feat: Introduce Modules V2 with more flexibility

Consensys · Mar 18, 2024 · 723a9f3 · 723a9f3
1 parent 6a8c72b
commit 723a9f3
Show file tree

Hide file tree

Showing 13 changed files with 1,087 additions and 4 deletions.
diff --git a/contracts/src/ModuleRegistry.sol b/contracts/src/ModuleRegistry.sol
@@ -3,6 +3,7 @@ pragma solidity 0.8.21;
 
 import { AttestationPayload, Module } from "./types/Structs.sol";
 import { AbstractModule } from "./abstracts/AbstractModule.sol";
+import { AbstractModuleV2 } from "./abstracts/AbstractModuleV2.sol";
 import { OwnableUpgradeable } from "openzeppelin-contracts-upgradeable/contracts/access/OwnableUpgradeable.sol";
 // solhint-disable-next-line max-line-length
 import { ERC165CheckerUpgradeable } from "openzeppelin-contracts-upgradeable/contracts/utils/introspection/ERC165CheckerUpgradeable.sol";
@@ -102,8 +103,11 @@ contract ModuleRegistry is OwnableUpgradeable {
     if (bytes(name).length == 0) revert ModuleNameMissing();
     // Check if moduleAddress is a smart contract address
     if (!isContractAddress(moduleAddress)) revert ModuleAddressInvalid();
-    // Check if module has implemented AbstractModule
-    if (!ERC165CheckerUpgradeable.supportsInterface(moduleAddress, type(AbstractModule).interfaceId)) {
+    // Check if module has implemented AbstractModule or AbstractModuleV2
+    if (
+      !ERC165CheckerUpgradeable.supportsInterface(moduleAddress, type(AbstractModule).interfaceId) &&
+      !ERC165CheckerUpgradeable.supportsInterface(moduleAddress, type(AbstractModuleV2).interfaceId)
+    ) {
       revert ModuleInvalid();
     }
     // Module address is used to identify uniqueness of the module
@@ -127,18 +131,55 @@ contract ModuleRegistry is OwnableUpgradeable {
     bytes[] memory validationPayloads,
     uint256 value
   ) public {
-    // If no modules provided, bypass module validation
+    // If no module provided, bypass module validation
     if (modulesAddresses.length == 0) return;
     // Each module involved must have a corresponding item from the validation payload
     if (modulesAddresses.length != validationPayloads.length) revert ModuleValidationPayloadMismatch();
 
-    // For each module check if it is registered and call run method
+    // For each module, check if it is registered and call its run method
     for (uint32 i = 0; i < modulesAddresses.length; i = uncheckedInc32(i)) {
       if (!isRegistered(modulesAddresses[i])) revert ModuleNotRegistered();
       AbstractModule(modulesAddresses[i]).run(attestationPayload, validationPayloads[i], tx.origin, value);
     }
   }
 
+  /**
+   * @notice Executes the V2 run method for all given Modules that are registered
+   * @param modulesAddresses the addresses of the registered modules
+   * @param attestationPayload the payload to attest
+   * @param validationPayloads the payloads to check for each module (one payload per module)
+   * @param value the value (ETH) optionally passed in the attesting transaction
+   * @param initialCaller the address of the initial caller (transaction sender)
+   * @param attester the address defined by the Portal as the attester for this payload
+   * @dev check if modules are registered and execute the V2 run method for each module
+   */
+  function runModulesV2(
+    address[] memory modulesAddresses,
+    AttestationPayload memory attestationPayload,
+    bytes[] memory validationPayloads,
+    uint256 value,
+    address initialCaller,
+    address attester
+  ) public {
+    // If no module provided, bypass module validation
+    if (modulesAddresses.length == 0) return;
+    // Each module involved must have a corresponding item from the validation payload
+    if (modulesAddresses.length != validationPayloads.length) revert ModuleValidationPayloadMismatch();
+
+    // For each module, check if it is registered and call its run method
+    for (uint32 i = 0; i < modulesAddresses.length; i = uncheckedInc32(i)) {
+      if (!isRegistered(modulesAddresses[i])) revert ModuleNotRegistered();
+      AbstractModuleV2(modulesAddresses[i]).run(
+        attestationPayload,
+        validationPayloads[i],
+        initialCaller,
+        value,
+        attester,
+        msg.sender
+      );
+    }
+  }
+
   /**
    * @notice Executes the modules validation for all attestations payloads for all given Modules that are registered
    * @param modulesAddresses the addresses of the registered modules
@@ -157,6 +198,26 @@ contract ModuleRegistry is OwnableUpgradeable {
     }
   }
 
+  /**
+   * @notice Executes the V2 modules validation for all attestations payloads for all given V2 Modules that are registered
+   * @param modulesAddresses the addresses of the registered modules
+   * @param attestationPayloads the payloads to attest
+   * @param validationPayloads the payloads to check for each module
+   * @dev NOTE: Currently the bulk run modules does not handle payable modules
+   *            a default value of 0 is used.
+   */
+  function bulkRunModulesV2(
+    address[] memory modulesAddresses,
+    AttestationPayload[] memory attestationPayloads,
+    bytes[][] memory validationPayloads,
+    address initialCaller,
+    address attester
+  ) public {
+    for (uint32 i = 0; i < attestationPayloads.length; i = uncheckedInc32(i)) {
+      runModulesV2(modulesAddresses, attestationPayloads[i], validationPayloads[i], 0, initialCaller, attester);
+    }
+  }
+
   /**
    * @notice Get the number of Modules managed by the contract
    * @return The number of Modules already registered

diff --git a/contracts/src/abstracts/AbstractModuleV2.sol b/contracts/src/abstracts/AbstractModuleV2.sol
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.21;
+
+import { AttestationPayload } from "../types/Structs.sol";
+import { IERC165 } from "openzeppelin-contracts/contracts/utils/introspection/IERC165.sol";
+
+/**
+ * @title Abstract Module V2
+ * @author Consensys
+ * @notice Defines the minimal Module V2 interface
+ */
+abstract contract AbstractModuleV2 is IERC165 {
+  /// @notice Error thrown when someone else than the portal's owner is trying to revoke
+  error OnlyPortalOwner();
+
+  /**
+   * @notice Executes the module's custom logic
+   * @param attestationPayload The incoming attestation data
+   * @param validationPayload Additional data required for verification
+   * @param initialCaller The address of the initial caller (transaction sender)
+   * @param value The value (ETH) optionally passed in the attesting transaction
+   * @param attester The address defined by the Portal as the attester for this payload
+   * @param portal The issuing Portal's address
+   */
+  function run(
+    AttestationPayload memory attestationPayload,
+    bytes memory validationPayload,
+    address initialCaller,
+    uint256 value,
+    address attester,
+    address portal
+  ) public virtual;
+
+  /**
+   * @notice Checks if the contract implements the Module interface.
+   * @param interfaceID The ID of the interface to check.
+   * @return A boolean indicating interface support.
+   */
+  function supportsInterface(bytes4 interfaceID) public pure virtual override returns (bool) {
+    return interfaceID == type(AbstractModuleV2).interfaceId || interfaceID == type(IERC165).interfaceId;
+  }
+}
diff --git a/contracts/src/abstracts/AbstractPortal.sol b/contracts/src/abstracts/AbstractPortal.sol
@@ -61,6 +61,20 @@ abstract contract AbstractPortal is IPortal {
     attestationRegistry.attest(attestationPayload, getAttester());
   }
 
+  /**
+   * @notice Attest the schema with given attestationPayload and validationPayload
+   * @param attestationPayload the payload to attest
+   * @param validationPayloads the payloads to validate via the modules to issue the attestations
+   * @dev Runs all modules for the portal and registers the attestation using AttestationRegistry
+   */
+  function attestV2(AttestationPayload memory attestationPayload, bytes[] memory validationPayloads) public payable {
+    moduleRegistry.runModulesV2(modules, attestationPayload, validationPayloads, msg.value, msg.sender, getAttester());
+
+    _onAttestV2(attestationPayload, validationPayloads, msg.value);
+
+    attestationRegistry.attest(attestationPayload, getAttester());
+  }
+
   /**
    * @notice Bulk attest the schema with payloads to attest and validation payloads
    * @param attestationsPayloads the payloads to attest
@@ -74,6 +88,19 @@ abstract contract AbstractPortal is IPortal {
     attestationRegistry.bulkAttest(attestationsPayloads, getAttester());
   }
 
+  /**
+   * @notice Bulk attest the schema with payloads to attest and validation payloads
+   * @param attestationPayloads the payloads to attest
+   * @param validationPayloads the payloads to validate via the modules to issue the attestations
+   */
+  function bulkAttestV2(AttestationPayload[] memory attestationPayloads, bytes[][] memory validationPayloads) public {
+    moduleRegistry.bulkRunModulesV2(modules, attestationPayloads, validationPayloads, msg.sender, getAttester());
+
+    _onBulkAttest(attestationPayloads, validationPayloads);
+
+    attestationRegistry.bulkAttest(attestationPayloads, getAttester());
+  }
+
   /**
    * @notice Replaces the attestation for the given identifier and replaces it with a new attestation
    * @param attestationId the ID of the attestation to replace
@@ -169,6 +196,18 @@ abstract contract AbstractPortal is IPortal {
    */
   function _onAttest(AttestationPayload memory attestationPayload, address attester, uint256 value) internal virtual {}
 
+  /**
+   * @notice Optional method run before a payload is attested
+   * @param attestationPayload the attestation payload to attest
+   * @param validationPayloads the payloads to validate via the modules
+   * @param value the value sent with the attestation
+   */
+  function _onAttestV2(
+    AttestationPayload memory attestationPayload,
+    bytes[] memory validationPayloads,
+    uint256 value
+  ) internal virtual {}
+
   /**
    * @notice Optional method run when an attestation is replaced
    * @param attestationId the ID of the attestation being replaced

diff --git a/contracts/src/stdlib/ECDSAModuleV2.sol b/contracts/src/stdlib/ECDSAModuleV2.sol
@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.21;
+
+import { AbstractModuleV2 } from "../abstracts/AbstractModuleV2.sol";
+import { AttestationPayload } from "../types/Structs.sol";
+import { PortalRegistry } from "../PortalRegistry.sol";
+import { ECDSA } from "openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol";
+
+/**
+ * @title ECDSA Module V2
+ * @author Consensys
+ * @notice This Module can be used by Portal creators to
+ *         require a signature of the attestation payload
+ *         from an authorized signer before issuing the attestation.
+ * @dev DISCLAIMER: This module doesn't check that a signature can be used only once!
+ */
+contract ECDSAModuleV2 is AbstractModuleV2 {
+  using ECDSA for bytes32;
+
+  PortalRegistry public portalRegistry;
+
+  mapping(address portal => mapping(address signer => bool authorizedSigners)) public authorizedSigners;
+
+  /// @notice Error thrown when an array length mismatch occurs
+  error ArrayLengthMismatch();
+  /// @notice Error thrown when a signer is not authorized by the module
+  error SignerNotAuthorized();
+
+  /// @notice Event emitted when the authorized signers are set
+  event SignersAuthorized(address indexed portal, address[] signers, bool[] authorizationStatus);
+
+  modifier onlyPortalOwner(address portal) {
+    if (msg.sender != portalRegistry.getPortalByAddress(portal).ownerAddress) revert OnlyPortalOwner();
+    _;
+  }
+
+  /**
+   * @notice Contract constructor sets the portal registry
+   */
+  constructor(address _portalRegistry) {
+    portalRegistry = PortalRegistry(_portalRegistry);
+  }
+
+  /**
+   * @notice Set the authorized status of signers
+   * @param signers The signers to be set
+   * @param authorizationStatus The authorization status of signers
+   * @dev The length of `signers` and `authorizationStatus` must be the same
+   */
+  function setAuthorizedSigners(
+    address portal,
+    address[] memory signers,
+    bool[] memory authorizationStatus
+  ) public onlyPortalOwner(portal) {
+    if (signers.length != authorizationStatus.length) revert ArrayLengthMismatch();
+
+    for (uint256 i = 0; i < signers.length; i++) {
+      authorizedSigners[portal][signers[i]] = authorizationStatus[i];
+    }
+
+    emit SignersAuthorized(portal, signers, authorizationStatus);
+  }
+
+  /**
+   * @inheritdoc AbstractModuleV2
+   * @param attestationPayload The Payload of the attestation
+   * @param validationPayload The validation payload required for the module, in this case the signature of the payload
+   * @param portal The Portal issuing the attestation
+   * @notice If the signer of the transaction payload is not an expected address, an error is thrown
+   */
+  function run(
+    AttestationPayload memory attestationPayload,
+    bytes memory validationPayload,
+    address /*initialCaller*/,
+    uint256 /*value*/,
+    address /*attester*/,
+    address portal
+  ) public view override {
+    bytes32 messageHash = keccak256(abi.encode(attestationPayload));
+    address messageSigner = messageHash.toEthSignedMessageHash().recover(validationPayload);
+    if (!authorizedSigners[portal][messageSigner]) revert SignerNotAuthorized();
+  }
+}
diff --git a/contracts/src/stdlib/ERC1271ModuleV2.sol b/contracts/src/stdlib/ERC1271ModuleV2.sol
@@ -0,0 +1,101 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.21;
+
+import { AbstractModuleV2 } from "../abstracts/AbstractModuleV2.sol";
+import { PortalRegistry } from "../PortalRegistry.sol";
+import { AttestationPayload } from "../types/Structs.sol";
+import { ECDSA } from "openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol";
+import { SignatureChecker } from "openzeppelin-contracts/contracts/utils/cryptography/SignatureChecker.sol";
+import { IERC1271 } from "openzeppelin-contracts/contracts/interfaces/IERC1271.sol";
+import { Address } from "openzeppelin-contracts/contracts/utils/Address.sol";
+
+/**
+ * @title ERC-1271 Module V2
+ * @author Consensys
+ * @notice This Module can be used by Portal creators to
+ *         require an ERC_1271 signature of the attestation payload
+ *         from an authorized signer before issuing the attestation.
+ * @dev DISCLAIMER: This module doesn't check that a signature can be used only once!
+ */
+contract ERC1271ModuleV2 is AbstractModuleV2 {
+  using ECDSA for bytes32;
+  using Address for address;
+
+  PortalRegistry public portalRegistry;
+
+  mapping(address portal => mapping(address signer => bool authorizedSigners)) public authorizedSigners;
+
+  /// @notice Error thrown when an array length mismatch occurs
+  error ArrayLengthMismatch();
+  /// @notice Error thrown when a signer is not authorized by the module
+  error SignerNotAuthorized();
+  /// @notice Error thrown when a signature is invalid
+  error InvalidSignature();
+  /// @notice Error thrown when a signature validation fails
+  error FailedValidation();
+
+  /// @notice Event emitted when the authorized signers are set
+  event SignersAuthorized(address indexed portal, address[] signers, bool[] authorizationStatus);
+
+  modifier onlyPortalOwner(address portal) {
+    if (msg.sender != portalRegistry.getPortalByAddress(portal).ownerAddress) revert OnlyPortalOwner();
+    _;
+  }
+
+  /**
+   * @notice Contract constructor sets the portal registry
+   */
+  constructor(address _portalRegistry) {
+    portalRegistry = PortalRegistry(_portalRegistry);
+  }
+
+  /**
+   * @notice Set the accepted status of schemaIds
+   * @param signers The signers to be set
+   * @param authorizationStatus The authorization status of signers
+   * @dev The length of `signers` and `authorizationStatus` must be the same
+   */
+  function setAuthorizedSigners(
+    address portal,
+    address[] memory signers,
+    bool[] memory authorizationStatus
+  ) public onlyPortalOwner(portal) {
+    if (signers.length != authorizationStatus.length) revert ArrayLengthMismatch();
+
+    for (uint256 i = 0; i < signers.length; i++) {
+      authorizedSigners[portal][signers[i]] = authorizationStatus[i];
+    }
+
+    emit SignersAuthorized(portal, signers, authorizationStatus);
+  }
+
+  /**
+   * @inheritdoc AbstractModuleV2
+   * @param attestationPayload The Payload of the attestation
+   * @param validationPayload The validation payload required for the module, in this case the signature of the payload
+   * @param portal The Portal issuing the attestation
+   * @notice If the signer of the transaction payload is not an expected address, an error is thrown
+   */
+  function run(
+    AttestationPayload memory attestationPayload,
+    bytes memory validationPayload,
+    address /*initialCaller*/,
+    uint256 /*value*/,
+    address /*attester*/,
+    address portal
+  ) public view override {
+    bytes32 messageHash = keccak256(abi.encode(attestationPayload));
+    address messageSigner = messageHash.toEthSignedMessageHash().recover(validationPayload);
+    if (!authorizedSigners[portal][messageSigner]) revert SignerNotAuthorized();
+
+    if (messageSigner.isContract()) {
+      try IERC1271(messageSigner).isValidSignature(messageHash.toEthSignedMessageHash(), validationPayload) returns (
+        bytes4 magicValue
+      ) {
+        if (magicValue != IERC1271.isValidSignature.selector) revert InvalidSignature();
+      } catch {
+        revert FailedValidation();
+      }
+    }
+  }
+}