Add PaymasterCore and PaymasterSigner (#71)

Co-authored-by: Hadrien Croubois <[email protected]>

Author: ernestognw

contracts/account/AccountCore.sol

@@ -47,7 +47,7 @@ abstract contract AccountCore is AbstractSigner, IAccount {
      * @dev Canonical entry point for the account that forwards and validates user operations.
      */
     function entryPoint() public view virtual returns (IEntryPoint) {
-        return IEntryPoint(0x0000000071727De22E5E9d8BAf0edAc6f37da032);
+        return ERC4337Utils.ENTRYPOINT;
     }
 
     /**

contracts/account/paymaster/PaymasterCore.sol

@@ -0,0 +1,138 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {ERC4337Utils} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+import {IEntryPoint, IPaymaster, PackedUserOperation} from "@openzeppelin/contracts/interfaces/draft-IERC4337.sol";
+import {ERC4337Utils} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+
+/**
+ * @dev A simple ERC4337 paymaster implementation. This base implementation only includes the minimal logic to validate
+ * and pay for user operations.
+ *
+ * Developers must implement the {PaymasterCore-_validatePaymasterUserOp} function to define the paymaster's validation
+ * and payment logic. The `context` parameter is used to pass data between the validation and execution phases.
+ *
+ * The paymaster includes support to call the {IEntryPointStake} interface to manage the paymaster's deposits and stakes
+ * through the internal functions {_deposit}, {_withdraw}, {_addStake}, {_unlockStake} and {_withdrawStake}.
+ *
+ * * Deposits are used to pay for user operations.
+ * * Stakes are used to guarantee the paymaster's reputation and obtain more flexibility in accessing storage.
+ *
+ * NOTE: See [Paymaster's unstaked reputation rules](https://eips.ethereum.org/EIPS/eip-7562#unstaked-paymasters-reputation-rules)
+ * for more details on the paymaster's storage access limitations.
+ */
+abstract contract PaymasterCore is IPaymaster {
+    /// @dev Unauthorized call to the paymaster.
+    error PaymasterUnauthorized(address sender);
+
+    /// @dev Revert if the caller is not the entry point.
+    modifier onlyEntryPoint() {
+        _checkEntryPoint();
+        _;
+    }
+
+    modifier onlyWithdrawer() {
+        _authorizeWithdraw();
+        _;
+    }
+
+    /// @dev Canonical entry point for the account that forwards and validates user operations.
+    function entryPoint() public view virtual returns (IEntryPoint) {
+        return ERC4337Utils.ENTRYPOINT;
+    }
+
+    /// @inheritdoc IPaymaster
+    function validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 userOpHash,
+        uint256 maxCost
+    ) public virtual onlyEntryPoint returns (bytes memory context, uint256 validationData) {
+        return _validatePaymasterUserOp(userOp, userOpHash, maxCost);
+    }
+
+    /// @inheritdoc IPaymaster
+    function postOp(
+        PostOpMode mode,
+        bytes calldata context,
+        uint256 actualGasCost,
+        uint256 actualUserOpFeePerGas
+    ) public virtual onlyEntryPoint {
+        _postOp(mode, context, actualGasCost, actualUserOpFeePerGas);
+    }
+
+    /**
+     * @dev Internal validation of whether the paymaster is willing to pay for the user operation.
+     * Returns the context to be passed to postOp and the validation data.
+     *
+     * The `requiredPreFund` is the amount the paymaster has to pay (in native tokens). It's calculated
+     * as `requiredGas * userOp.maxFeePerGas`, where `required` gas can be calculated from the user operation
+     * as `verificationGasLimit + callGasLimit + paymasterVerificationGasLimit + paymasterPostOpGasLimit + preVerificationGas`
+     */
+    function _validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 userOpHash,
+        uint256 requiredPreFund
+    ) internal virtual returns (bytes memory context, uint256 validationData);
+
+    /**
+     * @dev Handles post user operation execution logic. The caller must be the entry point.
+     *
+     * It receives the `context` returned by `_validatePaymasterUserOp`. Reverts by default
+     * since the function is not called if no context is returned by {validatePaymasterUserOp}.
+     *
+     * NOTE: The `actualUserOpFeePerGas` is not `tx.gasprice`. A user operation can be bundled with other transactions
+     * making the gas price of the user operation to differ.
+     */
+    function _postOp(
+        PostOpMode /* mode */,
+        bytes calldata /* context */,
+        uint256 /* actualGasCost */,
+        uint256 /* actualUserOpFeePerGas */
+    ) internal virtual {}
+
+    /// @dev Calls {IEntryPointStake-depositTo}.
+    function deposit() public payable virtual {
+        ERC4337Utils.depositTo(address(this), msg.value);
+    }
+
+    /// @dev Calls {IEntryPointStake-withdrawTo}.
+    function withdraw(address payable to, uint256 value) public virtual onlyWithdrawer {
+        ERC4337Utils.withdrawTo(to, value);
+    }
+
+    /// @dev Calls {IEntryPointStake-addStake}.
+    function addStake(uint32 unstakeDelaySec) public payable virtual {
+        ERC4337Utils.addStake(msg.value, unstakeDelaySec);
+    }
+
+    /// @dev Calls {IEntryPointStake-unlockStake}.
+    function unlockStake() public virtual onlyWithdrawer {
+        ERC4337Utils.unlockStake();
+    }
+
+    /// @dev Calls {IEntryPointStake-withdrawStake}.
+    function withdrawStake(address payable to) public virtual onlyWithdrawer {
+        ERC4337Utils.withdrawStake(to);
+    }
+
+    /// @dev Ensures the caller is the {entrypoint}.
+    function _checkEntryPoint() internal view virtual {
+        address sender = msg.sender;
+        if (sender != address(entryPoint())) {
+            revert PaymasterUnauthorized(sender);
+        }
+    }
+
+    /**
+     * @dev Checks whether `msg.sender` withdraw funds stake or deposit from the entrypoint on paymaster's behalf.
+     *
+     * Use of an https://docs.openzeppelin.com/contracts/5.x/access-control[access control]
+     * modifier such as {Ownable-onlyOwner} is recommended.
+     *
+     * ```solidity
+     * function _authorizeUpgrade() internal onlyOwner {}
+     * ```
+     */
+    function _authorizeWithdraw() internal virtual;
+}

contracts/account/paymaster/PaymasterSigner.sol

@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {PackedUserOperation} from "@openzeppelin/contracts/interfaces/draft-IERC4337.sol";
+import {ERC4337Utils} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {Calldata} from "@openzeppelin/contracts/utils/Calldata.sol";
+import {PaymasterCore} from "./PaymasterCore.sol";
+import {AbstractSigner} from "../../utils/cryptography/AbstractSigner.sol";
+
+/**
+ * @dev Extension of {PaymasterCore} that adds signature validation. See {SignerECDSA}, {SignerP256} or {SignerRSA}.
+ *
+ * Example of usage:
+ *
+ * ```solidity
+ * contract MyPaymasterECDSASigner is PaymasterSigner, SignerECDSA {
+ *     constructor() EIP712("MyPaymasterECDSASigner", "1") {
+ *       // Will revert if the signer is already initialized
+ *       _setSigner(signerAddr);
+ *     }
+ * }
+ * ```
+ */
+abstract contract PaymasterSigner is AbstractSigner, EIP712, PaymasterCore {
+    using ERC4337Utils for *;
+
+    bytes32 internal constant _USER_OPERATION_REQUEST =
+        keccak256(
+            "UserOperationRequest(address sender,uint256 nonce,bytes initCode,bytes callData,bytes32 accountGasLimits,uint256 preVerificationGas,bytes32 gasFees,uint256 paymasterVerificationGasLimit,uint256 paymasterPostOpGasLimit,uint48 validAfter,uint48 validUntil)"
+        );
+
+    /**
+     * @dev Virtual function that returns the signable hash for a user operations. Given the `userOpHash`
+     * contains the `paymasterAndData` itself, it's not possible to sign that value directly. Instead,
+     * this function must be used to provide a custom mechanism to authorize an user operation.
+     */
+    function _signableUserOpHash(
+        PackedUserOperation calldata userOp,
+        uint48 validAfter,
+        uint48 validUntil
+    ) internal view virtual returns (bytes32) {
+        return
+            _hashTypedDataV4(
+                keccak256(
+                    abi.encode(
+                        _USER_OPERATION_REQUEST,
+                        userOp.sender,
+                        userOp.nonce,
+                        keccak256(userOp.initCode),
+                        keccak256(userOp.callData),
+                        userOp.accountGasLimits,
+                        userOp.preVerificationGas,
+                        userOp.gasFees,
+                        userOp.paymasterVerificationGasLimit(),
+                        userOp.paymasterPostOpGasLimit(),
+                        validAfter,
+                        validUntil
+                    )
+                )
+            );
+    }
+
+    /**
+     * @dev Internal validation of whether the paymaster is willing to pay for the user operation.
+     * Returns the context to be passed to postOp and the validation data.
+     *
+     * NOTE: The `context` returned is `bytes(0)`. Developers overriding this function MUST
+     * override {_postOp} to process the context passed along.
+     */
+    function _validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 /* userOpHash */,
+        uint256 /* maxCost */
+    ) internal virtual override returns (bytes memory context, uint256 validationData) {
+        (uint48 validAfter, uint48 validUntil, bytes calldata signature) = _decodePaymasterUserOp(userOp);
+        return (
+            bytes(""),
+            _rawSignatureValidation(_signableUserOpHash(userOp, validAfter, validUntil), signature).packValidationData(
+                validAfter,
+                validUntil
+            )
+        );
+    }
+
+    /// @dev Decodes the user operation's data from `paymasterAndData`.
+    function _decodePaymasterUserOp(
+        PackedUserOperation calldata userOp
+    ) internal pure virtual returns (uint48 validAfter, uint48 validUntil, bytes calldata signature) {
+        bytes calldata paymasterData = userOp.paymasterData();
+        return (uint48(bytes6(paymasterData[0:6])), uint48(bytes6(paymasterData[6:12])), paymasterData[12:]);
+    }
+}

contracts/mocks/account/paymaster/PaymasterCoreMock.sol

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {PackedUserOperation} from "@openzeppelin/contracts/interfaces/draft-IERC4337.sol";
+import {ERC4337Utils} from "@openzeppelin/contracts/account/utils/draft-ERC4337Utils.sol";
+import {PaymasterSigner} from "../../../account/paymaster/PaymasterSigner.sol";
+import {SignerECDSA} from "../../../utils/cryptography/SignerECDSA.sol";
+
+abstract contract PaymasterCoreContextNoPostOpMock is PaymasterSigner, SignerECDSA, Ownable {
+    using ERC4337Utils for *;
+
+    function _validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 userOpHash,
+        uint256 requiredPreFund
+    ) internal override returns (bytes memory context, uint256 validationData) {
+        // use the userOp's paymasterData as context;
+        context = userOp.paymasterData();
+        // super call (PaymasterSigner + SignerECDSA) for the validation data
+        (, validationData) = super._validatePaymasterUserOp(userOp, userOpHash, requiredPreFund);
+    }
+
+    function _authorizeWithdraw() internal override onlyOwner {}
+}
+
+abstract contract PaymasterCoreMock is PaymasterCoreContextNoPostOpMock {
+    event PaymasterDataPostOp(bytes paymasterData);
+
+    function _postOp(
+        PostOpMode mode,
+        bytes calldata context,
+        uint256 actualGasCost,
+        uint256 actualUserOpFeePerGas
+    ) internal override {
+        emit PaymasterDataPostOp(context);
+        super._postOp(mode, context, actualGasCost, actualUserOpFeePerGas);
+    }
+}

contracts/mocks/docs/account/paymaster/MyPaymaster.sol

@@ -0,0 +1,23 @@
+// contracts/MyPaymaster.sol
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {PaymasterCore} from "../../../../account/paymaster/PaymasterCore.sol";
+import {PackedUserOperation} from "@openzeppelin/contracts/interfaces/draft-IERC4337.sol";
+
+contract MyPaymaster is PaymasterCore, Ownable {
+    constructor(address withdrawer) Ownable(withdrawer) {}
+
+    /// @dev Paymaster user op validation logic
+    function _validatePaymasterUserOp(
+        PackedUserOperation calldata userOp,
+        bytes32 userOpHash,
+        uint256 requiredPreFund
+    ) internal override returns (bytes memory context, uint256 validationData) {
+        // Custom validation logic
+    }
+
+    function _authorizeWithdraw() internal override onlyOwner {}
+}

contracts/mocks/docs/account/paymaster/MyPaymasterECDSA.sol

@@ -0,0 +1,17 @@
+// contracts/MyPaymasterECDSA.sol
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {PaymasterSigner, EIP712} from "../../../../account/paymaster/PaymasterSigner.sol";
+import {PackedUserOperation} from "@openzeppelin/contracts/interfaces/draft-IERC4337.sol";
+import {SignerECDSA} from "../../../../utils/cryptography/SignerECDSA.sol";
+
+contract MyPaymasterECDSA is PaymasterSigner, SignerECDSA, Ownable {
+    constructor(address paymasterSignerAddr, address withdrawer) EIP712("MyPaymasterECDSA", "1") Ownable(withdrawer) {
+        _setSigner(paymasterSignerAddr);
+    }
+
+    function _authorizeWithdraw() internal override onlyOwner {}
+}

contracts/utils/cryptography/SignerP256.sol

@@ -18,7 +18,7 @@ import {AbstractSigner} from "./AbstractSigner.sol";
  * contract MyAccountP256 is Account, SignerP256, Initializable {
  *     constructor() EIP712("MyAccountP256", "1") {}
  *
- *     function initializeSigner(bytes32 qx, bytes32 qy) public initializer {
+ *     function initialize(bytes32 qx, bytes32 qy) public initializer {
  *       _setSigner(qx, qy);
  *     }
  * }

contracts/utils/cryptography/SignerRSA.sol

@@ -18,7 +18,7 @@ import {AbstractSigner} from "./AbstractSigner.sol";
  * contract MyAccountRSA is Account, SignerRSA, Initializable {
  *     constructor() EIP712("MyAccountRSA", "1") {}
  *
- *     function initializeSigner(bytes memory e, bytes memory n) public initializer {
+ *     function initialize(bytes memory e, bytes memory n) public initializer {
  *       _setSigner(e, n);
  *     }
  * }

docs/modules/ROOT/pages/account-abstraction.adoc

@@ -70,6 +70,30 @@ include::api:example$account/MyFactoryAccount.sol[]
 
 You've setup your own account and its corresponding factory. Both are ready to be used with ERC-4337 infrastructure. Customizing the factory to other validation mechanisms must be straightforward.
 
+== Paymaster
+
+In case you want to sponsor user operation for your users, the ERC-4337 defines a special type of contract called Paymaster, whose purpose is to pay the gas fees consumed by the user operation. Developers can bootstrap their own paymaster with xref:api:utils.adoc#PaymasterCore[`PaymasterCore`] and implement a signature-based paymaster authorization with xref:api:utils.adoc#PaymasterSigner[`PaymasterSigner`] that they can combine with any xref:api:utils.adoc#AbstractSigner[`AbstractSigner`] quite easily.
+
+To enable operation sponsorship, users sign their user operation including a special field called `paymasterAndData` resulting from the concatenation of the paymaster they're using and the calldata that's going to be passed into xref:api:utils.adoc#PaymasterCore-validatePaymasterUserOp[`validatePaymasterUserOp`]. This function will use the passed bytes buffer to determine whether it will pay for the user operation or not.
+
+=== Setting up a paymaster
+
+To start your paymaster from scratch, the library provides xref:api:utils.adoc#PaymasterCore[`PaymasterCore`] with the basic logic you can extend to implement your own validation logic.
+
+[source,solidity]
+----
+include::api:example$account/paymaster/MyPaymaster.sol[]
+----
+
+TIP: Use https://docs.openzeppelin.com/contracts/5.x/api/account#ERC4337Utils[`ERC4337Utils`] to access paymaster-related fields of the userOp (e.g. `paymasterData`, `paymasterVerificationGasLimit`)
+
+The library also includes the xref:api:utils.adoc#PaymasterSigner[`PaymasterSigner`] that allows developers to setup a signature-based authorization paymaster. This is the easiest setup to start sponsoring user operations with an ECDSA signature (i.e. a regular ethereum signature).
+
+[source,solidity]
+----
+include::api:example$account/paymaster/MyPaymasterECDSA.sol[]
+----
+
 == ERC-4337 Overview
 
 The ERC-4337 is a detailed specification of how to implement the necessary logic to handle operations without making changes to the protocol level (i.e. the rules of the blockchain itself). This specification defines the following components:
@@ -136,6 +160,8 @@ To build your own factory, see xref:account-abstraction.adoc#account_factory[Acc
 
 A Paymaster is an optional entity that can sponsor gas fees for Accounts, or allow them to pay for those fees in ERC-20 instead of native currency. This abstracts gas away of the user experience in the same way that computational costs of cloud servers are abstracted away from end-users.
 
+To build your own paymaster, see xref:account-abstraction.adoc#paymaster[Paymaster]
+
 == Further notes
 
 === ERC-7739 Signatures