Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: [v0.8-develop] remove execute from plugin #65

Merged
merged 3 commits into from
Jun 20, 2024

Conversation

adamegyed
Copy link
Contributor

Motivation

The function executeFromPlugin and executeFromPluginExternal, along with the manifest fields associated with these functions, were created before we had multiple validation function support & better management of pre-validation hooks, as a way to allow cross-plugin and plugin-to-external-contract interactions.

With multi-validation, it is no longer necessary to have these two parallel paths for performing calls from plugins. The "permitted call" authorization path still exists via the fallback and native functions, and any function wishing to invoke external contracts can simply ask for permission to validate execute/executeBatch, and validate itself.

Additionally, executeFromPluginExternal required accounts to have some opinionated access control functions built-in as part of the standard. This type of access control management is best left to actual plugin implementations, and with the possibility to install pre-validation hooks at the same time as validations via #64, the same type of controls can be placed on any plugin requesting access to execute / executeBatch at install time.

Solution

  • Remove executeFromPlugin and executeFromPluginExternal from the account, and delete IPluginExecutor.
  • Move executeWithAuthorization (part of multi-validation) out to IStandardExecutor.
  • Update previous tests of executeFromPlugin + executeFromPluginExternal to use the permitted call flow and/or executeWithAuthorization, to show the functional equivalence.
  • Remove fields in the plugin manifest related to executeFromPluginExternal.
    • Note that this made it so that there are no fixed-size fields in the plugin manifest. In tests where we declare a public state variable for a plugin manifest, this results in the error The struct has all its members omitted, therefore the getter cannot return any values.. To address this, the fields are made internal, and the linter is updated to not require renaming all instances of these.

Future work

  • It may be worth merging account interfaces to simplify in the future, with a required interface, and possibly optional extension for loupe functions.
  • Since these permission flows mostly depend on runtime validation, and the difference between user op validation and runtime validation is the ability to spend account gas, it may be worthwhile to add a representation to the manifest that would allow and account to restrict a validation function to "only runtime". This would allow users inspecting a plugin before installation to be sure that its permissions only encompass runtime auth, and not the ability to spend gas.

@adamegyed adamegyed requested a review from a team June 4, 2024 18:48
@adamegyed adamegyed force-pushed the adam/pre-validation-hook-assoc branch from e21f450 to 72be4f4 Compare June 5, 2024 22:40
@adamegyed adamegyed force-pushed the adam/remove-ipluginexecutor branch 2 times, most recently from 02d099e to b680f75 Compare June 5, 2024 22:45
Copy link
Contributor

@huaweigu huaweigu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, just one question!

/// @param data The calldata to send to the account.
/// @param authorization The authorization data to use for the call. The first 21 bytes specifies which runtime
/// validation to use, and the rest is sent as a parameter to runtime validation.
function executeWithAuthorization(bytes calldata data, bytes calldata authorization)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious to hear your thoughts on why you prefer the new function to be part of the standard executor rather than an extension executor :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest I don't have a strict reasoning - I think we could split it out, or we could try to bring together all of the required account functions into one interface for simplicity. I think I'm leaning more towards the latter to make it easier to read the spec, but open to discussing.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am more lean towards to split it out.
StandardExecutor indicates the functions here are following a certain standard (ERC-4337).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically the functions in IStandardExecutor are only standardized in ERC-6900, but 6900 also requires the plugin installation functions, which are in a separate interface IPluginManager.

As for executeWithAuthorization, it's something that all 6900 compliant accounts will need to implement after this spec change. Do y'all have any suggestions for what to name an interface that only holds this one function? Or how to rename IStandardExecutor or other existing account interfaces to hold it?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually to rethink on this, especially since executeWithAuthorization is something that all 6900 compliant accounts will need to implement. We can just keep it in there.

@adamegyed adamegyed force-pushed the adam/pre-validation-hook-assoc branch from 72be4f4 to aeb416b Compare June 10, 2024 18:51
@adamegyed adamegyed force-pushed the adam/remove-ipluginexecutor branch from b680f75 to 7cb19a4 Compare June 10, 2024 18:53
@@ -9,7 +9,7 @@
"max-line-length": ["error", 120],
"max-states-count": ["warn", 30],
"modifier-name-mixedcase": ["error"],
"private-vars-leading-underscore": ["error"],
"private-vars-leading-underscore": "off",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm why do we need to change this?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh tests, yeah those have been annoying

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we fix the tests instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rolled back the styling change, and fixed the tests

@adamegyed adamegyed force-pushed the adam/pre-validation-hook-assoc branch from aeb416b to c872746 Compare June 12, 2024 18:41
@adamegyed adamegyed force-pushed the adam/remove-ipluginexecutor branch from 07b307a to bfdf5b5 Compare June 12, 2024 18:44
@adamegyed adamegyed force-pushed the adam/pre-validation-hook-assoc branch from c872746 to 83a2ddb Compare June 14, 2024 15:56
@adamegyed adamegyed force-pushed the adam/remove-ipluginexecutor branch from bfdf5b5 to 67b7088 Compare June 14, 2024 15:56
Copy link
Collaborator

@fangting-alchemy fangting-alchemy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a question.

@adamegyed adamegyed force-pushed the adam/pre-validation-hook-assoc branch from 83a2ddb to 4d2390b Compare June 19, 2024 15:06
@adamegyed adamegyed force-pushed the adam/remove-ipluginexecutor branch 2 times, most recently from 29055a9 to 0aefb0f Compare June 20, 2024 17:53
Base automatically changed from adam/pre-validation-hook-assoc to v0.8-develop June 20, 2024 20:35
@adamegyed adamegyed force-pushed the adam/remove-ipluginexecutor branch from 0aefb0f to c9fcabf Compare June 20, 2024 20:37
@adamegyed adamegyed merged commit 400e833 into v0.8-develop Jun 20, 2024
3 checks passed
@adamegyed adamegyed deleted the adam/remove-ipluginexecutor branch June 20, 2024 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants