fix: STAA-15 remediation ii

Author: livingrockrises

src/StartaleSmartAccount.sol

@@ -6,10 +6,14 @@ import {BaseAccount} from './core/BaseAccount.sol';
 import {ERC7779Adapter} from './core/ERC7779Adapter.sol';
 import {ExecutionHelper} from './core/ExecutionHelper.sol';
 import {ModuleManager} from './core/ModuleManager.sol';
+
+import {IERC7579Account} from './interfaces/IERC7579Account.sol';
 import {IValidator} from './interfaces/IERC7579Module.sol';
 import {IStartaleSmartAccount} from './interfaces/IStartaleSmartAccount.sol';
+import {IAccountConfig} from './interfaces/core/IAccountConfig.sol';
 import {ExecutionLib} from './lib/ExecutionLib.sol';
 import {ACCOUNT_STORAGE_LOCATION} from './types/Constants.sol';
+import {IERC1271} from '@openzeppelin/contracts/interfaces/IERC1271.sol';
 import {IERC1155Receiver} from '@openzeppelin/contracts/token/ERC1155/IERC1155Receiver.sol';
 import {IERC721Receiver} from '@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol';
 import {IERC165} from '@openzeppelin/contracts/utils/introspection/IERC165.sol';
@@ -203,7 +207,6 @@ contract StartaleSmartAccount is
   /// @dev This function can only be called by the EntryPoint or the account itself for security reasons.
   function installInterface(bytes4 interfaceId) external payable onlyEntryPointOrSelf {
     _installInterface(interfaceId);
-    emit InterfaceInstalled(interfaceId);
   }
 
   /// @notice Installs multiple interfaces to the smart account.
@@ -347,7 +350,7 @@ contract StartaleSmartAccount is
       _getPreValidationHook(MODULE_TYPE_PREVALIDATION_HOOK_ERC4337), MODULE_TYPE_PREVALIDATION_HOOK_ERC4337
     );
     _tryUninstallFallbacks();
-    // Review: If we maintain banned selectors then clear them as well.
+    _uninstallAllInterfaces();
     _initSentinelLists();
   }
 
@@ -417,7 +420,9 @@ contract StartaleSmartAccount is
     AccountStorage storage ds = _getAccountStorage();
     if (
       interfaceId == type(IERC721Receiver).interfaceId || interfaceId == type(IERC1155Receiver).interfaceId
-        || interfaceId == type(IERC165).interfaceId
+        || interfaceId == type(IERC165).interfaceId || interfaceId == type(IERC1271).interfaceId
+        || interfaceId == type(IStartaleSmartAccount).interfaceId || interfaceId == type(IERC7579Account).interfaceId
+        || interfaceId == type(IAccountConfig).interfaceId
     ) {
       return true;
     }

src/core/ModuleManager.sol

@@ -376,6 +376,19 @@ abstract contract ModuleManager is AllStorage, EIP712, IModuleManager {
     delete ds.fallbackSelectors;
   }
 
+  /// @dev Uninstalls all interfaces from the smart account.
+  /// @dev This function is called in the _onRedelegation function in StartaleSmartAccount.sol
+  /// @notice clears all the storage variables related to interfaces.
+  function _uninstallAllInterfaces() internal {
+    AccountStorage storage ds = _getAccountStorage();
+    uint256 len = ds.installedIfaces.length;
+    for (uint256 i = 0; i < len; i++) {
+      bytes4 interfaceId = ds.installedIfaces[i];
+      _uninstallInterface(interfaceId);
+    }
+    delete ds.installedIfaces;
+  }
+
   /// @dev Sets the current hook in the storage to the specified address.
   /// @param hook The new hook address.
   function _setHook(address hook) internal virtual {
@@ -638,6 +651,7 @@ abstract contract ModuleManager is AllStorage, EIP712, IModuleManager {
   function _installInterface(bytes4 interfaceId) internal virtual {
     AccountStorage storage ds = _getAccountStorage();
     ds.supportedIfaces[interfaceId] = true;
+    ds.installedIfaces.push(interfaceId);
     emit InterfaceInstalled(interfaceId);
   }
 
@@ -646,6 +660,15 @@ abstract contract ModuleManager is AllStorage, EIP712, IModuleManager {
   function _uninstallInterface(bytes4 interfaceId) internal virtual {
     AccountStorage storage ds = _getAccountStorage();
     ds.supportedIfaces[interfaceId] = false;
+    // Remove interfaceId from installedIfaces via swap-and-pop
+    uint256 len = ds.installedIfaces.length;
+    for (uint256 i = 0; i < len; i++) {
+      if (ds.installedIfaces[i] == interfaceId) {
+        ds.installedIfaces[i] = ds.installedIfaces[len - 1];
+        ds.installedIfaces.pop();
+        break;
+      }
+    }
     emit InterfaceUninstalled(interfaceId);
   }
 

src/interfaces/core/IAllStorage.sol

@@ -22,6 +22,8 @@ interface IAllStorage {
     bytes4[] fallbackSelectors;
     ///< ERC-165 interfaces installed on the account.
     mapping(bytes4 => bool) supportedIfaces;
+    ///< List of installed interfaces, initialized upon contract deployment.
+    bytes4[] installedIfaces;
     ///< Current hook module associated with this account.
     IHook hook;
     ///< Mapping of hooks to requested timelocks.

test/foundry/unit/concrete/modulemanager/TestModuleManager_FallbackHandler.t.sol

@@ -3,6 +3,7 @@ pragma solidity ^0.8.29;
 
 import {IModuleManager} from '../../../../../src/interfaces/core/IModuleManager.sol';
 
+import {StartaleSmartAccount} from '../../../../../src/StartaleSmartAccount.sol';
 import {Counter} from '../../../mocks/Counter.sol';
 import {MockHandler} from '../../../mocks/MockHandler.sol';
 import '../../../mocks/MockNFT.sol';
@@ -368,6 +369,22 @@ contract TestModuleManager_FallbackHandler is TestModuleManagerBase {
     assertEq(chainId, block.chainid);
     assertEq(sender, expectedSender);
     assertEq(keccak256(resultData), keccak256(expectedData));
+
+    //Verify interface is not installed
+    assertEq(BOB_ACCOUNT.supportsInterface(type(IHandler).interfaceId), false);
+
+    // Also register the interface. This could be done as a batch when installing the fallback handler.
+    bytes memory callDataToInstallInterface =
+      abi.encodeWithSelector(StartaleSmartAccount.installInterface.selector, type(IHandler).interfaceId);
+    Execution[] memory executionToInstallInterface = new Execution[](1);
+    executionToInstallInterface[0] = Execution(address(BOB_ACCOUNT), 0, callDataToInstallInterface);
+    PackedUserOperation[] memory userOpsToInstallInterface = buildPackedUserOperation(
+      BOB, BOB_ACCOUNT, EXECTYPE_DEFAULT, executionToInstallInterface, address(VALIDATOR_MODULE), 0
+    );
+    ENTRYPOINT.handleOps(userOpsToInstallInterface, payable(address(BOB.addr)));
+
+    // Verify the interface was installed
+    assertEq(BOB_ACCOUNT.supportsInterface(type(IHandler).interfaceId), true);
   }
 
   function test_ReturnBytes_and_Hook_fallback() public {