AccountPermissions: add setAdminWithSigner (#533)

* setAdminWithSigner

* fix typo

* restructure setAdminWithSigner

* reduce size

* add AccountPermissions to legacy-contracts

* update struct SignerPermissionRequest

* cleanup, release script change

* test: setPermissionsForSigner

* release

* dev release

---------

Co-authored-by: Yash <[email protected]>
Co-authored-by: Joaquim Verges <[email protected]>

Author: 3 people

contracts/extension/interface/IAccountPermissions.sol

@@ -19,6 +19,7 @@ interface IAccountPermissions {
      *  @param reqValidityStartTimestamp The UNIX timestamp at and after which a signature is valid.
      *  @param reqValidityEndTimestamp The UNIX timestamp at and after which a signature is invalid/expired.
      *  @param uid A unique non-repeatable ID for the payload.
+     *  @param isAdmin Whether the signer should be an admin.
      */
     struct SignerPermissionRequest {
         address signer;
@@ -29,6 +30,7 @@ interface IAccountPermissions {
         uint128 reqValidityStartTimestamp;
         uint128 reqValidityEndTimestamp;
         bytes32 uid;
+        uint8 isAdmin;
     }
 
     /**
@@ -107,9 +109,6 @@ interface IAccountPermissions {
                             External functions
     //////////////////////////////////////////////////////////////*/
 
-    /// @notice Adds / removes an account as an admin.
-    function setAdmin(address account, bool isAdmin) external;
-
     /// @notice Sets the permissions for a given signer.
     function setPermissionsForSigner(SignerPermissionRequest calldata req, bytes calldata signature) external;
 }

contracts/extension/upgradeable/AccountPermissions.sol

@@ -46,35 +46,42 @@ abstract contract AccountPermissions is IAccountPermissions, EIP712 {
         );
 
     modifier onlyAdmin() virtual {
-        require(isAdmin(msg.sender), "caller is not an admin");
+        require(isAdmin(msg.sender), "!admin");
         _;
     }
 
     /*///////////////////////////////////////////////////////////////
                             External functions
     //////////////////////////////////////////////////////////////*/
 
-    /// @notice Adds / removes an account as an admin.
-    function setAdmin(address _account, bool _isAdmin) external virtual onlyAdmin {
-        _setAdmin(_account, _isAdmin);
-    }
-
     /// @notice Sets the permissions for a given signer.
     function setPermissionsForSigner(SignerPermissionRequest calldata _req, bytes calldata _signature) external {
         address targetSigner = _req.signer;
-        require(!isAdmin(targetSigner), "signer is already an admin");
 
         require(
             _req.reqValidityStartTimestamp <= block.timestamp && block.timestamp < _req.reqValidityEndTimestamp,
-            "invalid request validity period"
+            "!period"
         );
 
         (bool success, address signer) = verifySignerPermissionRequest(_req, _signature);
-        require(success, "invalid signature");
+        require(success, "!sig");
 
-        _accountPermissionsStorage().allSigners.add(targetSigner);
         _accountPermissionsStorage().executed[_req.uid] = true;
 
+        //isAdmin > 0, set admin or remove admin
+        if (_req.isAdmin > 0) {
+            //isAdmin = 1, set admin
+            //isAdmin > 1, remove admin
+            bool _isAdmin = _req.isAdmin == 1;
+
+            _setAdmin(targetSigner, _isAdmin);
+            return;
+        }
+
+        require(!isAdmin(targetSigner), "already admin");
+
+        _accountPermissionsStorage().allSigners.add(targetSigner);
+
         _accountPermissionsStorage().signerPermissions[targetSigner] = SignerPermissionsStatic(
             _req.nativeTokenLimitPerTransaction,
             _req.permissionStartTimestamp,
@@ -138,7 +145,7 @@ abstract contract AccountPermissions is IAccountPermissions, EIP712 {
         virtual
         returns (bool success, address signer)
     {
-        signer = _recoverAddress(req, signature);
+        signer = _recoverAddress(_encodeRequest(req), signature);
         success = !_accountPermissionsStorage().executed[req.uid] && isAdmin(signer);
     }
 
@@ -168,34 +175,30 @@ abstract contract AccountPermissions is IAccountPermissions, EIP712 {
 
         uint256 len = allSigners.length;
         uint256 numOfActiveSigners = 0;
-        bool[] memory isSignerActive = new bool[](len);
 
         for (uint256 i = 0; i < len; i += 1) {
-            address signer = allSigners[i];
-
-            bool isActive = isActiveSigner(signer);
-            isSignerActive[i] = isActive;
-            if (isActive) {
+            if (isActiveSigner(allSigners[i])) {
                 numOfActiveSigners++;
+            } else {
+                allSigners[i] = address(0);
             }
         }
 
         signers = new SignerPermissions[](numOfActiveSigners);
         uint256 index = 0;
         for (uint256 i = 0; i < len; i += 1) {
-            if (!isSignerActive[i]) {
-                continue;
+            if (allSigners[i] != address(0)) {
+                address signer = allSigners[i];
+                SignerPermissionsStatic memory permissions = _accountPermissionsStorage().signerPermissions[signer];
+
+                signers[index++] = SignerPermissions(
+                    signer,
+                    _accountPermissionsStorage().approvedTargets[signer].values(),
+                    permissions.nativeTokenLimitPerTransaction,
+                    permissions.startTimestamp,
+                    permissions.endTimestamp
+                );
             }
-            address signer = allSigners[i];
-            SignerPermissionsStatic memory permissions = _accountPermissionsStorage().signerPermissions[signer];
-
-            signers[index++] = SignerPermissions(
-                signer,
-                _accountPermissionsStorage().approvedTargets[signer].values(),
-                permissions.nativeTokenLimitPerTransaction,
-                permissions.startTimestamp,
-                permissions.endTimestamp
-            );
         }
     }
 
@@ -225,13 +228,8 @@ abstract contract AccountPermissions is IAccountPermissions, EIP712 {
     }
 
     /// @dev Returns the address of the signer of the request.
-    function _recoverAddress(SignerPermissionRequest calldata _req, bytes calldata _signature)
-        internal
-        view
-        virtual
-        returns (address)
-    {
-        return _hashTypedDataV4(keccak256(_encodeRequest(_req))).recover(_signature);
+    function _recoverAddress(bytes memory _encoded, bytes calldata _signature) internal view virtual returns (address) {
+        return _hashTypedDataV4(keccak256(_encoded)).recover(_signature);
     }
 
     /// @dev Encodes a request for recovery of the signer in `recoverAddress`.

contracts/legacy-contracts/smart-wallet/interface/IAccountPermissions_V1.sol

@@ -0,0 +1,115 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+
+/// @author thirdweb
+
+interface IAccountPermissions_V1 {
+    /*///////////////////////////////////////////////////////////////
+                                Types
+    //////////////////////////////////////////////////////////////*/
+
+    /**
+     *  @notice The payload that must be signed by an authorized wallet to set permissions for a signer to use the smart wallet.
+     *
+     *  @param signer The addres of the signer to give permissions.
+     *  @param approvedTargets The list of approved targets that a role holder can call using the smart wallet.
+     *  @param nativeTokenLimitPerTransaction The maximum value that can be transferred by a role holder in a single transaction.
+     *  @param permissionStartTimestamp The UNIX timestamp at and after which a signer has permission to use the smart wallet.
+     *  @param permissionEndTimestamp The UNIX timestamp at and after which a signer no longer has permission to use the smart wallet.
+     *  @param reqValidityStartTimestamp The UNIX timestamp at and after which a signature is valid.
+     *  @param reqValidityEndTimestamp The UNIX timestamp at and after which a signature is invalid/expired.
+     *  @param uid A unique non-repeatable ID for the payload.
+     */
+    struct SignerPermissionRequest {
+        address signer;
+        address[] approvedTargets;
+        uint256 nativeTokenLimitPerTransaction;
+        uint128 permissionStartTimestamp;
+        uint128 permissionEndTimestamp;
+        uint128 reqValidityStartTimestamp;
+        uint128 reqValidityEndTimestamp;
+        bytes32 uid;
+    }
+
+    /**
+     *  @notice The permissions that a signer has to use the smart wallet.
+     *
+     *  @param signer The address of the signer.
+     *  @param approvedTargets The list of approved targets that a role holder can call using the smart wallet.
+     *  @param nativeTokenLimitPerTransaction The maximum value that can be transferred by a role holder in a single transaction.
+     *  @param startTimestamp The UNIX timestamp at and after which a signer has permission to use the smart wallet.
+     *  @param endTimestamp The UNIX timestamp at and after which a signer no longer has permission to use the smart wallet.
+     */
+    struct SignerPermissions {
+        address signer;
+        address[] approvedTargets;
+        uint256 nativeTokenLimitPerTransaction;
+        uint128 startTimestamp;
+        uint128 endTimestamp;
+    }
+
+    /**
+     *  @notice Internal struct for storing permissions for a signer (without approved targets).
+     *
+     *  @param nativeTokenLimitPerTransaction The maximum value that can be transferred by a role holder in a single transaction.
+     *  @param startTimestamp The UNIX timestamp at and after which a signer has permission to use the smart wallet.
+     *  @param endTimestamp The UNIX timestamp at and after which a signer no longer has permission to use the smart wallet.
+     */
+    struct SignerPermissionsStatic {
+        uint256 nativeTokenLimitPerTransaction;
+        uint128 startTimestamp;
+        uint128 endTimestamp;
+    }
+
+    /*///////////////////////////////////////////////////////////////
+                                Events
+    //////////////////////////////////////////////////////////////*/
+
+    /// @notice Emitted when permissions for a signer are updated.
+    event SignerPermissionsUpdated(
+        address indexed authorizingSigner,
+        address indexed targetSigner,
+        SignerPermissionRequest permissions
+    );
+
+    /// @notice Emitted when an admin is set or removed.
+    event AdminUpdated(address indexed signer, bool isAdmin);
+
+    /*///////////////////////////////////////////////////////////////
+                            View functions
+    //////////////////////////////////////////////////////////////*/
+
+    /// @notice Returns whether the given account is an admin.
+    function isAdmin(address signer) external view returns (bool);
+
+    /// @notice Returns whether the given account is an active signer on the account.
+    function isActiveSigner(address signer) external view returns (bool);
+
+    /// @notice Returns the restrictions under which a signer can use the smart wallet.
+    function getPermissionsForSigner(address signer) external view returns (SignerPermissions memory permissions);
+
+    /// @notice Returns all active and inactive signers of the account.
+    function getAllSigners() external view returns (SignerPermissions[] memory signers);
+
+    /// @notice Returns all signers with active permissions to use the account.
+    function getAllActiveSigners() external view returns (SignerPermissions[] memory signers);
+
+    /// @notice Returns all admins of the account.
+    function getAllAdmins() external view returns (address[] memory admins);
+
+    /// @dev Verifies that a request is signed by an authorized account.
+    function verifySignerPermissionRequest(SignerPermissionRequest calldata req, bytes calldata signature)
+        external
+        view
+        returns (bool success, address signer);
+
+    /*///////////////////////////////////////////////////////////////
+                            External functions
+    //////////////////////////////////////////////////////////////*/
+
+    /// @notice Adds / removes an account as an admin.
+    function setAdmin(address account, bool isAdmin) external;
+
+    /// @notice Sets the permissions for a given signer.
+    function setPermissionsForSigner(SignerPermissionRequest calldata req, bytes calldata signature) external;
+}

contracts/package.json

@@ -22,5 +22,8 @@
     "@openzeppelin/contracts-upgradeable": "4.7.3",
     "erc721a-upgradeable": "^3.3.0",
     "@thirdweb-dev/dynamic-contracts": "^1.1.2"
+  },
+  "engines": {
+    "node": ">=20.0.0"
   }
 }

contracts/prebuilts/account/utils/AccountCore.sol

@@ -155,12 +155,12 @@ contract AccountCore is IAccountCore, Initializable, Multicall, BaseAccount, Acc
     //////////////////////////////////////////////////////////////*/
 
     function getFunctionSignature(bytes calldata data) internal pure returns (bytes4 functionSelector) {
-        require(data.length >= 4, "Data too short");
+        require(data.length >= 4, "!Data");
         return bytes4(data[:4]);
     }
 
     function decodeExecuteCalldata(bytes calldata data) internal pure returns (address _target, uint256 _value) {
-        require(data.length >= 4 + 32 + 32, "Data too short");
+        require(data.length >= 4 + 32 + 32, "!Data");
 
         // Decode the address, which is bytes 4 to 35
         _target = abi.decode(data[4:36], (address));
@@ -178,7 +178,7 @@ contract AccountCore is IAccountCore, Initializable, Multicall, BaseAccount, Acc
             bytes[] memory _callData
         )
     {
-        require(data.length >= 4 + 32 + 32 + 32, "Data too short");
+        require(data.length >= 4 + 32 + 32 + 32, "!Data");
 
         (_targets, _values, _callData) = abi.decode(data[4:], (address[], uint256[], bytes[]));
     }

src/test/smart-wallet/Account.t.sol

@@ -366,7 +366,8 @@ contract SimpleAccountTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);
@@ -403,7 +404,8 @@ contract SimpleAccountTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);
@@ -458,7 +460,8 @@ contract SimpleAccountTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);
@@ -606,7 +609,8 @@ contract SimpleAccountTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);

src/test/smart-wallet/AccountVulnPOC.t.sol

@@ -241,7 +241,8 @@ contract SimpleAccountVulnPOCTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);

src/test/smart-wallet/DynamicAccount.t.sol

@@ -478,7 +478,8 @@ contract DynamicAccountTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);
@@ -515,7 +516,8 @@ contract DynamicAccountTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);
@@ -572,7 +574,8 @@ contract DynamicAccountTest is BaseTest {
             type(uint128).max,
             0,
             type(uint128).max,
-            uidCache
+            uidCache,
+            0
         );
 
         vm.prank(accountAdmin);