Fix AccountPermsissions tracking of signers (#407)

* rename account factory callbacks

* Create IAccountCore

* pkg update

* call _afterChangeRole in changeRole

* replace delete with loop remove for EnumerableSet

* add test for changeRole

* fix setRoleRestrictions

Author: nkrishang

contracts/dynamic-contracts/extension/AccountPermissions.sol

@@ -58,20 +58,28 @@ abstract contract AccountPermissions is IAccountPermissions, EIP712 {
 
     /// @notice Sets the restrictions for a given role.
     function setRoleRestrictions(RoleRestrictions calldata _restrictions) external virtual onlyAdmin {
-        require(_restrictions.role != bytes32(0), "AccountPermissions: role cannot be empty");
+        bytes32 role = _restrictions.role;
+
+        require(role != bytes32(0), "AccountPermissions: role cannot be empty");
 
         AccountPermissionsStorage.Data storage data = AccountPermissionsStorage.accountPermissionsStorage();
-        data.roleRestrictions[_restrictions.role] = RoleStatic(
-            _restrictions.role,
+        data.roleRestrictions[role] = RoleStatic(
+            role,
             _restrictions.maxValuePerTransaction,
             _restrictions.startTimestamp,
             _restrictions.endTimestamp
         );
 
+        address[] memory currentTargets = data.approvedTargets[role].values();
+        uint256 currentLen = currentTargets.length;
+
+        for (uint256 i = 0; i < currentLen; i += 1) {
+            data.approvedTargets[role].remove(currentTargets[i]);
+        }
+
         uint256 len = _restrictions.approvedTargets.length;
-        delete data.approvedTargets[_restrictions.role];
-        for (uint256 i = 0; i < len; i++) {
-            data.approvedTargets[_restrictions.role].add(_restrictions.approvedTargets[i]);
+        for (uint256 i = 0; i < len; i += 1) {
+            data.approvedTargets[role].add(_restrictions.approvedTargets[i]);
         }
 
         emit RoleUpdated(_restrictions.role, _restrictions);
@@ -101,6 +109,8 @@ abstract contract AccountPermissions is IAccountPermissions, EIP712 {
         }
 
         emit RoleAssignment(_req.role, _req.target, signer, _req);
+
+        _afterChangeRole(_req);
     }
 
     /*///////////////////////////////////////////////////////////////

contracts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@thirdweb-dev/contracts",
   "description": "Collection of smart contracts deployable via the thirdweb SDK, dashboard and CLI",
-  "version": "3.5.6",
+  "version": "3.5.7-0",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",

contracts/smart-wallet/interfaces/IAccountCore.sol

@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: Apache 2.0
+pragma solidity ^0.8.12;
+
+import "./IAccount.sol";
+import "../../extension/interface/IAccountPermissions.sol";
+import "../../extension/interface/IMulticall.sol";
+
+interface IAccountCore is IAccount, IAccountPermissions, IMulticall {
+    /// @dev Returns the address of the factory from which the account was created.
+    function factory() external view returns (address);
+}

contracts/smart-wallet/utils/AccountCore.sol

@@ -19,6 +19,8 @@ import "./BaseAccountFactory.sol";
 import "../non-upgradeable/Account.sol";
 import "../../openzeppelin-presets/utils/cryptography/ECDSA.sol";
 
+import "../interfaces/IAccountCore.sol";
+
 //   $$\     $$\       $$\                 $$\                         $$\
 //   $$ |    $$ |      \__|                $$ |                        $$ |
 // $$$$$$\   $$$$$$$\  $$\  $$$$$$\   $$$$$$$ |$$\  $$\  $$\  $$$$$$\  $$$$$$$\
@@ -28,7 +30,7 @@ import "../../openzeppelin-presets/utils/cryptography/ECDSA.sol";
 //   \$$$$  |$$ |  $$ |$$ |$$ |      \$$$$$$$ |\$$$$$\$$$$  |\$$$$$$$\ $$$$$$$  |
 //    \____/ \__|  \__|\__|\__|       \_______| \_____\____/  \_______|\_______/
 
-contract AccountCore is Initializable, Multicall, BaseAccount, ERC1271, AccountPermissions {
+contract AccountCore is IAccountCore, Initializable, Multicall, BaseAccount, ERC1271, AccountPermissions {
     using ECDSA for bytes32;
     using EnumerableSet for EnumerableSet.AddressSet;
 

docs/IAccountCore.md

@@ -0,0 +1,296 @@
+# IAccountCore
+
+
+
+
+
+
+
+
+
+## Methods
+
+### changeRole
+
+```solidity
+function changeRole(IAccountPermissions.RoleRequest req, bytes signature) external nonpayable
+```
+
+
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| req | IAccountPermissions.RoleRequest | undefined |
+| signature | bytes | undefined |
+
+### factory
+
+```solidity
+function factory() external view returns (address)
+```
+
+
+
+*Returns the address of the factory from which the account was created.*
+
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| _0 | address | undefined |
+
+### getAllRoleMembers
+
+```solidity
+function getAllRoleMembers(bytes32 role) external view returns (address[] members)
+```
+
+Returns all accounts that have a role.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| role | bytes32 | undefined |
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| members | address[] | undefined |
+
+### getRoleRestrictions
+
+```solidity
+function getRoleRestrictions(bytes32 role) external view returns (struct IAccountPermissions.RoleRestrictions restrictions)
+```
+
+Returns the role restrictions for a given role.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| role | bytes32 | undefined |
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| restrictions | IAccountPermissions.RoleRestrictions | undefined |
+
+### getRoleRestrictionsForAccount
+
+```solidity
+function getRoleRestrictionsForAccount(address account) external view returns (struct IAccountPermissions.RoleRestrictions role)
+```
+
+Returns the role held by a given account along with its restrictions.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| account | address | undefined |
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| role | IAccountPermissions.RoleRestrictions | undefined |
+
+### isAdmin
+
+```solidity
+function isAdmin(address account) external view returns (bool)
+```
+
+Returns whether the given account is an admin.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| account | address | undefined |
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| _0 | bool | undefined |
+
+### multicall
+
+```solidity
+function multicall(bytes[] data) external nonpayable returns (bytes[] results)
+```
+
+
+
+*Receives and executes a batch of function calls on this contract.*
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| data | bytes[] | undefined |
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| results | bytes[] | undefined |
+
+### setAdmin
+
+```solidity
+function setAdmin(address account, bool isAdmin) external nonpayable
+```
+
+Adds / removes an account as an admin.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| account | address | undefined |
+| isAdmin | bool | undefined |
+
+### setRoleRestrictions
+
+```solidity
+function setRoleRestrictions(IAccountPermissions.RoleRestrictions role) external nonpayable
+```
+
+
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| role | IAccountPermissions.RoleRestrictions | undefined |
+
+### validateUserOp
+
+```solidity
+function validateUserOp(UserOperation userOp, bytes32 userOpHash, uint256 missingAccountFunds) external nonpayable returns (uint256 validationData)
+```
+
+
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| userOp | UserOperation | undefined |
+| userOpHash | bytes32 | undefined |
+| missingAccountFunds | uint256 | undefined |
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| validationData | uint256 | undefined |
+
+### verifyRoleRequest
+
+```solidity
+function verifyRoleRequest(IAccountPermissions.RoleRequest req, bytes signature) external view returns (bool success, address signer)
+```
+
+
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| req | IAccountPermissions.RoleRequest | undefined |
+| signature | bytes | undefined |
+
+#### Returns
+
+| Name | Type | Description |
+|---|---|---|
+| success | bool | undefined |
+| signer | address | undefined |
+
+
+
+## Events
+
+### AdminUpdated
+
+```solidity
+event AdminUpdated(address indexed account, bool isAdmin)
+```
+
+Emitted when an admin is set or removed.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| account `indexed` | address | undefined |
+| isAdmin  | bool | undefined |
+
+### RoleAssignment
+
+```solidity
+event RoleAssignment(bytes32 indexed role, address indexed account, address indexed signer, IAccountPermissions.RoleRequest request)
+```
+
+Emitted when a role is granted / revoked by an authorized party.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| role `indexed` | bytes32 | undefined |
+| account `indexed` | address | undefined |
+| signer `indexed` | address | undefined |
+| request  | IAccountPermissions.RoleRequest | undefined |
+
+### RoleUpdated
+
+```solidity
+event RoleUpdated(bytes32 indexed role, IAccountPermissions.RoleRestrictions restrictions)
+```
+
+Emitted when the restrictions for a given role are updated.
+
+
+
+#### Parameters
+
+| Name | Type | Description |
+|---|---|---|
+| role `indexed` | bytes32 | undefined |
+| restrictions  | IAccountPermissions.RoleRestrictions | undefined |
+
+
+