-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add interface checks for validations and hooks #147
Conversation
41d9893
to
7af4423
Compare
Flagging one potential downside of this setup: it will no longer be possible to add an EOA as a validation, with "direct call validation" access, due to it not implementing the ERC-165 interface for |
Hmm, there's a discrepancy in the |
Thats interesting, can u elaborate on the "using EOA as a validation" case? Is that equivalent to a "pass through" validator that allows all calls? |
I don't think so, we should probably do this wrapping. Will update unless anyone else has a reason to keep separate.
Basically, since #90, you can install a validation with the magic value This was intended to be used by modules that needed call access to the account, and it was more efficient to do this than to have the modules call But, this workflow could be extended to allowing EOAs to directly call functions on the account, without using |
I see, thanks for explaining! Agree that its a workflow that we should preserve |
@@ -227,6 +229,16 @@ abstract contract ModuleManagerInternals is IModuleManager { | |||
} | |||
} | |||
|
|||
function _onInstall(address module, bytes calldata data, bytes4 interfaceId) internal { | |||
if (data.length > 0) { | |||
if (!ERC165Checker.supportsInterface(module, interfaceId)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wdyt if we check the interface regardless of data length?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought of this because the usual case for not running onInstall
is if it's been already initialized, which usually only happens on re-install (i.e. if you're using the same hook id across two different validations), in which case the previous install with a call to onInstall
would have checked this. Probably should either include that rationale in a comment, or update this to always check. Wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not that partial to one way or another, but I think the assumption we'd always call onInstall
the first time we install may not necessarily be a safe one. I could imagine modules which inherently don't need to be directly initialized probs.
For that reason always checking makes a bit more sense to me, but it could end up being redundant. I leave this one up to your call!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One neat side effect of this, is that this actually lets us still do the "install EOA for direct call validation" - just added a test for this here: b858ccb
Given that one use case, I'll keep the interface check behind the initialization data for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only some small comments, lgtm otherwise!
7af4423
to
b858ccb
Compare
b858ccb
to
9d8e1ff
Compare
Motivation
We've been discussing how to do sanity-checking on addresses provided to be used as modules, and decided to encourage, but not enforce, ERC-165 interface checking in the standard.
Solution
This PR adds behavior to the reference implementation to check interface support for the addresses provided to be used as validation modules, validation hooks, and execution hooks. The account already performed this check for execution modules.
Also update any modules used in tests that were missing the appropriate interfaceId support.
This PR does not yet update the spec document - will follow up with a second PR for the spec update.