fix: [CL-008] remove duplicate wrapping

[howydev]

to reviewers: best to review other deferred action changes first since that can impact this

[octane-security-app-dev]

Summary by Octane

New Contracts

No new contracts were added in this PR.

Updated Contracts

• SemiModularAccountBase.sol: The contract update changes signature validation logic by deferring replay-safe hash wrapping unless validateUserOp is invoked.
• AccountTestBase.sol: Removed _getSMAReplaySafeHash, using digest directly for replay safety in SMA tests.

---

🔗 Commit Hash: 3ec2481

[github-actions]

Contract sizes:

 | Contract                      | Runtime Size (B) | Initcode Size (B) | Runtime Margin (B) | Initcode Margin (B) |
 |-------------------------------|------------------|-------------------|--------------------|---------------------|
 | AccountFactory                |            4,814 |             5,239 |             19,762 |              43,913 |
 | AllowlistModule               |            9,903 |             9,930 |             14,673 |              39,222 |
 | ExecutionInstallDelegate      |            5,694 |             5,740 |             18,882 |              43,412 |
 | ModularAccount                |           21,971 |            28,654 |              2,605 |              20,498 |
 | NativeFunctionDelegate        |              434 |               461 |             24,142 |              48,691 |
 | NativeTokenLimitModule        |            4,258 |             4,285 |             20,318 |              44,867 |
 | PaymasterGuardModule          |            1,797 |             1,824 |             22,779 |              47,328 |
-| SemiModularAccountBytecode    |           23,273 |            29,956 |              1,303 |              19,196 |
-| SemiModularAccountStorageOnly |           23,767 |            30,450 |                809 |              18,702 |
+| SemiModularAccountBytecode    |           23,354 |            30,037 |              1,222 |              19,115 |
+| SemiModularAccountStorageOnly |           23,848 |            30,531 |                728 |              18,621 |
 | SingleSignerValidationModule  |            3,646 |             3,673 |             20,930 |              45,479 |
 | TimeRangeModule               |            2,000 |             2,027 |             22,576 |              47,125 |
 | WebAuthnValidationModule      |            7,854 |             7,881 |             16,722 |              41,271 |

Code coverage:

File	% Lines	% Statements	% Branches	% Funcs
src/account/AccountBase.sol	100.00% (8/8)	100.00% (7/7)	100.00% (2/2)	100.00% (4/4)
src/account/AccountStorageInitializable.sol	100.00% (19/19)	100.00% (26/26)	100.00% (5/5)	100.00% (2/2)
src/account/ModularAccount.sol	100.00% (2/2)	100.00% (2/2)	100.00% (0/0)	100.00% (3/3)
src/account/ModularAccountBase.sol	98.99% (294/297)	96.29% (363/377)	77.59% (45/58)	100.00% (36/36)
src/account/ModularAccountView.sol	100.00% (24/24)	100.00% (28/28)	100.00% (2/2)	100.00% (4/4)
src/account/ModuleManagerInternals.sol	95.08% (58/61)	96.20% (76/79)	62.50% (5/8)	100.00% (3/3)
src/account/SemiModularAccountBase.sol	89.06% (57/64)	92.31% (84/91)	68.75% (11/16)	100.00% (16/16)
src/account/SemiModularAccountBytecode.sol	100.00% (6/6)	100.00% (7/7)	100.00% (1/1)	66.67% (2/3)
src/account/SemiModularAccountStorageOnly.sol	80.00% (4/5)	83.33% (5/6)	100.00% (0/0)	66.67% (2/3)
src/account/TokenReceiver.sol	33.33% (1/3)	33.33% (1/3)	100.00% (0/0)	33.33% (1/3)
src/factory/AccountFactory.sol	70.59% (24/34)	76.09% (35/46)	40.00% (2/5)	58.33% (7/12)
src/helpers/ExecutionInstallDelegate.sol	92.59% (50/54)	92.96% (66/71)	40.00% (2/5)	100.00% (7/7)
src/helpers/NativeFunctionDelegate.sol	100.00% (16/16)	100.00% (30/30)	100.00% (0/0)	100.00% (1/1)
src/libraries/ExecutionLib.sol	98.92% (274/277)	98.15% (266/271)	84.85% (28/33)	100.00% (24/24)
src/libraries/KnownSelectorsLib.sol	100.00% (15/15)	100.00% (32/32)	100.00% (0/0)	100.00% (2/2)
src/libraries/LinkedListSetLib.sol	94.00% (47/50)	96.25% (77/80)	66.67% (4/6)	100.00% (8/8)
src/libraries/MemManagementLib.sol	100.00% (54/54)	100.00% (70/70)	100.00% (0/0)	100.00% (12/12)
src/libraries/ModuleInstallCommonsLib.sol	57.14% (8/14)	42.11% (8/19)	75.00% (3/4)	100.00% (3/3)
src/modules/ModuleBase.sol	100.00% (13/13)	94.12% (16/17)	100.00% (2/2)	100.00% (3/3)
src/modules/permissions/AllowlistModule.sol	86.05% (74/86)	85.71% (96/112)	78.26% (18/23)	50.00% (9/18)
src/modules/permissions/NativeTokenLimitModule.sol	92.31% (36/39)	92.86% (52/56)	100.00% (9/9)	63.64% (7/11)
src/modules/permissions/PaymasterGuardModule.sol	90.00% (9/10)	86.67% (13/15)	100.00% (2/2)	71.43% (5/7)
src/modules/permissions/TimeRangeModule.sol	83.33% (10/12)	80.00% (16/20)	100.00% (1/1)	75.00% (6/8)
src/modules/validation/SingleSignerValidationModule.sol	92.00% (23/25)	81.58% (31/38)	62.50% (5/8)	90.00% (9/10)
src/modules/validation/WebAuthnValidationModule.sol	61.11% (11/18)	66.67% (18/27)	100.00% (3/3)	60.00% (6/10)
Total	94.28% (1137/1206)	93.14% (1425/1530)	77.72% (150/193)	85.45% (182/213)

[octane-security-app-dev]

Overview

Octane AI analysis has finished. No vulnerabilities were found. Cheers! 🎉🎉🎉

---

🔗 Commit Hash: 3ec2481

[adamegyed]

I'm not sure this is the right way to do this switching logic, it seems ok on first glance but feels a bit fragile. Could we make the caller of _exec1271Validation perform the wrapping in the cases where it is needed, and skip it in the deferred action case?

[Zer0dot]

Could you elaborate on this point?

Would you instead not wrap it in validateUserOp()'s deferred validation section, but wrap in isValidSignature()?