Skip to content

Barz v2 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
PowerStream3604 wants to merge 14 commits into
base: develop
Choose a base branch
from
Draft

Barz v2 #2

PowerStream3604 wants to merge 14 commits into from

Conversation

@PowerStream3604
Copy link
Contributor

@PowerStream3604 PowerStream3604 commented Aug 29, 2024

Barz V2 Upgrade

1. Add Multi-tier Module System

  • Add Facet Guard for permission access control between Facets & Modules
  • Support ERC 7579 (Executor, Validator, Hook, FallbackHandler, Policy and Signer through Permission)
  • Support ERC 6900 v0.8 - Work in Progress

Concept and Distinction between Facets and Modules

image

Architecture of Facets in Multi-tier Module System

  1. MMSAFacet makes Barz to be ERC 7579 Compliant
  2. MSCAFacet makes Barz to be ERC 6900 Compliant
image

2. Add V2 Migrator Facet

  • Facilitate Secure Migration to V2

3. Update Compiler Version to 0.8.26

  • Compiler Update

@PowerStream3604 PowerStream3604 marked this pull request as draft August 29, 2024 13:19
zeroknots
zeroknots reviewed Sep 3, 2024
View reviewed changes
contracts/facets/mmsa/MMSAFacet.sol
function execute(
ExecMode _mode,
bytes calldata _executionCalldata
) external payable override onlyEntryPointOrSelf onlyWhenUnlocked withHook {
Copy link

@zeroknots zeroknots Sep 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

allowing self-call in execute functions should be considered carefully.

there is an attack scenario here, where a user is tricked to permit a session key access to address(this).execute(), not knowing what this permission really entails.

the session key can then build a userop. that has userop.calldata with two nested executions, the first one passing the sessionkey permission, the 2nd one would be arbitrary executions. this can lead to loss of funds

Copy link
Contributor Author

@PowerStream3604 PowerStream3604 Sep 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zeroknots Actually, the execute function of the 7579 part, the MMSAFacet's execute() cannot make a self call.
Self calls can only be made when the user uses the default VerificationFacet for UserOp Validation and use executeSingle() / executeBatch() from AccountFacetV2 for execution.

But it's a good callout, something worth deep consideration.

@Mehdisirjani3510
Copy link

Mehdisirjani3510 commented Nov 8, 2025

Msirjani2015@gmail.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@zeroknots zeroknots zeroknots left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PowerStream3604 @Mehdisirjani3510 @zeroknots