🔥 fix checks in policy validator

🎨 Fooq
rhinestonewtf · Mar 4, 2024 · 7353e2a · 7353e2a
1 parent 9567e9f
commit 7353e2a
Show file tree

Hide file tree

Showing 25 changed files with 2,035 additions and 232 deletions.
diff --git a/examples/src/HookMultiplex/HookMultiplexer.sol b/examples/src/HookMultiplex/HookMultiplexer.sol
@@ -106,9 +106,9 @@ contract HookMultiPlexer is ERC7579HookDestruct, IHookMultiPlexer {
 
         for (uint256 i; i < length; i++) {
             bytes32 _globalHook = globalHooks[i];
-            console2.logBytes32(_globalHook);
-            console2.log("flag", checkFlagFn(_globalHook));
-            if (!checkFlagFn(_globalHook)) continue;
+            // console2.logBytes32(_globalHook);
+            // console2.log("flag", checkFlagFn(_globalHook));
+            // if (!checkFlagFn(_globalHook)) continue;
             (bool success,) = _globalHook.decodeAddress().call(callData);
             if (!success) revert SubHookFailed(_globalHook);
         }

diff --git a/examples/src/HookMultiplex/PermissionHook.sol b/examples/src/HookMultiplex/PermissionHook.sol
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.23;
+
+import { ERC7579HookDestruct } from "@rhinestone/modulekit/src/modules/ERC7579HookDestruct.sol";
+import { SENTINEL as SENTINELAddress, SentinelListLib } from "sentinellist/SentinelList.sol";
+import { SENTINEL as SENTINELBytes32, LinkedBytes32Lib } from "sentinellist/SentinelListBytes32.sol";
+import { TokenTransactionLib } from "./lib/TokenTransactionLib.sol";
+import { PermissionFlag, PermissionFlagLib } from "./lib/PermissionFlagLib.sol";
+import { SSTORE2 } from "solady/src/utils/SSTORE2.sol";
+
+contract PermissionHook is ERC7579HookDestruct {
+    using SentinelListLib for SentinelListLib.SentinelList;
+    using LinkedBytes32Lib for LinkedBytes32Lib.LinkedBytes32;
+    using TokenTransactionLib for bytes4;
+    using PermissionFlagLib for PermissionFlag;
+
+    error InvalidPermission();
+
+    struct ConfigParams {
+        PermissionFlag flags;
+        address[] allowedTargets;
+        bytes4[] allowedFunctions;
+    }
+
+    struct ModulePermissions {
+        PermissionFlag flags;
+        LinkedBytes32Lib.LinkedBytes32 allowedFunctions;
+        SentinelListLib.SentinelList allowedTargets;
+    }
+
+    mapping(address account => mapping(address module => ModulePermissions)) internal $permissions;
+    mapping(address account => mapping(address module => SentinelListLib.SentinelList subHooks))
+        internal $moduleSubHooks;
+
+    mapping(address smartAccount => LinkedBytes32Lib.LinkedBytes32 globalSubHooks) internal
+        $globalSubHooks;
+
+    function configure(address module, ConfigParams memory params) public {
+        ModulePermissions storage $modulePermissions = $subHook().permissions[msg.sender][module];
+        $modulePermissions.flags = params.flags;
+
+        uint256 length = params.allowedTargets.length;
+        $modulePermissions.allowedTargets.init();
+        for (uint256 i; i < length; i++) {
+            $modulePermissions.allowedTargets.push(params.allowedTargets[i]);
+        }
+        length = params.allowedFunctions.length;
+        for (uint256 i; i < length; i++) {
+            $modulePermissions.allowedFunctions.push(bytes32(params.allowedFunctions[i]));
+        }
+    }
+
+    function configureWithRegistry(address module, address attester) external {
+        ConfigParams memory params =
+            abi.decode(SSTORE2.read(_getSSTORE2Ref(module, attester)), (ConfigParams));
+        configure(module, params);
+    }
+
+    function _getSSTORE2Ref(address module, address attester) internal pure returns (address) {
+        // TODO: implement actual registry lookup
+        return address(0xbBb6987cD1807141DBc07A9C164CAB37603Db429);
+    }
+}
diff --git a/examples/src/HookMultiplex/lib/HookEncodingLib.sol b/examples/src/HookMultiplex/lib/HookEncodingLib.sol
@@ -58,19 +58,6 @@ library HookEncodingLib {
     }
 
     function is4337Hook(bytes32 encoded) internal pure returns (bool) {
-        console2.log("----");
-        console2.logBytes32(encoded);
-
-        bytes32 foo;
-
-        assembly  {
-
-          foo := shr(encoded, 8)
-
-        }
-        console2.logBytes32(foo);
-        console2.log("----");
-
         return (uint256(encoded) >> 8) & 0xff == 1;
     }
 

diff --git a/examples/src/HookMultiplex/lib/PermissionFlagLib.sol b/examples/src/HookMultiplex/lib/PermissionFlagLib.sol
@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.23;
+
+type PermissionFlag is bytes32;
+
+library PermissionFlagLib {
+    function pack(
+        bool permit_selfCall,
+        bool permit_moduleCall,
+        bool permit_sendValue,
+        bool permit_erc20Transfer,
+        bool permit_erc721Transfer,
+        bool permit_hasAllowedFunctions,
+        bool permit_hasAllowedTargets,
+        bool permit_moduleConfig,
+        bool enfoce_subhooks
+    )
+        internal
+        pure
+        returns (PermissionFlag)
+    {
+        return PermissionFlag.wrap(
+            bytes32(
+                uint256(
+                    (permit_selfCall ? 1 : 0) + (permit_moduleCall ? 2 : 0)
+                        + (permit_sendValue ? 4 : 0) + (permit_erc20Transfer ? 8 : 0)
+                        + (permit_erc721Transfer ? 16 : 0) + (permit_hasAllowedFunctions ? 32 : 0)
+                        + (permit_hasAllowedTargets ? 64 : 0) + (permit_moduleConfig ? 128 : 0)
+                        + (enfoce_subhooks ? 256 : 0)
+                )
+            )
+        );
+    }
+
+    function isSelfCall(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 1 == 1;
+    }
+
+    function isModuleCall(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 2 == 2;
+    }
+
+    function isSendValue(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 4 == 4;
+    }
+
+    function isERC20Transfer(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 8 == 8;
+    }
+
+    function isERC721Transfer(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 16 == 16;
+    }
+
+    function hasAllowedFunctions(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 32 == 32;
+    }
+
+    function hasAllowedTargets(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 64 == 64;
+    }
+
+    function isModuleConfig(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 128 == 128;
+    }
+
+    function enfoceSubhooks(PermissionFlag flags) internal pure returns (bool) {
+        return uint256(PermissionFlag.unwrap(flags)) & 256 == 256;
+    }
+}