Add PaymasterNFT and PaymasterERC20 (#75)

Co-authored-by: Arr00 <[email protected]>
Co-authored-by: Ernesto García <[email protected]>

Author: 3 people

CHANGELOG.md

@@ -1,3 +1,8 @@
+## XX-XX-XXXX
+
+- `PaymasterNFT`: Extension of `PaymasterCore` that approves sponsoring of user operation based on ownership of an ERC-721 NFT.
+- `PaymasterERC20`: Extension of `PaymasterCore` that sponsors user operations against payment in ERC-20 tokens.
+
 ## 28-03-2025
 
 - Deprecate `Account` and rename `AccountCore` to `Account`.

contracts/account/paymaster/PaymasterERC20.sol

@@ -0,0 +1,145 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {ERC4337Utils, PackedUserOperation} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
+import {PaymasterCore} from "./PaymasterCore.sol";
+
+/**
+ * @dev Extension of {PaymasterCore} that enables users to pay gas with ERC-20 tokens.
+ *
+ * To enable this feature, developers must implement the {fetchDetails} function:
+ *
+ * ```solidity
+ * function _fetchDetails(
+ *     PackedUserOperation calldata userOp,
+ *     bytes32 userOpHash
+ * ) internal view override returns (uint256 validationData, IERC20 token, uint256 tokenPrice, address guarantor) {
+ *     // Implement logic to fetch the token, token price, and guarantor address from the userOp
+ * }
+ * ```
+ */
+abstract contract PaymasterERC20 is PaymasterCore {
+    using ERC4337Utils for *;
+    using Math for *;
+    using SafeERC20 for IERC20;
+
+    event UserOperationSponsored(
+        bytes32 indexed userOpHash,
+        address indexed user,
+        address indexed guarantor,
+        uint256 tokenAmount,
+        uint256 tokenPrice,
+        bool paidByGuarantor
+    );
+
+    // Over-estimations: ERC-20 balances/allowances may be cold and contracts may not be optimized
+    uint256 private constant POST_OP_COST = 30_000;
+    uint256 private constant POST_OP_COST_WITH_GUARANTOR = 45_000;
+
+    /// @inheritdoc PaymasterCore
+    function _validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 userOpHash,
+        uint256 maxCost
+    ) internal virtual override returns (bytes memory context, uint256 validationData) {
+        (uint256 validationData_, IERC20 token, uint256 tokenPrice, address guarantor) = _fetchDetails(
+            userOp,
+            userOpHash
+        );
+
+        uint256 prefundAmount = (maxCost +
+            (guarantor == address(0)).ternary(POST_OP_COST, POST_OP_COST_WITH_GUARANTOR) *
+            userOp.maxFeePerGas()).mulDiv(tokenPrice, _tokenPriceDenominator());
+
+        // if validation is obviously failed, don't even try to do the ERC-20 transfer
+        return
+            (validationData_ != ERC4337Utils.SIG_VALIDATION_FAILED &&
+                token.trySafeTransferFrom(
+                    guarantor == address(0) ? userOp.sender : guarantor,
+                    address(this),
+                    prefundAmount
+                ))
+                ? (
+                    abi.encodePacked(userOpHash, token, prefundAmount, tokenPrice, userOp.sender, guarantor),
+                    validationData_
+                )
+                : (bytes(""), ERC4337Utils.SIG_VALIDATION_FAILED);
+    }
+
+    /// @inheritdoc PaymasterCore
+    function _postOp(
+        PostOpMode /* mode */,
+        bytes calldata context,
+        uint256 actualGasCost,
+        uint256 actualUserOpFeePerGas
+    ) internal virtual override {
+        bytes32 userOpHash = bytes32(context[0x00:0x20]);
+        IERC20 token = IERC20(address(bytes20(context[0x20:0x34])));
+        uint256 prefundAmount = uint256(bytes32(context[0x34:0x54]));
+        uint256 tokenPrice = uint256(bytes32(context[0x54:0x74]));
+        address user = address(bytes20(context[0x74:0x88]));
+        address guarantor = address(bytes20(context[0x88:0x9C]));
+
+        uint256 actualAmount = (actualGasCost +
+            (guarantor == address(0)).ternary(POST_OP_COST, POST_OP_COST_WITH_GUARANTOR) *
+            actualUserOpFeePerGas).mulDiv(tokenPrice, _tokenPriceDenominator());
+
+        if (guarantor == address(0)) {
+            token.safeTransfer(user, prefundAmount - actualAmount);
+            emit UserOperationSponsored(userOpHash, user, address(0), actualAmount, tokenPrice, false);
+        } else if (token.trySafeTransferFrom(user, address(this), actualAmount)) {
+            token.safeTransfer(guarantor, prefundAmount);
+            emit UserOperationSponsored(userOpHash, user, guarantor, actualAmount, tokenPrice, false);
+        } else {
+            token.safeTransfer(guarantor, prefundAmount - actualAmount);
+            emit UserOperationSponsored(userOpHash, user, guarantor, actualAmount, tokenPrice, true);
+        }
+    }
+
+    /**
+     * @dev Retrieves payment details for a user operation
+     *
+     * The values returned by this internal function are:
+     * * `validationData`: ERC-4337 validation data, indicating success/failure and optional time validity (`validAfter`, `validUntil`).
+     * * `token`: Address of the ERC-20 token used for payment to the paymaster.
+     * * `tokenPrice`: Price of the token in native currency, scaled by `_tokenPriceDenominator()`.
+     * * `guarantor`: Address of an entity advancing funds if the user lacks them; receives tokens during execution or pays if the user can't.
+     *
+     * ==== Calculating the token price
+     *
+     * Given gas fees are paid in native currency, developers can use the `ERC20 price unit / native price unit` ratio to
+     * calculate the price of an ERC20 token price in native currency. However, the token may have a different number of decimals
+     * than the native currency. For a a generalized formula considering prices in USD and decimals, consider using:
+     *
+     * `(<ERC-20 token price in $> / 10**<ERC-20 decimals>) / (<Native token price in $> / 1e18) * _tokenPriceDenominator()`
+     *
+     * For example, suppose token is USDC ($1 with 6 decimals) and native currency is ETH (assuming $2524.86 with 18 decimals),
+     * then each unit (1e-6) of USDC is worth `(1 / 1e6) / ((252486 / 1e2) / 1e18) = 396061563.8094785` wei. The `_tokenPriceDenominator()`
+     * ensures precision by avoiding fractional value loss. (i.e. the 0.8094785 part).
+     *
+     * ==== Guarantor
+     *
+     * To support a guarantor, developers can use the `paymasterData` field to store the guarantor's address. Developers can disable
+     * support for a guarantor by returning `address(0)`. If supported, ensure explicit consent (e.g., signature verification) to prevent
+     * unauthorized use.
+     */
+    function _fetchDetails(
+        PackedUserOperation calldata userOp,
+        bytes32 userOpHash
+    ) internal view virtual returns (uint256 validationData, IERC20 token, uint256 tokenPrice, address guarantor);
+
+    /// @dev Denominator used for interpreting the `tokenPrice` returned by {_fetchDetails} as "fixed point".
+    function _tokenPriceDenominator() internal view virtual returns (uint256) {
+        return 1e18;
+    }
+
+    /// @dev Public function that allows the withdrawer to extract ERC-20 tokens resulting from gas payments.
+    function withdrawTokens(IERC20 token, address recipient, uint256 amount) public virtual onlyWithdrawer {
+        if (amount == type(uint256).max) amount = token.balanceOf(address(this));
+        token.safeTransfer(recipient, amount);
+    }
+}

contracts/account/paymaster/PaymasterNFT.sol

@@ -0,0 +1,57 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {IERC721} from "@openzeppelin/contracts/interfaces/IERC721.sol";
+import {ERC4337Utils, PackedUserOperation} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+import {PaymasterCore} from "./PaymasterCore.sol";
+
+/**
+ * @dev Extension of {PaymasterCore} that supports account based on ownership of an ERC-721 token.
+ *
+ * This paymaster will sponsor user operations if the user has at least 1 token of the token specified
+ * during construction (or via {_setToken}).
+ */
+abstract contract PaymasterNFT is PaymasterCore {
+    IERC721 private _token;
+
+    /// @dev Emitted when the paymaster token is set.
+    event PaymasterNFTTokenSet(IERC721 token);
+
+    constructor(IERC721 token_) {
+        _setToken(token_);
+    }
+
+    /// @dev ERC-721 token used to validate the user operation.
+    function token() public virtual returns (IERC721) {
+        return _token;
+    }
+
+    /// @dev Sets the ERC-721 token used to validate the user operation.
+    function _setToken(IERC721 token_) internal virtual {
+        _token = token_;
+        emit PaymasterNFTTokenSet(token_);
+    }
+
+    /**
+     * @dev Internal validation of whether the paymaster is willing to pay for the user operation.
+     * Returns the context to be passed to postOp and the validation data.
+     *
+     * NOTE: The default `context` is `bytes(0)`. Developers that add a context when overriding this function MUST
+     * also override {_postOp} to process the context passed along.
+     */
+    function _validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 /* userOpHash */,
+        uint256 /* maxCost */
+    ) internal virtual override returns (bytes memory context, uint256 validationData) {
+        return (
+            bytes(""),
+            // balanceOf reverts if the `userOp.sender` is the address(0), so this becomes unreachable with address(0)
+            // assuming a compliant entrypoint (`_validatePaymasterUserOp` is called after `validateUserOp`),
+            token().balanceOf(userOp.sender) == 0
+                ? ERC4337Utils.SIG_VALIDATION_FAILED
+                : ERC4337Utils.SIG_VALIDATION_SUCCESS
+        );
+    }
+}

contracts/mocks/ERC20Mock.sol

@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+abstract contract ERC20Mock is ERC20 {}

contracts/mocks/ERC721Mock.sol

@@ -2,6 +2,6 @@
 
 pragma solidity ^0.8.20;
 
-import {ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol";
+import {ERC721Enumerable} from "@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol";
 
-abstract contract ERC721Mock is ERC721 {}
+abstract contract ERC721Mock is ERC721Enumerable {}

contracts/mocks/account/paymaster/PaymasterERC20Mock.sol

@@ -0,0 +1,127 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
+import {ERC4337Utils, PackedUserOperation} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {SignatureChecker} from "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol";
+import {PaymasterERC20, IERC20} from "../../../account/paymaster/PaymasterERC20.sol";
+
+/**
+ * NOTE: struct or the expected paymaster data is:
+ * * [0x00:0x14                      ] token                 (IERC20)
+ * * [0x14:0x1a                      ] validAfter            (uint48)
+ * * [0x1a:0x20                      ] validUntil            (uint48)
+ * * [0x20:0x40                      ] tokenPrice            (uint256)
+ * * [0x40:0x54                      ] oracle                (address)
+ * * [0x54:0x68                      ] guarantor             (address) (optional: 0 if no guarantor)
+ * * [0x68:0x6a                      ] oracleSignatureLength (uint16)
+ * * [0x6a:0x6a+oracleSignatureLength] oracleSignature       (bytes)
+ * * [0x6a+oracleSignatureLength:    ] guarantorSignature    (bytes)
+ */
+abstract contract PaymasterERC20Mock is EIP712, PaymasterERC20, AccessControl {
+    using ERC4337Utils for *;
+
+    bytes32 private constant ORACLE_ROLE = keccak256("ORACLE_ROLE");
+    bytes32 private constant WITHDRAWER_ROLE = keccak256("WITHDRAWER_ROLE");
+    bytes32 private constant TOKEN_PRICE_TYPEHASH =
+        keccak256("TokenPrice(address token,uint48 validAfter,uint48 validUntil,uint256 tokenPrice)");
+    bytes32 private constant PACKED_USER_OPERATION_TYPEHASH =
+        keccak256(
+            "PackedUserOperation(address sender,uint256 nonce,bytes initCode,bytes callData,bytes32 accountGasLimits,uint256 preVerificationGas,bytes32 gasFees,bytes paymasterAndData)"
+        );
+
+    function _authorizeWithdraw() internal override onlyRole(WITHDRAWER_ROLE) {}
+
+    function _fetchDetails(
+        PackedUserOperation calldata userOp,
+        bytes32 /* userOpHash */
+    )
+        internal
+        view
+        virtual
+        override
+        returns (uint256 validationData, IERC20 token, uint256 tokenPrice, address guarantor)
+    {
+        uint256 validationData1;
+        uint256 validationData2;
+        (validationData1, token, tokenPrice) = _fetchOracleDetails(userOp);
+        (validationData2, guarantor) = _fetchGuarantorDetails(userOp);
+        validationData = ERC4337Utils.combineValidationData(validationData1, validationData2);
+    }
+
+    function _fetchOracleDetails(
+        PackedUserOperation calldata userOp
+    ) private view returns (uint256 validationData, IERC20 token, uint256 tokenPrice) {
+        bytes calldata paymasterData = userOp.paymasterData();
+
+        // parse oracle and oracle signature
+        address oracle = address(bytes20(paymasterData[0x40:0x54]));
+
+        // check oracle is registered
+        if (!hasRole(ORACLE_ROLE, oracle)) return (ERC4337Utils.SIG_VALIDATION_FAILED, IERC20(address(0)), 0);
+
+        // parse repayment details
+        token = IERC20(address(bytes20(paymasterData[0x00:0x14])));
+        uint48 validAfter = uint48(bytes6(paymasterData[0x14:0x1a]));
+        uint48 validUntil = uint48(bytes6(paymasterData[0x1a:0x20]));
+        tokenPrice = uint256(bytes32(paymasterData[0x20:0x40]));
+
+        // verify signature
+        validationData = SignatureChecker
+            .isValidSignatureNow(
+                oracle,
+                _hashTypedDataV4(
+                    keccak256(abi.encode(TOKEN_PRICE_TYPEHASH, token, validAfter, validUntil, tokenPrice))
+                ),
+                paymasterData[0x6a:0x6a + uint16(bytes2(paymasterData[0x68:0x6a]))]
+            )
+            .packValidationData(validAfter, validUntil);
+    }
+
+    function _fetchGuarantorDetails(
+        PackedUserOperation calldata userOp
+    ) private view returns (uint256 validationData, address guarantor) {
+        bytes calldata paymasterData = userOp.paymasterData();
+
+        // parse guarantor details
+        guarantor = address(bytes20(paymasterData[0x54:0x68]));
+
+        if (guarantor == address(0)) {
+            validationData = ERC4337Utils.SIG_VALIDATION_SUCCESS;
+        } else {
+            // parse guarantor signature
+            uint16 oracleSignatureLength = uint16(bytes2(paymasterData[0x68:0x6a]));
+            bytes calldata guarantorSignature = paymasterData[0x6a + oracleSignatureLength:];
+
+            // check guarantor signature is valid
+            validationData = SignatureChecker.isValidSignatureNow(
+                guarantor,
+                _hashTypedDataV4(_getStructHashWithoutOracleAndGuarantorSignature(userOp)),
+                guarantorSignature
+            )
+                ? ERC4337Utils.SIG_VALIDATION_SUCCESS
+                : ERC4337Utils.SIG_VALIDATION_FAILED;
+        }
+    }
+
+    function _getStructHashWithoutOracleAndGuarantorSignature(
+        PackedUserOperation calldata userOp
+    ) private pure returns (bytes32) {
+        return
+            keccak256(
+                abi.encode(
+                    PACKED_USER_OPERATION_TYPEHASH,
+                    userOp.sender,
+                    userOp.nonce,
+                    keccak256(userOp.initCode),
+                    keccak256(userOp.callData),
+                    userOp.accountGasLimits,
+                    userOp.preVerificationGas,
+                    userOp.gasFees,
+                    keccak256(userOp.paymasterAndData[:0x9c]) // 0x34 (paymasterDataOffset) + 0x68 (token + validAfter + validUntil + tokenPrice + oracle + guarantor)
+                )
+            );
+    }
+}

contracts/mocks/account/paymaster/PaymasterNFTMock.sol

@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {ERC4337Utils, PackedUserOperation} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+import {PaymasterNFT} from "../../../account/paymaster/PaymasterNFT.sol";
+
+abstract contract PaymasterNFTContextNoPostOpMock is PaymasterNFT, Ownable {
+    using ERC4337Utils for *;
+
+    function _validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 userOpHash,
+        uint256 requiredPreFund
+    ) internal override returns (bytes memory context, uint256 validationData) {
+        // use the userOp's callData as context;
+        context = userOp.callData;
+        // super call (PaymasterNFT) for the validation data
+        (, validationData) = super._validatePaymasterUserOp(userOp, userOpHash, requiredPreFund);
+    }
+
+    function _authorizeWithdraw() internal override onlyOwner {}
+}
+
+abstract contract PaymasterNFTMock is PaymasterNFTContextNoPostOpMock {
+    event PaymasterDataPostOp(bytes paymasterData);
+
+    function _postOp(
+        PostOpMode mode,
+        bytes calldata context,
+        uint256 actualGasCost,
+        uint256 actualUserOpFeePerGas
+    ) internal override {
+        emit PaymasterDataPostOp(context);
+        super._postOp(mode, context, actualGasCost, actualUserOpFeePerGas);
+    }
+}