[ALC-2] add comment explaining contract owner limitations for user op…

…eration validation
alchemyplatform · Sep 20, 2023 · a717eca · a717eca
1 parent aa8196b
commit a717eca
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/src/LightAccount.sol b/src/LightAccount.sol
@@ -215,12 +215,19 @@ contract LightAccount is BaseAccount, TokenCallbackHandler, UUPSUpgradeable, Cus
         emit OwnershipTransferred(oldOwner, newOwner);
     }
 
-    /*
-     * Implement template method of BaseAccount.
-     *
-     * Uses a modified version of `SignatureChecker.isValidSignatureNow` in
+    /**
+     * @notice Implement template method of BaseAccount.
+     * @dev Uses a modified version of `SignatureChecker.isValidSignatureNow` in
      * which the digest is wrapped with an "Ethereum Signed Message" envelope
      * for the EOA-owner case but not in the ERC-1271 contract-owner case.
+     *
+     * ERC-4337's validation rules limit the types of contracts that can be
+     * used as owners to validate user operation signatures. For example, the
+     * contract's `isValidSignature` function may not use any forbidden opcodes
+     * such as `TIMESTAMP` or `NUMBER`, and the contract may not be an ERC-1967
+     * proxy as it accesses a constant implementation slot not associated with
+     * the account, violating storage access rules. This also means that the
+     * owner may not be another LightAccount.
      */
     function _validateSignature(UserOperation calldata userOp, bytes32 userOpHash)
         internal