refactor: update license + docs + var renaming

[fangting-alchemy]

Motivation

The license and docs need to be updated.

Solution

Updated license to what agreed upon.
Updated docs to be more consistent and clear.
Update some var names.

[octane-security-app-dev]

Summary by Octane

New Contracts

No new contracts were added in this PR.

Updated Contracts

• BaseModule.sol: The smart contract now includes licensing under GPL-3.0, an updated data validation modifier, and added method for processing selector and calldata.
• AllowlistModule.sol: The smart contract now includes an ERC20 spend limit with enhanced allowlist controls and distinct permissions for entities, requiring installation for validation hooks.
• NativeTokenLimitModule.sol: Updated licensing to GPL-3.0, changed signature validation terminology, and functionality centralized in a global singleton.
• PaymasterGuardModule.sol: The smart contract now uses GPL-3.0-or-later licensing, adds improved access control, and modifies validation hooks functionality.
• TimeRangeModule.sol: The smart contract introduces entity ID-based time range enforcement and global singleton state retrieval, with GPL licensing.
• ECDSAValidationModule.sol: Modifications include altering licensing to GPL-3.0-or-later, author change, and clarifying signature validation and uninstallation details.
• WebauthnValidationModule.sol: The smart contract updated its license to GPL-3.0-or-later and clarified entity uninstallation and validation for Webauthn signatures.

---

🔗 Commit Hash: 2c744c2

[github-actions]

Contract sizes:

| Contract                      | Size (B) | Margin (B) |
|-------------------------------|----------|------------|
| AccountFactory                |    4,814 |     19,762 |
| AllowlistModule               |    9,230 |     15,346 |
| ECDSAValidationModule         |    3,646 |     20,930 |
| ModularAccount                |   26,520 |     -1,944 |
| NativeTokenLimitModule        |    4,714 |     19,862 |
| PaymasterGuardModule          |    1,797 |     22,779 |
| SemiModularAccountBytecode    |   28,371 |     -3,795 |
| SemiModularAccountStorageOnly |   28,906 |     -4,330 |
| TimeRangeModule               |    2,000 |     22,576 |
| WebauthnValidationModule      |    7,854 |     16,722 |

Code coverage:

File	% Lines	% Statements	% Branches	% Funcs
src/account/AccountStorageInitializable.sol	89.47% (17/19)	96.15% (25/26)	80.00% (4/5)	100.00% (2/2)
src/account/BaseAccount.sol	87.50% (7/8)	85.71% (6/7)	50.00% (1/2)	100.00% (4/4)
src/account/ModularAccount.sol	100.00% (1/1)	100.00% (1/1)	100.00% (0/0)	100.00% (2/2)
src/account/ModularAccountBase.sol	95.09% (252/265)	96.07% (318/331)	84.09% (37/44)	100.00% (37/37)
src/account/ModularAccountView.sol	100.00% (26/26)	100.00% (33/33)	100.00% (2/2)	100.00% (2/2)
src/account/ModuleManagerInternals.sol	86.99% (107/123)	85.89% (140/163)	40.00% (6/15)	100.00% (12/12)
src/account/SemiModularAccountBase.sol	87.69% (57/65)	91.21% (83/91)	66.67% (10/15)	94.74% (18/19)
src/account/SemiModularAccountBytecode.sol	100.00% (5/5)	100.00% (6/6)	100.00% (1/1)	50.00% (1/2)
src/account/SemiModularAccountStorageOnly.sol	100.00% (4/4)	100.00% (5/5)	100.00% (0/0)	100.00% (2/2)
src/account/TokenReceiver.sol	33.33% (1/3)	33.33% (1/3)	100.00% (0/0)	33.33% (1/3)
src/factory/AccountFactory.sol	70.59% (24/34)	76.09% (35/46)	40.00% (2/5)	58.33% (7/12)
src/libraries/ExecutionLib.sol	98.15% (212/216)	97.21% (209/215)	81.82% (18/22)	100.00% (19/19)
src/libraries/KnownSelectorsLib.sol	100.00% (29/29)	100.00% (64/64)	100.00% (0/0)	100.00% (3/3)
src/libraries/LinkedListSetLib.sol	94.00% (47/50)	96.25% (77/80)	66.67% (4/6)	100.00% (8/8)
src/libraries/MemManagementLib.sol	100.00% (47/47)	100.00% (63/63)	100.00% (0/0)	100.00% (9/9)
src/libraries/SemiModularKnownSelectorsLib.sol	100.00% (6/6)	100.00% (12/12)	100.00% (0/0)	100.00% (1/1)
src/libraries/SparseCalldataSegmentLib.sol	100.00% (17/17)	100.00% (21/21)	100.00% (4/4)	100.00% (4/4)
src/modules/BaseModule.sol	100.00% (13/13)	94.12% (16/17)	100.00% (2/2)	100.00% (3/3)
src/modules/permissions/AllowlistModule.sol	86.05% (74/86)	85.71% (96/112)	78.26% (18/23)	50.00% (9/18)
src/modules/permissions/NativeTokenLimitModule.sol	87.80% (36/41)	89.66% (52/58)	88.89% (8/9)	54.55% (6/11)
src/modules/permissions/PaymasterGuardModule.sol	80.00% (8/10)	66.67% (10/15)	100.00% (2/2)	57.14% (4/7)
src/modules/permissions/TimeRangeModule.sol	83.33% (10/12)	80.00% (16/20)	100.00% (1/1)	75.00% (6/8)
src/modules/validation/ECDSAValidationModule.sol	92.00% (23/25)	81.58% (31/38)	62.50% (5/8)	90.00% (9/10)
src/modules/validation/WebauthnValidationModule.sol	61.11% (11/18)	66.67% (18/27)	100.00% (3/3)	60.00% (6/10)
Total	92.07% (1034/1123)	92.02% (1338/1454)	75.74% (128/169)	84.13% (175/208)

[octane-security-app-dev]

Overview

Vulnerabilities found:	1
Severity breakdown:	1 High

Detailed findings

src/modules/permissions/AllowlistModule.sol

• Review potential Incorrect Nonce Update (Signature Replay Attack) issue that is exposed in the preExecutionHook function

---

🔗 Commit Hash: 2c744c2
🛡️ Octane Dashboard: All vulnerabilities

[howydev]

Ok I'm probably dumb - could u explain this line? The UO signature has to be empty to not revert, but wouldn't that cause the UO validation to fail?

[fangting-alchemy]

I believe the ExecutionLib.invokeUserOpCallBuffer manipulates the signature field to not include the actual signature but only extra data after. And those hooks with this modifier wants to make sure there isnt any extra data sent (can be a form of inflation attack through attaching large unused data).

[howydev]

Have some q's otherwise LGTM

[jaypaik]

Some suggestions inline. Would recommend a spell check extension if you don't have it installed :D

[jaypaik]

cc @adamegyed on this naming update

[jaypaik]

Have we defined what a "validation entity" is anywhere? Maybe clearer to say this:

Suggested change

	/// @notice This module allows for the setting and enforcement of allowlists with ERC20 spend limit for avalidation
	/// entity.
	/// @notice This module allows for the setting and enforcement of allowlists with ERC20 spend limit for a validation
	/// function and a given entity ID.

[jaypaik]

Or maybe module entity? Since ModuleEntity is defined as the address + entity ID

[fangting-alchemy]

Updated working to avoid confusing terms.

[jaypaik]

No sweat on the bullet spacing stuff - let's do a pass on all the files for consistency later!