Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AA-161 validate Nonce in EntryPoint #247
AA-161 validate Nonce in EntryPoint #247
Changes from all commits
75f0245
931df7e
c1290e7
b2068fa
33a8e54
de441b0
98ee474
60e869c
d0a9b11
85371d1
bb8dc1f
33cbda9
ac89c73
beba6a7
5fed963
b646697
4618401
69e19f8
8bc2f63
dab35aa
e0ee20b
98d6888
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I noticed some pattern on old sample accounts that it skip nonce increment when initCode.length > 0.
I assume it's for gas savings, but I don't see it here. Is it intended?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was an internal optimization of SimpleWallet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wallet can call
incrementNonce
in_validateSignature
, just before checking in_validateAndUpdateNonce
, which makes it feasible to execute OP with nonce 3 when the next nonce is 2. So I suggest to check nonce_validateAndUpdateNonce
before_validateSignature
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that in make sense to modify the nonce before calling a user-provided method.
Still, our opcode rules prevent the account from calling the entryPoint (including incrementNonce) from within validation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add documentation, explaining that this function doesn't need to be called by the account?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually, it is not needed at all. I just wonder if we should keep it for completeness, or remove it altogether..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought it was needed for the "bypass" case where an account wants to support non-EntryPoint interactions and still use the same nonce. Is that no longer the case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think one side-effect of this function is breaking continuity of nonce, that lose the 'one nonce corresponding to one OP' property.
For example, wallet can call
_validateSignature
in OP calldata to increase nonce by 2 in one single OP.Also, wallet can call
incrementNonce
in_validateSignature
, just before checking in_validateAndUpdateNonce
, which makes it feasible to execute OP with nonce 3 when the next nonce is 2. So I suggest to check nonce_validateAndUpdateNonce
before_validateSignature
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The match of "one nonce to one OP" exists, but in any case, it can't be trusted as a counter: e.g. "current nonce is # of past transactions" is not true, because:
incrementNonce()
, but also:key
values, each with another sent of transactions.In short, at the system level, nonces are nothing but replay protection..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought we changed EIP to ERC