added EIP-4337-like nonce

Author: d10r

packages/ethereum-contracts/contracts/utils/Only712MacroForwarder.sol

@@ -7,12 +7,51 @@ import { IUserDefined712Macro } from "../interfaces/utils/IUserDefinedMacro.sol"
 import { ISuperfluid } from "../interfaces/superfluid/ISuperfluid.sol";
 import { ForwarderBase } from "./ForwarderBase.sol";
 
+
+/**
+ * Nonce management functionality following the semantics of ERC-4337.
+ * Each nonce consists of a 192-bit key and a 64-bit sequence number.
+ * This allows senders to both have a practically unlimited number of parallel operations
+ * (meaning signed pending transactions can't block each other), and also the option to enforce
+ * sequential execution according to the sequence number.
+ */
+abstract contract NonceManager {
+    /// nonce already used or out of sequence
+    error InvalidNonce(address sender, uint256 nonce);
+
+    /// data structure keeping track of the next sequence number by sender and key
+    mapping(address => mapping(uint192 => uint256)) internal _nonceSequenceNumber;
+
+    /// Returns the next nonce for a given sender and key
+    function getNonce(address sender, uint192 key) public virtual view returns (uint256 nonce) {
+        return _nonceSequenceNumber[sender][key] | (uint256(key) << 64);
+    }
+
+    /// validates the nonce and updates the data structure for correct sequencing
+    function _validateAndUpdateNonce(address sender, uint256 nonce) internal virtual {
+        uint192 key = uint192(nonce >> 64);
+        uint64 seq = uint64(nonce);
+        if (_nonceSequenceNumber[sender][key]++ != seq) {
+            revert InvalidNonce(sender, nonce);
+        }
+    }
+}
+
 /**
  * @dev EIP-712-aware macro forwarder (clear signing).
  * In this minimal iteration: decodes payload as appParams and passes through to the macro.
  * Envelope verification, nonce, and registry checks to be added in follow-up.
+ *
+ * TODO:
+ * -[] use SimpleACL as registry
+ * -[X] add nonce verification
+ * -[] add missing fields
+ * -[] extract interface definition
+ * -[] review naming
  */
-contract Only712MacroForwarder is ForwarderBase, EIP712 {
+contract Only712MacroForwarder is ForwarderBase, EIP712, NonceManager {
+
+    // STRUCTS AND CONSTANTS
 
     // top-level data structure
     // TODO: is "payload" a good name? Does EIP-712 give a good hint for naming this? Something "primary"?
@@ -44,18 +83,27 @@ contract Only712MacroForwarder is ForwarderBase, EIP712 {
     bytes internal constant _TYPEDEF_SECURITY = "Security(string provider,uint256 nonce)";
     bytes32 internal constant _TYPEHASH_SECURITY = keccak256(_TYPEDEF_SECURITY);
 
+    // ERRORS
+
     error InvalidPayload(string message);
     error InvalidProvider(string provider);
     error InvalidSignature();
 
+    // INITIALIZATION
+
     // Here EIP712 domain name and version are set.
     // TODO: should the name include "Superfluid"?
     constructor(ISuperfluid host, address /*registry*/) ForwarderBase(host) EIP712("ClearSigning", "1") {}
 
+    // PUBLIC FUNCTIONS
+
     /**
      * @dev Run the macro with encoded payload (generic + macro specific fragments).
      * @param m Target macro.
      * @param params Encoded payload
+     * @param signer The signer of the payload
+     * @param signature The signature of the payload
+     * @return bool True if the macro was executed successfully
      */
     function runMacro(IUserDefined712Macro m, bytes calldata params, address signer, bytes calldata signature)
         external payable
@@ -67,7 +115,8 @@ contract Only712MacroForwarder is ForwarderBase, EIP712 {
             keccak256(bytes(payload.security.provider)) == keccak256(bytes("macros.superfluid.eth")),
             InvalidProvider(payload.security.provider)
         );
-        // TODO: verify nonce (replay protection)
+
+        _validateAndUpdateNonce(signer, payload.security.nonce);
 
         bytes32 digest = _getDigest(m, payload);
 
@@ -106,9 +155,7 @@ contract Only712MacroForwarder is ForwarderBase, EIP712 {
         return _getDigest(m, abi.decode(params, (Payload)));
     }
 
-    // ==============================
-    // Internal functions
-    // ==============================
+    // INTERNAL FUNCTIONS
 
     function _getTypeDefinition(IUserDefined712Macro m) internal view returns (string memory) {
         return string(abi.encodePacked(

packages/ethereum-contracts/test/foundry/utils/Only712MacroForwarder.t.sol

@@ -5,7 +5,7 @@ import { VmSafe } from "forge-std/Vm.sol";
 import { console } from "forge-std/console.sol";
 import { ISuperfluid, ISuperfluidToken } from "../../../contracts/interfaces/superfluid/ISuperfluid.sol";
 import { IUserDefined712Macro } from "../../../contracts/interfaces/utils/IUserDefinedMacro.sol";
-import { Only712MacroForwarder } from "../../../contracts/utils/Only712MacroForwarder.sol";
+import { Only712MacroForwarder, NonceManager } from "../../../contracts/utils/Only712MacroForwarder.sol";
 import { FoundrySuperfluidTester } from "../FoundrySuperfluidTester.t.sol";
 
 string constant MESSAGE_TITLE = "Hello 712";
@@ -14,12 +14,17 @@ string constant META_DOMAIN = "minimalmacro.xyz";
 string constant META_VERSION = "1";
 string constant SECURITY_PROVIDER = "macros.superfluid.eth";
 
-// returns the encoded payload for the example macro
+// returns the encoded payload for the example macro (nonce = key 1, sequence 0)
 function getTestPayload() pure returns (bytes memory) {
+    return getPayloadWithNonce(uint256(1) << 64);
+}
+
+// returns the encoded payload with the given nonce (for nonce tests)
+function getPayloadWithNonce(uint256 nonce) pure returns (bytes memory) {
     Only712MacroForwarder.Payload memory payload = Only712MacroForwarder.Payload({
         meta: Only712MacroForwarder.PayloadMeta({ domain: META_DOMAIN, version: META_VERSION }),
         message: Only712MacroForwarder.PayloadMessage({ title: MESSAGE_TITLE, customPayload: new bytes(0) }),
-        security: Only712MacroForwarder.PayloadSecurity({ provider: SECURITY_PROVIDER, nonce: 1 })
+        security: Only712MacroForwarder.PayloadSecurity({ provider: SECURITY_PROVIDER, nonce: nonce })
     });
     return abi.encode(payload);
 }
@@ -78,20 +83,10 @@ contract Only712MacroForwarderTest is FoundrySuperfluidTester {
         sf.governance.enableTrustedForwarder(sf.host, ISuperfluidToken(address(0)), address(forwarder));
     }
 
-    /**
-     * @dev Smoke test: build payload, get digest via getDigest(), sign with vm.createWallet + vm.sign,
-     *      call runMacro(m, params, signer, signature), assert success.
-     */
     function testRunMacro() external {
         VmSafe.Wallet memory signer = vm.createWallet("signer");
-        bytes memory params = getTestPayload();
-        bytes32 digest = forwarder.getDigest(IUserDefined712Macro(address(minimal712Macro)), params);
-        (uint8 v, bytes32 r, bytes32 s) = vm.sign(signer, digest);
-        bytes memory signatureVRS = abi.encodePacked(r, s, v);
-
-        vm.prank(signer.addr);
-        bool ok = forwarder.runMacro(IUserDefined712Macro(address(minimal712Macro)), params, signer.addr, signatureVRS);
-        assertTrue(ok);
+        (bytes memory params, bytes memory signatureVRS) = _signPayload(signer, uint256(1) << 64);
+        assertTrue(_runMacroAs(signer.addr, params, signatureVRS));
     }
 
     function testDigestCalculation() external view {
@@ -119,6 +114,47 @@ contract Only712MacroForwarderTest is FoundrySuperfluidTester {
         assertEq(digest, expectedDigest, "digest mismatch");
     }
 
+    function testGetNonce(uint192 key) external {
+        VmSafe.Wallet memory signer = vm.createWallet("signer");
+
+        for (uint256 i = 0; i < 10; i++) {
+            uint256 nonce = forwarder.getNonce(signer.addr, key);
+            (bytes memory params, bytes memory signatureVRS) = _signPayload(signer, nonce);
+            assertTrue(_runMacroAs(signer.addr, params, signatureVRS), "runMacro with getNonce() nonce should succeed");
+        }
+    }
+
+    function testCannotReuseNonce(uint192 key) external {
+        VmSafe.Wallet memory signer = vm.createWallet("signer");
+
+        uint256 nonce = forwarder.getNonce(signer.addr, key);
+        (bytes memory params, bytes memory signatureVRS) = _signPayload(signer, nonce);
+        assertTrue(_runMacroAs(signer.addr, params, signatureVRS));
+
+        vm.expectRevert(abi.encodeWithSelector(NonceManager.InvalidNonce.selector, signer.addr, nonce));
+        _runMacroAs(signer.addr, params, signatureVRS);
+    }
+
+    /// For a given key, nonces must be used in sequence (0, 1, 2, ...). Skipping must revert.
+    function testNonceEnforceInSequence(uint192 key) external {
+        VmSafe.Wallet memory signer = vm.createWallet("signer");
+
+        // Using seq=1 before seq=0 must revert
+        uint256 nonceSeq1 = (uint256(key) << 64) | 1;
+        (bytes memory paramsSeq1, bytes memory sig1) = _signPayload(signer, nonceSeq1);
+
+        vm.expectRevert(abi.encodeWithSelector(NonceManager.InvalidNonce.selector, signer.addr, nonceSeq1));
+        _runMacroAs(signer.addr, paramsSeq1, sig1);
+
+        // seq=0 must succeed
+        uint256 nonceSeq0 = uint256(key) << 64;
+        (bytes memory paramsSeq0, bytes memory sig0) = _signPayload(signer, nonceSeq0);
+        assertTrue(_runMacroAs(signer.addr, paramsSeq0, sig0));
+
+        // now seq=1 must succeed
+        assertTrue(_runMacroAs(signer.addr, paramsSeq1, sig1));
+    }
+
     // example: https://github.com/vaquita-fi/vaquita-lisk/blob/c4964af9157c9cca9cfb167ac1a4450e36edb29e/contracts/test/VaquitaPool.t.sol#L142
     // The splitting up into many functions avoids stack too deep error.
     function getDataToBeSignedJson() internal view returns (string memory) {
@@ -216,9 +252,25 @@ contract Only712MacroForwarderTest is FoundrySuperfluidTester {
     }
 
     function _getSecurityJson() internal pure returns (string memory) {
+        // Use string for nonce so Foundry's JSON parser accepts 2^64 as uint256 (avoids type mismatch)
         return string(abi.encodePacked(
             '"provider": "', SECURITY_PROVIDER, '",',
-            '"nonce": ', '1'
+            '"nonce": "', vm.toString(uint256(1) << 64), '"'
         ));
     }
+
+    function _runMacroAs(address from, bytes memory params, bytes memory signatureVRS) internal returns (bool) {
+        vm.prank(from);
+        return forwarder.runMacro(minimal712Macro, params, from, signatureVRS);
+    }
+
+    function _signPayload(VmSafe.Wallet memory signer, uint256 nonce)
+        internal
+        returns (bytes memory params, bytes memory signatureVRS)
+    {
+        params = getPayloadWithNonce(nonce);
+        bytes32 digest = forwarder.getDigest(minimal712Macro, params);
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(signer, digest);
+        signatureVRS = abi.encodePacked(r, s, v);
+    }
 }