232d Compare December 19, 2025 00:52
@github-actions
Copy link

github-actions bot commented Dec 19, 2025
edited
Loading

Contract sizes:

 | Contract                     | Runtime Size (B) | Initcode Size (B) | Runtime Margin (B) | Initcode Margin (B) |
 |------------------------------|------------------|-------------------|--------------------|---------------------|
 | AccountFactory               | 6,604            | 7,161             | 17,972             | 41,991              |
 | Address                      | 16               | 44                | 24,560             | 49,108              |
 | AllowlistModule              | 10,148           | 10,174            | 14,428             | 38,978              |
 | Base64                       | 16               | 44                | 24,560             | 49,108              |
 | Create2                      | 16               | 44                | 24,560             | 49,108              |
 | ECDSA                        | 16               | 44                | 24,560             | 49,108              |
 | ERC165Checker                | 16               | 44                | 24,560             | 49,108              |
 | ERC1967Utils                 | 16               | 44                | 24,560             | 49,108              |
 | ExecutionInstallDelegate     | 5,835            | 5,880             | 18,741             | 43,272              |
 | FCL_Elliptic_ZZ              | 16               | 44                | 24,560             | 49,108              |
 | FCL_ecdsa                    | 16               | 44                | 24,560             | 49,108              |
 | Math                         | 16               | 44                | 24,560             | 49,108              |
 | MessageHashUtils             | 16               | 44                | 24,560             | 49,108              |
-| ModularAccount               | 22,935           | 23,323            | 1,641              | 25,829              |
+| ModularAccount               | 23,310           | 23,698            | 1,266              | 25,454              |
 | NativeTokenLimitModule       | 4,917            | 4,943             | 19,659             | 44,209              |
 | PaymasterGuardModule         | 2,028            | 2,054             | 22,548             | 47,098              |
 | SafeERC20                    | 16               | 44                | 24,560             | 49,108              |
-| SemiModularAccount7702       | 23,336           | 23,717            | 1,240              | 25,435              |
-| SemiModularAccountBytecode   | 23,812           | 24,200            | 764                | 24,952              |
+| SemiModularAccount7702       | 23,426           | 23,807            | 1,150              | 25,345              |
+| SemiModularAccountBytecode   | 23,902           | 24,290            | 674                | 24,862              |
 | SignatureChecker             | 16               | 44                | 24,560             | 49,108              |
 | SignedMath                   | 16               | 44                | 24,560             | 49,108              |
-| SingleSignerValidationModule | 3,853            | 3,879             | 20,723             | 45,273              |
+| SingleSignerValidationModule | 3,564            | 3,590             | 21,012             | 45,562              |
 | StorageSlot                  | 16               | 44                | 24,560             | 49,108              |
 | Strings                      | 16               | 44                | 24,560             | 49,108              |
 | TimeRangeModule              | 2,435            | 2,461             | 22,141             | 46,691              |
 | WebAuthn                     | 16               | 44                | 24,560             | 49,108              |
-| WebAuthnValidationModule     | 9,277            | 9,303             | 15,299             | 39,849              |
+| WebAuthnValidationModule     | 8,979            | 9,005             | 15,597             | 40,147              |

Code coverage:

File % Lines % Statements % Branches % Funcs
src/account/AccountBase.sol 100.00% (12/12) 100.00% (7/7) 100.00% (2/2) 100.00% (4/4)
src/account/AccountStorageInitializable.sol 100.00% (21/21) 100.00% (26/26) 100.00% (5/5) 100.00% (2/2)
src/account/ModularAccount.sol 100.00% (6/6) 100.00% (6/6) 100.00% (0/0) 100.00% (3/3)
src/account/ModularAccountBase.sol 99.13% (342/345) 96.63% (373/386) 77.97% (46/59) 100.00% (38/38)
src/account/ModularAccountView.sol 100.00% (32/32) 100.00% (31/31) 100.00% (3/3) 100.00% (5/5)
src/account/ModuleManagerInternals.sol 94.03% (63/67) 95.06% (77/81) 63.64% (7/11) 100.00% (4/4)
src/account/SemiModularAccount7702.sol 0.00% (0/9) 0.00% (0/6) 0.00% (0/1) 0.00% (0/3)
src/account/SemiModularAccountBase.sol 89.19% (66/74) 91.11% (82/90) 62.50% (10/16) 100.00% (14/14)
src/account/SemiModularAccountBytecode.sol 100.00% (8/8) 100.00% (7/7) 100.00% (1/1) 100.00% (2/2)
src/account/SemiModularAccountStorageOnly.sol 55.56% (5/9) 50.00% (5/10) 100.00% (0/0) 33.33% (1/3)
src/account/TokenReceiver.sol 33.33% (2/6) 33.33% (1/3) 100.00% (0/0) 33.33% (1/3)
src/factory/AccountFactory.sol 81.43% (57/70) 89.04% (65/73) 70.00% (7/10) 62.50% (10/16)
src/helpers/ExecutionInstallDelegate.sol 89.39% (59/66) 89.47% (68/76) 25.00% (2/8) 100.00% (7/7)
src/libraries/ExecutionLib.sol 99.66% (297/298) 98.89% (268/271) 90.91% (30/33) 100.00% (24/24)
src/libraries/KnownSelectorsLib.sol 100.00% (18/18) 100.00% (34/34) 100.00% (0/0) 100.00% (2/2)
src/libraries/LinkedListSetLib.sol 95.52% (64/67) 95.12% (78/82) 62.50% (5/8) 100.00% (8/8)
src/libraries/MemManagementLib.sol 100.00% (66/66) 100.00% (70/70) 100.00% (0/0) 100.00% (12/12)
src/libraries/ModuleInstallCommonsLib.sol 64.71% (11/17) 61.54% (8/13) 62.50% (5/8) 100.00% (3/3)
src/libraries/ValidationLocatorLib.sol 72.22% (78/108) 73.20% (71/97) 47.83% (11/23) 86.36% (19/22)
src/modules/ModuleBase.sol 76.92% (20/26) 73.08% (19/26) 66.67% (2/3) 100.00% (4/4)
src/modules/permissions/AllowlistModule.sol 80.19% (85/106) 86.21% (100/116) 79.17% (19/24) 50.00% (9/18)
src/modules/permissions/NativeTokenLimitModule.sol 82.76% (48/58) 87.10% (54/62) 92.31% (12/13) 66.67% (8/12)
src/modules/permissions/PaymasterGuardModule.sol 75.00% (15/20) 77.78% (14/18) 33.33% (1/3) 71.43% (5/7)
src/modules/permissions/TimeRangeModule.sol 88.46% (23/26) 84.62% (22/26) 100.00% (5/5) 87.50% (7/8)
src/modules/validation/SingleSignerValidationModule.sol 82.50% (33/40) 81.08% (30/37) 62.50% (5/8) 90.00% (9/10)
src/modules/validation/WebAuthnValidationModule.sol 62.50% (20/32) 64.00% (16/25) 100.00% (3/3) 60.00% (6/10)
Total 90.29% (1451/1607) 91.24% (1532/1679) 73.28% (181/247) 84.84% (207/244)

@dancoombs dancoombs force-pushed the danc/skip-replay-hash-moduleentity branch 3 times, most recently from 6456bba to 9100d2b Compare December 19, 2025 03:10
@dancoombs dancoombs force-pushed the danc/skip-replay-hash-moduleentity branch from 9100d2b to 3feddad Compare December 19, 2025 03:24
@dancoombs dancoombs marked this pull request as ready for review December 19, 2025 03:27
@dancoombs dancoombs changed the title Use module entity for domain hash salt feat: make replaySafeHash wrapping optional with validation option Dec 19, 2025
adamegyed
adamegyed approved these changes Dec 19, 2025
View reviewed changes
Copy link
Contributor

@adamegyed adamegyed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, had one callout / design decision note

src/account/ModularAccountBase.sol
/// enforcing the domain separator, which includes this contract's address, the chainId, and the validation
/// module & entity id. This is only relevant for 1271 validation because UserOp validation relies on the UO
/// hash and the Entrypoint has safeguards.
function replaySafeHash(bytes32 hash, ModuleEntity validationModuleEntity) public view returns (bytes32) {
Copy link
Contributor

@adamegyed adamegyed Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making this public will increase bytecode size, and isn't strictly necessary (plus, doing an eth_call during txn prep is usually slow and requires implementation knowledge anyways.

But, this would make it easier to debug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@adamegyed adamegyed adamegyed approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dancoombs @adamegyed