Just to reiterate some points from previous discussions, my main concern lies in this being part of the signature field. We've discussed that similar designs in the past have had some issues but it's difficult to find a better spot.

What's the downside of including it in the beginning of the calldata field instead?

We could include it in calldata, that would help us by ensuring the data is signed over, making it non-malleable. It would come with some additional considerations:

• We would probably want to put it at the end of calldata, rather than the beginning, to prevent the data from interfering with solidity's function dispatcher
• We would need to strip it out before forwarding to execution functions in the fallback, otherwise plugins may interpret it as something else.
• It would be tricky to determine how much data is actually provided, if any. Because the account doesn't know the parameter format of installed execution functions, it's not clear to me how it would distinguish between data for hooks and data for the actual execution function.
  • For native functions, it would be possible, but expensive, as we'd have to re-implement the ABI decoding that solidity does automatically for every external function, then look past-the-end of the field encoded last.

Do you know of any way we could encode it in calldata such that the account could parse it out? We're constrained by the fact that the account doesn't know the parameter format of plugin-defined execution functions.

I do agree that using the signature is error prone. I just realized there's an issue with the current implementation, you can express zero-length hook data in two different ways: specifying the index and setting a length of zero, or skipping the encoding. I'll update the PR to enforce 1 canonical encoding format.

Updated to enforce canonical encoding, it is no longer possible to add zero-length segments to the signature. Instead, zero length segments must be omitted. It is up to the validation function and hooks to enforce that only the expected amount of data is provided.

Taking a look, overall thoughts so far:

1. Sparse calldata lib is super cool!
2. Overall, think this is in line with the v0.8 changes to improving efficiency by moving storage to calldata. Want to call out that this creates more burden on SDKs and potentially requires some other source of data storage.
3. For pre UO validation hooks, this makes sense. But for the pre runtime validation path, specifically, I would not expect other plugins to use executeWithAuthorization with extra calldata for the standard call flow of account -> plugin -> account. Mostly because the plugin would need to store this extra calldata to pass back into the account, so any savings from moving from calldata -> storage is lost

I do agree that using the signature is error prone. I just realized there's an issue with the current implementation, you can express zero-length hook data in two different ways: specifying the index and setting a length of zero, or skipping the encoding. I'll update the PR to enforce 1 canonical encoding format.

I overall agree with the change, but what abuses could this lead to (forgive me if we talked about this already)?

Edit: followup wrt abuses of this being in the signature field-- if it's only used to provide actual signature and signature-like information for authorization, I think it should be fine. Correct me if I'm wrong. Developers will need to keep this in mind when building validation hooks though.

Are we sure we only want to call onInstall() and onUninstall() when there is nonzero data to be passed? What if I want to pass an empty array but still trigger this?

(Edit: This is specifically for PluginManager2 temp functions, in PluginManagerInternals we do call this even if the bytes array has a length of zero)