Metapaymaster (#22)

* Metapaymaster

* Code review

* Add overhead calculation

* Fix total calculation for negative amounts

* Update script/DeployMetaPaymaster.s.sol

Co-authored-by: anikaraghu <[email protected]>

* Explicitly pass msgSender

* Add docs

* Add abstract class for easy use of metapaymaster

* Remove unnecessary import

* Script for setting meta-paymaster balance

---------

Co-authored-by: anikaraghu <[email protected]>

Author: mdehoog

.gitignore

@@ -16,3 +16,4 @@ docs/
 # Intellij
 .idea/
 
+/records/

.gitmodules

@@ -7,3 +7,9 @@
 [submodule "lib/openzeppelin-contracts"]
 	path = lib/openzeppelin-contracts
 	url = https://github.com/OpenZeppelin/openzeppelin-contracts
+[submodule "lib/openzeppelin-contracts-upgradeable"]
+	path = lib/openzeppelin-contracts-upgradeable
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
+[submodule "lib/solady"]
+	path = lib/solady
+	url = https://github.com/Vectorized/solady

foundry.toml

@@ -8,6 +8,8 @@ optimizer_runs = 999999
 solc_version = "0.8.20"
 remappings = [
     '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts',
-    "@account-abstraction/=lib/account-abstraction/contracts",
+    '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts',
+    '@account-abstraction/=lib/account-abstraction/contracts',
+    '@solady/=lib/solady/src',
 ]
 

lib/openzeppelin-contracts-upgradeable

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import "forge-std/Script.sol";
+import "../src/meta/MetaPaymaster.sol";
+import "@account-abstraction/interfaces/IEntryPoint.sol";
+import "@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol";
+import "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
+
+// This script deploys a Paymaster and sets the deployer as the owner address
+contract DeployPaymaster is Script {
+    address entryPoint = 0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789;
+
+    function run() public {
+        vm.broadcast();
+        MetaPaymaster paymaster = new MetaPaymaster();
+        vm.broadcast();
+        ProxyAdmin admin = new ProxyAdmin();
+        bytes memory data = abi.encodeWithSignature("initialize(address,address)", tx.origin, IEntryPoint(entryPoint));
+        vm.broadcast();
+        TransparentUpgradeableProxy proxy = new TransparentUpgradeableProxy(address(paymaster), address(admin), data);
+        require(address(MetaPaymaster(payable(proxy)).entryPoint()) == entryPoint);
+        require(MetaPaymaster(payable(proxy)).owner() == tx.origin);
+        require(admin.owner() == tx.origin);
+    }
+}

lib/solady

@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import "forge-std/Script.sol";
+import "../src/meta/MetaPaymaster.sol";
+
+contract SetMetaPaymasterBalance is Script {
+    MetaPaymaster metaPaymaster = MetaPaymaster(payable(0x75B9328BB753144705b77b215E304eC7ef45235C));
+
+    function run(address account, uint256 amount) public {
+        vm.broadcast();
+        metaPaymaster.setBalance(account, amount);
+        require(metaPaymaster.balanceOf(account) == amount);
+    }
+}

script/DeployMetaPaymaster.s.sol

@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.20;
+
+import "@account-abstraction/core/BasePaymaster.sol";
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import "./MetaPaymaster.sol";
+
+/**
+ * Abstract paymaster that uses the `MetaPaymaster` for funding the
+ * gas costs of each userOp by calling the `fund` method in `postOp`.
+ */
+abstract contract BaseFundedPaymaster is BasePaymaster {
+    MetaPaymaster public immutable metaPaymaster;
+
+    uint256 private constant POST_OP_OVERHEAD = 34982;
+
+    constructor(IEntryPoint _entryPoint, MetaPaymaster _metaPaymaster) BasePaymaster(_entryPoint) Ownable() {
+        metaPaymaster = _metaPaymaster;
+    }
+
+    function _validatePaymasterUserOp(UserOperation calldata userOp, bytes32 userOpHash, uint256 requiredPreFund)
+    internal override returns (bytes memory context, uint256 validationData) {
+        validationData = __validatePaymasterUserOp(userOp, userOpHash, requiredPreFund);
+        return (abi.encode(userOp.maxFeePerGas, userOp.maxPriorityFeePerGas), validationData);
+    }
+
+    function __validatePaymasterUserOp(UserOperation calldata userOp, bytes32 userOpHash, uint256 maxCost)
+    internal virtual returns (uint256 validationData);
+
+    function _postOp(PostOpMode mode, bytes calldata context, uint256 actualGasCost) internal override {
+        if (mode != PostOpMode.postOpReverted) {
+            (uint256 maxFeePerGas, uint256 maxPriorityFeePerGas) = abi.decode(context, (uint256, uint256));
+            uint256 gasPrice = min(maxFeePerGas, maxPriorityFeePerGas + block.basefee);
+            metaPaymaster.fund(address(this), actualGasCost + POST_OP_OVERHEAD*gasPrice);
+        }
+    }
+
+    function min(uint256 a, uint256 b) internal pure returns (uint256) {
+        return a < b ? a : b;
+    }
+}

script/SetMetaPaymasterBalance.s.sol

@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity 0.8.20;
+
+import "@account-abstraction/core/BasePaymaster.sol";
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import "./BaseFundedPaymaster.sol";
+
+/**
+ * A paymaster that uses external service to decide whether to pay for the UserOp.
+ * The paymaster trusts an external signer to sign the transaction.
+ * The calling user must pass the UserOp to that external signer first, which performs
+ * whatever off-chain verification before signing the UserOp.\
+ * Actual funding is provided by a meta-paymaster.
+ */
+contract FundedPaymaster is BaseFundedPaymaster {
+    using UserOperationLib for UserOperation;
+
+    address public immutable verifyingSigner;
+
+    uint256 private constant VALID_TIMESTAMP_OFFSET = 20;
+    uint256 private constant SIGNATURE_OFFSET = VALID_TIMESTAMP_OFFSET + 64;
+
+    constructor(IEntryPoint _entryPoint, MetaPaymaster _metaPaymaster, address _verifyingSigner) BaseFundedPaymaster(_entryPoint, _metaPaymaster) {
+        verifyingSigner = _verifyingSigner;
+    }
+
+    /**
+     * return the hash we're going to sign off-chain (and validate on-chain)
+     * this method is called by the off-chain service, to sign the request.
+     * it is called on-chain from the validatePaymasterUserOp, to validate the signature.
+     * note that this signature covers all fields of the UserOperation, except the "paymasterAndData",
+     * which will carry the signature itself.
+     */
+    function getHash(UserOperation calldata userOp, uint48 validUntil, uint48 validAfter)
+    public view returns (bytes32) {
+        // can't use userOp.hash(), since it contains also the paymasterAndData itself.
+        return keccak256(
+            abi.encode(
+                userOp.getSender(),
+                userOp.nonce,
+                calldataKeccak(userOp.initCode),
+                calldataKeccak(userOp.callData),
+                userOp.callGasLimit,
+                userOp.verificationGasLimit,
+                userOp.preVerificationGas,
+                userOp.maxFeePerGas,
+                userOp.maxPriorityFeePerGas,
+                block.chainid,
+                address(this),
+                validUntil,
+                validAfter
+            )
+        );
+    }
+
+    /**
+     * verify our external signer signed this request.
+     * the "paymasterAndData" is expected to be the paymaster and a signature over the entire request params
+     * paymasterAndData[:20] : address(this)
+     * paymasterAndData[20:84] : abi.encode(validUntil, validAfter)
+     * paymasterAndData[84:] : signature
+     */
+    function __validatePaymasterUserOp(UserOperation calldata userOp, bytes32 /*userOpHash*/, uint256 /*requiredPreFund*/)
+    internal override view returns (uint256) {
+        (uint48 validUntil, uint48 validAfter, bytes calldata signature) = parsePaymasterAndData(userOp.paymasterAndData);
+        // Only support 65-byte signatures, to avoid potential replay attacks.
+        require(signature.length == 65, "Paymaster: invalid signature length in paymasterAndData");
+        bytes32 hash = ECDSA.toEthSignedMessageHash(getHash(userOp, validUntil, validAfter));
+
+        // don't revert on signature failure: return SIG_VALIDATION_FAILED
+        if (verifyingSigner != ECDSA.recover(hash, signature)) {
+            return _packValidationData(true, validUntil, validAfter);
+        }
+
+        // no need for other on-chain validation: entire UserOp should have been checked
+        // by the external service prior to signing it.
+        return _packValidationData(false, validUntil, validAfter);
+    }
+
+    function parsePaymasterAndData(bytes calldata paymasterAndData)
+    internal pure returns(uint48 validUntil, uint48 validAfter, bytes calldata signature) {
+        (validUntil, validAfter) = abi.decode(paymasterAndData[VALID_TIMESTAMP_OFFSET:SIGNATURE_OFFSET],(uint48, uint48));
+        signature = paymasterAndData[SIGNATURE_OFFSET:];
+    }
+
+    receive() external payable {
+        // use address(this).balance rather than msg.value in case of force-send
+        (bool callSuccess, ) = payable(address(entryPoint)).call{value: address(this).balance}("");
+        require(callSuccess, "Deposit failed");
+    }
+}

src/meta/BaseFundedPaymaster.sol

@@ -0,0 +1,96 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.20;
+
+import "@account-abstraction/interfaces/IEntryPoint.sol";
+import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import "@solady/utils/SafeTransferLib.sol";
+
+/**
+ * A meta-paymaster that deposits funds to the 4337 entryPoint on behalf
+ * of allowlisted paymasters, just-in-time per userOperation.
+ */
+contract MetaPaymaster is OwnableUpgradeable {
+    IEntryPoint public entryPoint;
+
+    // Funds available to each individual paymaster
+    mapping(address => uint256) public balanceOf;
+
+    // Total funds allocated to all paymasters (sum of all balanceOf).
+    // Tracked separately from the contract's balance, since balances
+    // can be undercollateralized.
+    uint256 public total;
+
+    /// @custom:oz-upgrades-unsafe-allow constructor
+    constructor() {
+        _disableInitializers();
+    }
+
+    /**
+     * @notice Initializes the contract.
+     * @param _owner The owner of the contract.
+     * @param _entryPoint The 4337 EntryPoint contract.
+     */
+    function initialize(address _owner, IEntryPoint _entryPoint) public initializer {
+        __Ownable_init(_owner);
+        entryPoint = _entryPoint;
+    }
+
+    /**
+     * @notice Helper function to check if this contract will fund a userOperation.
+     * @param account The address that will call `fund` (usually the paymaster).
+     * @param actualGasCost The actual gas cost of the userOp, including postOp overhead.
+     * @return True if this contract will fund the given gas cost.
+     */
+    function willFund(address account, uint256 actualGasCost) public view returns (bool) {
+        return balanceOf[account] >= actualGasCost && address(this).balance >= actualGasCost;
+    }
+
+    /**
+     * @notice Deposits funds to the 4337 entryPoint on behalf of a paymaster.
+     * @dev `actualGasCost` can be calculated using the formula:
+     * `postOp.actualGasCost + postOpOverhead * gasPrice`, where `postOpOverhead`
+     * is a constant representing the gas usage of the postOp function.
+     * @param paymaster The paymaster to fund (`address(this)` when called from the paymaster).
+     * @param actualGasCost The actual gas cost of the userOp, including postOp overhead.
+     */
+    function fund(address paymaster, uint256 actualGasCost) external {
+        require(balanceOf[msg.sender] >= actualGasCost);
+        total -= actualGasCost;
+        balanceOf[msg.sender] -= actualGasCost;
+        entryPoint.depositTo{value: actualGasCost}(paymaster);
+    }
+
+    /**
+     * @notice Helper to deposit + associate funds with a particular paymaster.
+     * @param account The address to associate the funds with.
+     */
+    function depositTo(address account) public payable {
+        total += msg.value;
+        balanceOf[account] += msg.value;
+    }
+
+    /**
+     * @notice Sets the balance of a particular account / paymaster.
+     * @param account The account to set the balance of.
+     * @param amount The amount to set the balance to.
+     */
+    function setBalance(address account, uint256 amount) public onlyOwner {
+        if (amount > balanceOf[account]) {
+            total += amount - balanceOf[account];
+        } else {
+            total -= balanceOf[account] - amount;
+        }
+        balanceOf[account] = amount;
+    }
+
+    /**
+     * @notice Withdraws funds from the contract.
+     * @param withdrawAddress The address to withdraw to.
+     * @param withdrawAmount The amount to withdraw.
+     */
+    function withdrawTo(address payable withdrawAddress, uint256 withdrawAmount) public onlyOwner {
+        SafeTransferLib.safeTransferETH(withdrawAddress, withdrawAmount);
+    }
+
+    receive() external payable {}
+}