From 9f2cd09aa94ea93716778b6be3cc3ed9b74b8808 Mon Sep 17 00:00:00 2001 From: JCsec Date: Mon, 10 Feb 2025 10:30:48 +0000 Subject: [PATCH] fix: audit L-03 (#275) --- src/SsoAccount.sol | 12 +++++++++++- src/auth/Auth.sol | 14 -------------- src/managers/HookManager.sol | 6 +++--- src/managers/OwnerManager.sol | 4 ++-- src/managers/ValidatorManager.sol | 4 ++-- 5 files changed, 18 insertions(+), 22 deletions(-) delete mode 100644 src/auth/Auth.sol diff --git a/src/SsoAccount.sol b/src/SsoAccount.sol index 0c1b95dc..7904a3d7 100644 --- a/src/SsoAccount.sol +++ b/src/SsoAccount.sol @@ -22,6 +22,8 @@ import { SignatureDecoder } from "./libraries/SignatureDecoder.sol"; import { ERC1271Handler } from "./handlers/ERC1271Handler.sol"; import { BatchCaller } from "./batch/BatchCaller.sol"; +import { BootloaderAuth } from "./auth/BootloaderAuth.sol"; + import { ISsoAccount } from "./interfaces/ISsoAccount.sol"; import { IModuleValidator } from "./interfaces/IModuleValidator.sol"; @@ -32,7 +34,15 @@ import { IModuleValidator } from "./interfaces/IModuleValidator.sol"; /// @notice This contract is a modular and extensible account implementation with support of /// multi-ownership, custom modules, validation/execution hooks and different signature validation formats. /// @dev Contract is expected to be used as Beacon proxy implementation. -contract SsoAccount is Initializable, HookManager, ERC1271Handler, TokenCallbackHandler, BatchCaller, ISsoAccount { +contract SsoAccount is + Initializable, + HookManager, + ERC1271Handler, + TokenCallbackHandler, + BatchCaller, + ISsoAccount, + BootloaderAuth +{ // Helper library for the Transaction struct using TransactionHelper for Transaction; diff --git a/src/auth/Auth.sol b/src/auth/Auth.sol deleted file mode 100644 index 2681b4bb..00000000 --- a/src/auth/Auth.sol +++ /dev/null @@ -1,14 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.24; - -import { BootloaderAuth } from "./BootloaderAuth.sol"; -import { SelfAuth } from "./SelfAuth.sol"; -import { HookAuth } from "./HookAuth.sol"; -import { Errors } from "../libraries/Errors.sol"; - -/** - * @title Auth - * @notice Abstract contract that organizes authentication logic for the contract - * @author https://getclave.io - */ -abstract contract Auth is BootloaderAuth, SelfAuth, HookAuth {} diff --git a/src/managers/HookManager.sol b/src/managers/HookManager.sol index 46206a87..f26ce29c 100644 --- a/src/managers/HookManager.sol +++ b/src/managers/HookManager.sol @@ -6,7 +6,7 @@ import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableS import { Transaction } from "@matterlabs/zksync-contracts/l2/system-contracts/libraries/TransactionHelper.sol"; import { ExcessivelySafeCall } from "@nomad-xyz/excessively-safe-call/src/ExcessivelySafeCall.sol"; -import { Auth } from "../auth/Auth.sol"; +import { SelfAuth } from "../auth/SelfAuth.sol"; import { SsoStorage } from "../libraries/SsoStorage.sol"; import { Errors } from "../libraries/Errors.sol"; import { IExecutionHook, IValidationHook } from "../interfaces/IHook.sol"; @@ -19,7 +19,7 @@ import { IModule } from "../interfaces/IModule.sol"; * @dev Hook addresses are stored in a linked list * @author https://getclave.io */ -abstract contract HookManager is IHookManager, Auth { +abstract contract HookManager is IHookManager, SelfAuth { using EnumerableSet for EnumerableSet.AddressSet; // Interface helper library using ERC165Checker for address; @@ -124,7 +124,7 @@ abstract contract HookManager is IHookManager, Auth { emit HookRemoved(hook); } - function _isHook(address addr) internal view override returns (bool) { + function _isHook(address addr) internal view returns (bool) { return _validationHooks().contains(addr) || _executionHooks().contains(addr); } diff --git a/src/managers/OwnerManager.sol b/src/managers/OwnerManager.sol index 9275996c..7681f738 100644 --- a/src/managers/OwnerManager.sol +++ b/src/managers/OwnerManager.sol @@ -4,7 +4,7 @@ pragma solidity ^0.8.24; import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol"; import { SsoStorage } from "../libraries/SsoStorage.sol"; import { Errors } from "../libraries/Errors.sol"; -import { Auth } from "../auth/Auth.sol"; +import { SelfAuth } from "../auth/SelfAuth.sol"; import { IOwnerManager } from "../interfaces/IOwnerManager.sol"; /** @@ -14,7 +14,7 @@ import { IOwnerManager } from "../interfaces/IOwnerManager.sol"; * @dev Owners are stored in a linked list * @author https://getclave.io */ -abstract contract OwnerManager is IOwnerManager, Auth { +abstract contract OwnerManager is IOwnerManager, SelfAuth { using EnumerableSet for EnumerableSet.AddressSet; /// @inheritdoc IOwnerManager diff --git a/src/managers/ValidatorManager.sol b/src/managers/ValidatorManager.sol index ff835ced..97c89576 100644 --- a/src/managers/ValidatorManager.sol +++ b/src/managers/ValidatorManager.sol @@ -5,7 +5,7 @@ import { ERC165Checker } from "@openzeppelin/contracts/utils/introspection/ERC16 import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol"; import { ExcessivelySafeCall } from "@nomad-xyz/excessively-safe-call/src/ExcessivelySafeCall.sol"; -import { Auth } from "../auth/Auth.sol"; +import { SelfAuth } from "../auth/SelfAuth.sol"; import { Errors } from "../libraries/Errors.sol"; import { SsoStorage } from "../libraries/SsoStorage.sol"; import { IValidatorManager } from "../interfaces/IValidatorManager.sol"; @@ -18,7 +18,7 @@ import { IModule } from "../interfaces/IModule.sol"; * @dev Validators are stored in an enumerable set * @author https://getclave.io */ -abstract contract ValidatorManager is IValidatorManager, Auth { +abstract contract ValidatorManager is IValidatorManager, SelfAuth { using EnumerableSet for EnumerableSet.AddressSet; // Interface helper library using ERC165Checker for address;