Use new Entrypoint v0.6 setup with account + account factory contracts (#373)

* Make all top level functions virtual on ContractKit bases

* pkg update

* Make MAX_BPS private in Marketplace plugins

* Add sample AA implementation

* Add design objectives for TWAccount

* Update TWAccountFactory

* Emit event on Account creation

* Update TWAccount

* Fix compile errors

* WIP: TWRouter has everything

* docs update

* delete dummy contract

* Two separate wallets: regular and dynamic

* Create TWDynamicAccount factory

* WIP: TWAccount benchmark tests

* Upgrade to Entrypoint 0.6.0 and update its dependents

* Update UserOperation lib util

* fix benchmark tests for TWAccount

* cleanup test events

* Update createAccount: return instead of revert for used salt

* Fix TWDynamicAccount initialize

* Add receive function to TWAccount

* Update account contracts using new entrypoint

* fix naming in test file

* fix solhint build error

* fix test

* Fix casing

* fix casing again

Author: nkrishang

contracts/smart-wallet/interfaces/IEntrypoint.sol

@@ -12,8 +12,9 @@ pragma solidity ^0.8.12;
 import "../utils/UserOperation.sol";
 import "./IStakeManager.sol";
 import "./IAggregator.sol";
+import "./INonceManager.sol";
 
-interface IEntryPoint is IStakeManager {
+interface IEntryPoint is IStakeManager, INonceManager {
     /***
      * An event emitted after each successful request
      * @param userOpHash - unique identifier for the request (hash its entire content, except signature).
@@ -57,6 +58,12 @@ interface IEntryPoint is IStakeManager {
         bytes revertReason
     );
 
+    /**
+     * an event emitted by handleOps(), before starting the execution loop.
+     * any event emitted before this event, is part of the validation.
+     */
+    event BeforeExecution();
+
     /**
      * signature aggregator used by the following UserOperationEvents within this bundle.
      */

contracts/smart-wallet/interfaces/INonceManager.sol

@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity ^0.8.12;
+
+interface INonceManager {
+    /**
+     * Return the next nonce for this sender.
+     * Within a given key, the nonce values are sequenced (starting with zero, and incremented by one on each userop)
+     * But UserOp with different keys can come with arbitrary order.
+     *
+     * @param sender the account address
+     * @param key the high 192 bit of the nonce
+     * @return nonce a full nonce to pass for next UserOp with this sender.
+     */
+    function getNonce(address sender, uint192 key) external view returns (uint256 nonce);
+
+    /**
+     * Manually increment the nonce of the sender.
+     * This method is exposed just for completeness..
+     * Account does NOT need to call it, neither during validation, nor elsewhere,
+     * as the EntryPoint will update the nonce regardless.
+     * Possible use-case is call it with various keys to "initialize" their nonces to one, so that future
+     * UserOperations will not pay extra for the first transaction with a given key.
+     */
+    function incrementNonce(uint192 key) external;
+}

contracts/smart-wallet/managed/AccountCore.sol

@@ -25,25 +25,6 @@ import "../../dynamic-contracts/extension/PermissionsEnumerable.sol";
 //   \$$$$  |$$ |  $$ |$$ |$$ |      \$$$$$$$ |\$$$$$\$$$$  |\$$$$$$$\ $$$$$$$  |
 //    \____/ \__|  \__|\__|\__|       \_______| \_____\____/  \_______|\_______/
 
-/*///////////////////////////////////////////////////////////////
-                            Storage layout
-//////////////////////////////////////////////////////////////*/
-
-library AccountStorage {
-    bytes32 internal constant ACCOUNT_STORAGE_POSITION = keccak256("account.storage");
-
-    struct Data {
-        uint256 nonce;
-    }
-
-    function accountStorage() internal pure returns (Data storage accountData) {
-        bytes32 position = ACCOUNT_STORAGE_POSITION;
-        assembly {
-            accountData.slot := position
-        }
-    }
-}
-
 contract AccountCore is Initializable, Multicall, BaseAccount {
     using ECDSA for bytes32;
 
@@ -77,12 +58,6 @@ contract AccountCore is Initializable, Multicall, BaseAccount {
                             View functions
     //////////////////////////////////////////////////////////////*/
 
-    /// @notice Returns the nonce of the account.
-    function nonce() public view virtual override returns (uint256) {
-        AccountStorage.Data storage accountData = AccountStorage.accountStorage();
-        return accountData.nonce;
-    }
-
     /// @notice Returns the EIP 4337 entrypoint contract.
     function entryPoint() public view virtual override returns (IEntryPoint) {
         return entrypointContract;
@@ -117,14 +92,6 @@ contract AccountCore is Initializable, Multicall, BaseAccount {
                         Internal functions
     //////////////////////////////////////////////////////////////*/
 
-    /// @dev Validates the nonce of a user operation and updates account nonce.
-    function _validateAndUpdateNonce(UserOperation calldata userOp) internal override {
-        AccountStorage.Data storage data = AccountStorage.accountStorage();
-        require(data.nonce == userOp.nonce, "Account: invalid nonce");
-
-        data.nonce += 1;
-    }
-
     /// @notice Validates the signature of a user operation.
     function _validateSignature(UserOperation calldata userOp, bytes32 userOpHash)
         internal

contracts/smart-wallet/non-upgradeable/Account.sol

@@ -28,25 +28,6 @@ import "../../openzeppelin-presets/utils/cryptography/ECDSA.sol";
 //   \$$$$  |$$ |  $$ |$$ |$$ |      \$$$$$$$ |\$$$$$\$$$$  |\$$$$$$$\ $$$$$$$  |
 //    \____/ \__|  \__|\__|\__|       \_______| \_____\____/  \_______|\_______/
 
-/*///////////////////////////////////////////////////////////////
-                            Storage layout
-//////////////////////////////////////////////////////////////*/
-
-library AccountStorage {
-    bytes32 internal constant ACCOUNT_STORAGE_POSITION = keccak256("account.storage");
-
-    struct Data {
-        uint256 nonce;
-    }
-
-    function accountStorage() internal pure returns (Data storage accountData) {
-        bytes32 position = ACCOUNT_STORAGE_POSITION;
-        assembly {
-            accountData.slot := position
-        }
-    }
-}
-
 contract Account is
     Initializable,
     Multicall,
@@ -104,12 +85,6 @@ contract Account is
             super.supportsInterface(interfaceId);
     }
 
-    /// @notice Returns the nonce of the account.
-    function nonce() public view virtual override returns (uint256) {
-        AccountStorage.Data storage accountData = AccountStorage.accountStorage();
-        return accountData.nonce;
-    }
-
     /// @notice Returns the EIP 4337 entrypoint contract.
     function entryPoint() public view virtual override returns (IEntryPoint) {
         return entrypointContract;
@@ -178,14 +153,6 @@ contract Account is
         }
     }
 
-    /// @dev Validates the nonce of a user operation and updates account nonce.
-    function _validateAndUpdateNonce(UserOperation calldata userOp) internal override {
-        AccountStorage.Data storage data = AccountStorage.accountStorage();
-        require(data.nonce == userOp.nonce, "Account: invalid nonce");
-
-        data.nonce += 1;
-    }
-
     /// @notice Validates the signature of a user operation.
     function _validateSignature(UserOperation calldata userOp, bytes32 userOpHash)
         internal

contracts/smart-wallet/utils/BaseAccount.sol

@@ -2,11 +2,11 @@
 pragma solidity ^0.8.12;
 
 /* solhint-disable avoid-low-level-calls */
-/* solhint-disable no-inline-assembly */
-/* solhint-disable reason-string */
+/* solhint-disable no-empty-blocks */
 
 import "../interfaces/IAccount.sol";
 import "../interfaces/IEntrypoint.sol";
+import "./Helpers.sol";
 
 /**
  * Basic account implementation.
@@ -21,10 +21,13 @@ abstract contract BaseAccount is IAccount {
     uint256 internal constant SIG_VALIDATION_FAILED = 1;
 
     /**
-     * return the account nonce.
-     * subclass should return a nonce value that is used both by _validateAndUpdateNonce, and by the external provider (to read the current nonce)
+     * Return the account nonce.
+     * This method returns the next sequential nonce.
+     * For a nonce of a specific key, use `entrypoint.getNonce(account, key)`
      */
-    function nonce() public view virtual returns (uint256);
+    function getNonce() public view virtual returns (uint256) {
+        return entryPoint().getNonce(address(this), 0);
+    }
 
     /**
      * return the entryPoint used by this account.
@@ -43,9 +46,7 @@ abstract contract BaseAccount is IAccount {
     ) external virtual override returns (uint256 validationData) {
         _requireFromEntryPoint();
         validationData = _validateSignature(userOp, userOpHash);
-        if (userOp.initCode.length == 0) {
-            _validateAndUpdateNonce(userOp);
-        }
+        _validateNonce(userOp.nonce);
         _payPrefund(missingAccountFunds);
     }
 
@@ -75,12 +76,22 @@ abstract contract BaseAccount is IAccount {
         returns (uint256 validationData);
 
     /**
-     * validate the current nonce matches the UserOperation nonce.
-     * then it should update the account's state to prevent replay of this UserOperation.
-     * called only if initCode is empty (since "nonce" field is used as "salt" on account creation)
-     * @param userOp the op to validate.
+     * Validate the nonce of the UserOperation.
+     * This method may validate the nonce requirement of this account.
+     * e.g.
+     * To limit the nonce to use sequenced UserOps only (no "out of order" UserOps):
+     *      `require(nonce < type(uint64).max)`
+     * For a hypothetical account that *requires* the nonce to be out-of-order:
+     *      `require(nonce & type(uint64).max == 0)`
+     *
+     * The actual nonce uniqueness is managed by the EntryPoint, and thus no other
+     * action is needed by the account itself.
+     *
+     * @param nonce to validate
+     *
+     * solhint-disable-next-line no-empty-blocks
      */
-    function _validateAndUpdateNonce(UserOperation calldata userOp) internal virtual;
+    function _validateNonce(uint256 nonce) internal view virtual {}
 
     /**
      * sends to the entrypoint (msg.sender) the missing funds for this transaction.

contracts/smart-wallet/utils/Entrypoint.sol

@@ -12,12 +12,14 @@ import "../interfaces/IAccount.sol";
 import "../interfaces/IPaymaster.sol";
 import "../interfaces/IEntrypoint.sol";
 
-import "./Exec.sol";
+import ".//Exec.sol";
 import "./StakeManager.sol";
 import "./SenderCreator.sol";
 import "./Helpers.sol";
+import "./NonceManager.sol";
+import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
 
-contract EntryPoint is IEntryPoint, StakeManager {
+contract EntryPoint is IEntryPoint, StakeManager, NonceManager, ReentrancyGuard {
     using UserOperationLib for UserOperation;
 
     SenderCreator private immutable senderCreator = new SenderCreator();
@@ -90,7 +92,7 @@ contract EntryPoint is IEntryPoint, StakeManager {
      * @param ops the operations to execute
      * @param beneficiary the address to receive the fees
      */
-    function handleOps(UserOperation[] calldata ops, address payable beneficiary) public {
+    function handleOps(UserOperation[] calldata ops, address payable beneficiary) public nonReentrant {
         uint256 opslen = ops.length;
         UserOpInfo[] memory opInfos = new UserOpInfo[](opslen);
 
@@ -102,6 +104,7 @@ contract EntryPoint is IEntryPoint, StakeManager {
             }
 
             uint256 collected = 0;
+            emit BeforeExecution();
 
             for (uint256 i = 0; i < opslen; i++) {
                 collected += _executeUserOp(i, ops[i], opInfos[i]);
@@ -116,7 +119,10 @@ contract EntryPoint is IEntryPoint, StakeManager {
      * @param opsPerAggregator the operations to execute, grouped by aggregator (or address(0) for no-aggregator accounts)
      * @param beneficiary the address to receive the fees
      */
-    function handleAggregatedOps(UserOpsPerAggregator[] calldata opsPerAggregator, address payable beneficiary) public {
+    function handleAggregatedOps(UserOpsPerAggregator[] calldata opsPerAggregator, address payable beneficiary)
+        public
+        nonReentrant
+    {
         uint256 opasLen = opsPerAggregator.length;
         uint256 totalOps = 0;
         for (uint256 i = 0; i < opasLen; i++) {
@@ -139,6 +145,8 @@ contract EntryPoint is IEntryPoint, StakeManager {
 
         UserOpInfo[] memory opInfos = new UserOpInfo[](totalOps);
 
+        emit BeforeExecution();
+
         uint256 opIndex = 0;
         for (uint256 a = 0; a < opasLen; a++) {
             UserOpsPerAggregator calldata opa = opsPerAggregator[a];
@@ -373,7 +381,8 @@ contract EntryPoint is IEntryPoint, StakeManager {
      * @param initCode the constructor code to be passed into the UserOperation.
      */
     function getSenderAddress(bytes calldata initCode) public {
-        revert SenderAddressResult(senderCreator.createSender(initCode));
+        address sender = senderCreator.createSender(initCode);
+        revert SenderAddressResult(sender);
     }
 
     function _simulationOnlyValidations(UserOperation calldata userOp) internal view {
@@ -416,9 +425,6 @@ contract EntryPoint is IEntryPoint, StakeManager {
      * revert (with FailedOp) in case validateUserOp reverts, or account didn't send required prefund.
      * decrement account's deposit if needed
      */
-
-    event OpHash(bytes32 hashVal);
-
     function _validateAccountPrepayment(
         uint256 opIndex,
         UserOperation calldata op,
@@ -437,7 +443,6 @@ contract EntryPoint is IEntryPoint, StakeManager {
                 uint256 bal = balanceOf(sender);
                 missingAccountFunds = bal > requiredPrefund ? 0 : requiredPrefund - bal;
             }
-            emit OpHash(opInfo.userOpHash);
             try
                 IAccount(sender).validateUserOp{ gas: mUserOp.verificationGasLimit }(
                     op,
@@ -579,6 +584,11 @@ contract EntryPoint is IEntryPoint, StakeManager {
             outOpInfo,
             requiredPreFund
         );
+
+        if (!_validateAndUpdateNonce(mUserOp.sender, mUserOp.nonce)) {
+            revert FailedOp(opIndex, "AA25 invalid account nonce");
+        }
+
         //a "marker" where account opcode validation is done and paymaster opcode validation is about to start
         // (used only by off-chain simulateValidation)
         numberMarker();

contracts/smart-wallet/utils/Helpers.sol

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.12;
 
+/* solhint-disable no-inline-assembly */
 /* solhint-disable func-visibility */
 
 /**
@@ -72,3 +73,16 @@ function _packValidationData(
 ) pure returns (uint256) {
     return (sigFailed ? 1 : 0) | (uint256(validUntil) << 160) | (uint256(validAfter) << (160 + 48));
 }
+
+/**
+ * keccak function over calldata.
+ * @dev copy calldata into memory, do keccak and drop allocated memory. Strangely, this is more efficient than letting solidity do it.
+ */
+function calldataKeccak(bytes calldata data) pure returns (bytes32 ret) {
+    assembly {
+        let mem := mload(0x40)
+        let len := data.length
+        calldatacopy(mem, data.offset, len)
+        ret := keccak256(mem, len)
+    }
+}

contracts/smart-wallet/utils/NonceManager.sol

@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity ^0.8.12;
+
+import "../interfaces/IEntrypoint.sol";
+
+/**
+ * nonce management functionality
+ */
+contract NonceManager is INonceManager {
+    /**
+     * The next valid sequence number for a given nonce key.
+     */
+    mapping(address => mapping(uint192 => uint256)) public nonceSequenceNumber;
+
+    function getNonce(address sender, uint192 key) public view override returns (uint256 nonce) {
+        return nonceSequenceNumber[sender][key] | (uint256(key) << 64);
+    }
+
+    // allow an account to manually increment its own nonce.
+    // (mainly so that during construction nonce can be made non-zero,
+    // to "absorb" the gas cost of first nonce increment to 1st transaction (construction),
+    // not to 2nd transaction)
+    function incrementNonce(uint192 key) public override {
+        nonceSequenceNumber[msg.sender][key]++;
+    }
+
+    /**
+     * validate nonce uniqueness for this account.
+     * called just after validateUserOp()
+     */
+    function _validateAndUpdateNonce(address sender, uint256 nonce) internal returns (bool) {
+        uint192 key = uint192(nonce >> 64);
+        uint64 seq = uint64(nonce);
+        return nonceSequenceNumber[sender][key]++ == seq;
+    }
+}