Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add webauthn module #189

Merged
merged 8 commits into from
Sep 27, 2024
Merged

feat: add webauthn module #189

merged 8 commits into from
Sep 27, 2024

Conversation

howydev
Copy link
Collaborator

@howydev howydev commented Sep 24, 2024

  1. Add webauthn module
  2. Rename "SingleSigner" naming -> ECDSA

@octane-security-app-dev Octane Security App Dev
Copy link

octane-security-app-dev bot commented Sep 24, 2024
edited
Loading

Summary by Octane

New Contracts

  • IWebauthnValidationModule.sol: A smart contract for managing web-based authentication by updating signers' keys linked to entity IDs and emitting events for key changes.
  • WebauthnValidationModule.sol: The smart contract offers WebAuthn (secp256r1 curve) signature validation for entities, including ERC-1271 support, and manages signer key transfers and installations.

Updated Contracts

  • ModularAccountBenchmarkBase.sol: Replaced SingleSignerValidationModule with ECDSAValidationModule for validation processes and modified related deployments and module references.
  • AccountFactory.sol: Replaced the single signer validation module with the ECDSA validation module in the smart contract.
  • AccountTestBase.sol: The primary functionality change is the replacement of the SingleSignerValidationModule with the ECDSAValidationModule.
  • ModuleSignatureUtils.sol: The smart contract's validation module has been updated from SingleSignerValidationModule to ECDSAValidationModule for improved security and functionality.
  • OptimizedTest.sol: Replaced SingleSignerValidationModule with ECDSAValidationModule for validation purposes.

🔗 Commit Hash: 6585ad7

@octane-security-app-dev Octane Security App Dev
Copy link

octane-security-app-dev bot commented Sep 24, 2024
edited
Loading

Overview

Vulnerabilities found: 1                                                                                
Severity breakdown: 1 Low

Detailed findings

src/factory/AccountFactory.sol

  • Review potential Missing/Improper Check on the Admin Address issue that is exposed in the constructor function

🔗 Commit Hash: 6585ad7
🛡️ Octane Dashboard: All vulnerabilities

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2024
edited
Loading

Contract sizes:

-| Contract                     | Size (B) | Margin (B) |
-|------------------------------|----------|------------|
-| AccountFactory               |    4,169 |     20,407 |
-| AllowlistModule              |    5,817 |     18,759 |
-| ERC20TokenLimitModule        |    4,138 |     20,438 |
-| ModularAccount               |   25,983 |     -1,407 |
-| PaymasterGuardModule         |    1,718 |     22,858 |
-| SemiModularAccount           |   26,487 |     -1,911 |
-| SingleSignerValidationModule |    3,444 |     21,132 |
-| TimeRangeModule              |    1,870 |     22,706 |
-| TokenReceiverModule          |    2,189 |     22,387 |
+| Contract                 | Size (B) | Margin (B) |
+|--------------------------|----------|------------|
+| AccountFactory           |    4,169 |     20,407 |
+| AllowlistModule          |    5,817 |     18,759 |
+| ECDSAValidationModule    |    3,444 |     21,132 |
+| ERC20TokenLimitModule    |    4,138 |     20,438 |
+| ModularAccount           |   25,983 |     -1,407 |
+| PaymasterGuardModule     |    1,718 |     22,858 |
+| SemiModularAccount       |   26,487 |     -1,911 |
+| TimeRangeModule          |    1,870 |     22,706 |
+| TokenReceiverModule      |    2,189 |     22,387 |
+| WebauthnValidationModule |    7,854 |     16,722 |

Code coverage:

File % Lines % Statements % Branches % Funcs
src/account/AccountExecutor.sol 100.00% (4/4) 100.00% (4/4) 100.00% (1/1) 100.00% (1/1)
src/account/AccountStorageInitializable.sol 84.21% (16/19) 84.62% (22/26) 60.00% (3/5) 100.00% (2/2)
src/account/BaseAccount.sol 83.33% (5/6) 80.00% (4/5) 50.00% (1/2) 100.00% (2/2)
src/account/ModularAccount.sol 92.92% (223/240) 93.46% (300/321) 82.50% (33/40) 97.44% (38/39)
src/account/ModularAccountView.sol 96.55% (28/29) 95.24% (40/42) 100.00% (2/2) 100.00% (2/2)
src/account/ModuleManagerInternals.sol 88.10% (111/126) 88.17% (149/169) 42.86% (6/14) 100.00% (11/11)
src/account/SemiModularAccount.sol 0.00% (0/50) 0.00% (0/66) 0.00% (0/9) 0.00% (0/17)
src/factory/AccountFactory.sol 34.48% (10/29) 35.00% (14/40) 50.00% (1/2) 18.18% (2/11)
src/libraries/HookConfigLib.sol 47.06% (8/17) 65.62% (21/32) 100.00% (0/0) 66.67% (8/12)
src/libraries/KnownSelectorsLib.sol 100.00% (27/27) 100.00% (60/60) 100.00% (0/0) 100.00% (3/3)
src/libraries/ModuleEntityLib.sol 62.50% (5/8) 45.00% (9/20) 100.00% (0/0) 50.00% (3/6)
src/libraries/SparseCalldataSegmentLib.sol 100.00% (23/23) 100.00% (29/29) 100.00% (5/5) 100.00% (6/6)
src/libraries/ValidationConfigLib.sol 44.44% (8/18) 52.63% (20/38) 100.00% (0/0) 61.54% (8/13)
src/modules/BaseModule.sol 100.00% (11/11) 100.00% (15/15) 100.00% (1/1) 100.00% (2/2)
src/modules/ERC20TokenLimitModule.sol 70.27% (26/37) 76.92% (40/52) 70.00% (7/10) 55.56% (5/9)
src/modules/ModuleEIP712.sol 100.00% (1/1) 100.00% (2/2) 100.00% (0/0) 100.00% (1/1)
src/modules/PaymasterGuardModule.sol 80.00% (8/10) 66.67% (10/15) 100.00% (2/2) 57.14% (4/7)
src/modules/ReplaySafeWrapper.sol 100.00% (6/6) 100.00% (7/7) 100.00% (0/0) 100.00% (2/2)
src/modules/TokenReceiverModule.sol 70.00% (7/10) 69.23% (9/13) 100.00% (0/0) 28.57% (2/7)
src/modules/permissions/AllowlistModule.sol 76.19% (32/42) 75.00% (42/56) 77.78% (7/9) 41.67% (5/12)
src/modules/permissions/TimeRangeModule.sol 100.00% (12/12) 100.00% (20/20) 100.00% (1/1) 75.00% (6/8)
src/modules/validation/ECDSAValidationModule.sol 88.89% (16/18) 91.30% (21/23) 100.00% (3/3) 88.89% (8/9)
src/modules/validation/WebauthnValidationModule.sol 72.22% (13/18) 77.78% (21/27) 100.00% (3/3) 60.00% (6/10)
Total 78.84% (600/761) 79.39% (859/1082) 69.72% (76/109) 66.15% (127/192)

adamegyed
adamegyed reviewed Sep 26, 2024
View reviewed changes
Copy link
Contributor

@adamegyed adamegyed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

src/modules/validation/ECDSAValidationModule.sol Show resolved Hide resolved
src/modules/validation/IWebauthnValidationModule.sol Show resolved Hide resolved
src/modules/validation/WebauthnValidationModule.sol Outdated Show resolved Hide resolved
src/modules/validation/WebauthnValidationModule.sol Outdated Show resolved Hide resolved
src/modules/validation/WebauthnValidationModule.sol Outdated Show resolved Hide resolved
test/modules/WebauthnValidationModule.t.sol Outdated Show resolved Hide resolved
test/modules/WebauthnValidationModule.t.sol Outdated Show resolved Hide resolved
@howydev
Copy link
Collaborator Author

howydev commented Sep 27, 2024

Review potential Missing/Improper Check on the Admin Address issue that is exposed in the constructor function

Not a vuln

adamegyed
adamegyed approved these changes Sep 27, 2024
View reviewed changes
Copy link
Contributor

@adamegyed adamegyed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, one small nit in the test

test/modules/WebauthnValidationModule.t.sol Outdated Show resolved Hide resolved
@howydev howydev merged commit fe721f2 into develop Sep 27, 2024
6 checks passed
@howydev howydev deleted the howy/add-webauthn-module branch September 27, 2024 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamegyed adamegyed adamegyed approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@howydev @adamegyed