AmbireTech · borislav-itskov · Jan 16, 2025 · Jan 16, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/README.md b/README.md
@@ -39,3 +39,11 @@ yarn generate:contractInfo
 ## Editor Config
 
 Make sure your code editor has plugins that support the following configuration files: `.editorconfig`, `.prettierrc`, `tsconfig.json`, `eslintrc.js`, [`import-sorter.json`](https://github.com/SoominHan/import-sorter).
+
+## Deploy scripts
+
+How to deploy Ambire 7702:
+
+- npx hardhat compile
+- npx hardhat run scripts/deploy7702.js --network optimism
+- npx hardhat verify --network optimism 0xfe77D030Ac0531f5A62bAe502712b1F1cf976DD9
diff --git a/contracts/AmbireAccount.sol b/contracts/AmbireAccount.sol
@@ -6,6 +6,7 @@ import './ExternalSigValidator.sol';
 import './libs/erc4337/PackedUserOperation.sol';
 import './libs/erc4337/UserOpHelper.sol';
 import './deployless/IAmbireAccount.sol';
+import './libs/Eip712HashBuilder.sol';
 
 /**
  * @notice  A validator that performs DKIM signature recovery
@@ -20,14 +21,12 @@ contract AmbireAccount is IAmbireAccount {
 	address private constant FALLBACK_HANDLER_SLOT = address(0x6969);
 
 	// @dev This is how we understand if msg.sender is the entry point
-	bytes32 private constant ENTRY_POINT_MARKER = 0x0000000000000000000000000000000000000000000000000000000000007171;
+	bytes32 constant ENTRY_POINT_MARKER = 0x0000000000000000000000000000000000000000000000000000000000007171;
 
 	// Externally validated signatures
 	uint8 private constant SIGMODE_EXTERNALLY_VALIDATED = 255;
 
-	// Variables
-	mapping(address => bytes32) public privileges;
-	uint256 public nonce;
+	bytes32 constant AMBIRE_STORAGE_POSITION = keccak256("ambire.smart.contracts.storage");
 
 	// Events
 	event LogPrivilegeChanged(address indexed addr, bytes32 priv);
@@ -73,7 +72,7 @@ contract AmbireAccount is IAmbireAccount {
 	 */
 	fallback() external payable {
 		// We store the fallback handler at this magic slot
-		address fallbackHandler = address(uint160(uint(privileges[FALLBACK_HANDLER_SLOT])));
+		address fallbackHandler = address(uint160(uint(privileges(FALLBACK_HANDLER_SLOT))));
 		if (fallbackHandler == address(0)) return;
 		assembly {
 			// we can use addr 0 because logic is taking full control of the
@@ -90,6 +89,21 @@ contract AmbireAccount is IAmbireAccount {
 		}
 	}
 
+	function getAmbireStorage() internal pure returns (AmbireStorage storage ds) {
+		bytes32 position = AMBIRE_STORAGE_POSITION;
+		assembly {
+			ds.slot := position
+		}
+	}
+
+	function nonce() external view returns (uint256) {
+		return getAmbireStorage().nonce;
+	}
+
+	function privileges(address key) public virtual view returns (bytes32) {
+		return getAmbireStorage().privileges[key];
+	}
+
 	/**
 	 * @notice  used to set the privilege of a key (by `addr`)
 	 * @dev     normal signatures will be considered valid if the
@@ -100,7 +114,7 @@ contract AmbireAccount is IAmbireAccount {
 	 */
 	function setAddrPrivilege(address addr, bytes32 priv) external payable {
 		require(msg.sender == address(this), 'ONLY_ACCOUNT_CAN_CALL');
-		privileges[addr] = priv;
+		getAmbireStorage().privileges[addr] = priv;
 		emit LogPrivilegeChanged(addr, priv);
 	}
 
@@ -144,9 +158,9 @@ contract AmbireAccount is IAmbireAccount {
 	function execute(Transaction[] calldata calls, bytes calldata signature) public payable {
 		address signerKey;
 		uint8 sigMode = uint8(signature[signature.length - 1]);
-		uint256 currentNonce = nonce;
+		uint256 currentNonce = getAmbireStorage().nonce;
 		// we increment the nonce here (not using `nonce++` to save some gas)
-		nonce = currentNonce + 1;
+		getAmbireStorage().nonce = currentNonce + 1;
 
 		if (sigMode == SIGMODE_EXTERNALLY_VALIDATED) {
 			bool isValidSig;
@@ -157,18 +171,22 @@ contract AmbireAccount is IAmbireAccount {
 				revert('SIGNATURE_VALIDATION_FAIL');
 			}
 		} else {
-			signerKey = SignatureValidator.recoverAddr(
-				keccak256(abi.encode(address(this), block.chainid, currentNonce, calls)),
+			(signerKey, ) = SignatureValidator.recoverAddrAllowUnprotected(
+				Eip712HashBuilder.getExecute712Hash(
+					currentNonce,
+					calls,
+					keccak256(abi.encode(address(this), block.chainid, currentNonce, calls))
+				),
 				signature,
 				true
 			);
-			require(privileges[signerKey] != bytes32(0), 'INSUFFICIENT_PRIVILEGE');
+			require(privileges(signerKey) != bytes32(0), 'INSUFFICIENT_PRIVILEGE');
 		}
 
 		executeBatch(calls);
 
 		// The actual anti-bricking mechanism - do not allow a signerKey to drop their own privileges
-		require(privileges[signerKey] != bytes32(0), 'PRIVILEGE_NOT_DOWNGRADED');
+		require(privileges(signerKey) != bytes32(0), 'PRIVILEGE_NOT_DOWNGRADED');
 	}
 
 	/**
@@ -185,10 +203,10 @@ contract AmbireAccount is IAmbireAccount {
 	 * @param   calls  the transaction we're executing
 	 */
 	function executeBySender(Transaction[] calldata calls) external payable {
-		require(privileges[msg.sender] != bytes32(0), 'INSUFFICIENT_PRIVILEGE');
+		require(privileges(msg.sender) != bytes32(0), 'INSUFFICIENT_PRIVILEGE');
 		executeBatch(calls);
 		// again, anti-bricking
-		require(privileges[msg.sender] != bytes32(0), 'PRIVILEGE_NOT_DOWNGRADED');
+		require(privileges(msg.sender) != bytes32(0), 'PRIVILEGE_NOT_DOWNGRADED');
 	}
 
 	/**
@@ -253,7 +271,7 @@ contract AmbireAccount is IAmbireAccount {
 	 */
 	function isValidSignature(bytes32 hash, bytes calldata signature) external view returns (bytes4) {
 		(address recovered, bool usedUnprotected) = SignatureValidator.recoverAddrAllowUnprotected(hash, signature, false);
-		if (uint256(privileges[recovered]) > (usedUnprotected ? 1 : 0)) {
+		if (uint256(privileges(recovered)) > (usedUnprotected ? 1 : 0)) {
 			// bytes4(keccak256("isValidSignature(bytes32,bytes)")
 			return 0x1626ba7e;
 		} else {
@@ -273,7 +291,7 @@ contract AmbireAccount is IAmbireAccount {
 			interfaceID == 0x4e2312e0 || // ERC-1155 `ERC1155TokenReceiver` support (i.e. `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)")) ^ bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))`).
 			interfaceID == 0x0a417632; // used for checking whether the account is v2 or not
 		if (supported) return true;
-		address payable fallbackHandler = payable(address(uint160(uint256(privileges[FALLBACK_HANDLER_SLOT]))));
+		address payable fallbackHandler = payable(address(uint160(uint256(privileges(FALLBACK_HANDLER_SLOT)))));
 		if (fallbackHandler == address(0)) return false;
 		return AmbireAccount(fallbackHandler).supportsInterface(interfaceID);
 	}
@@ -335,7 +353,7 @@ contract AmbireAccount is IAmbireAccount {
 			return SIG_VALIDATION_SUCCESS;
 		}
 
-		require(privileges[msg.sender] == ENTRY_POINT_MARKER, 'validateUserOp: not from entryPoint');
+		require(privileges(msg.sender) == ENTRY_POINT_MARKER, 'validateUserOp: not from entryPoint');
 
 		// @estimation
 		// paying should happen even if signature validation fails
@@ -347,8 +365,12 @@ contract AmbireAccount is IAmbireAccount {
 		}
 
 		// this is replay-safe because userOpHash is retrieved like this: keccak256(abi.encode(userOp.hash(), address(this), block.chainid))
-		address signer = SignatureValidator.recoverAddr(userOpHash, op.signature, true);
-		if (privileges[signer] == bytes32(0)) return SIG_VALIDATION_FAILED;
+		(address signer, ) = SignatureValidator.recoverAddrAllowUnprotected(
+			Eip712HashBuilder.getUserOp712Hash(op, userOpHash),
+			op.signature,
+			true
+		);
+		if (privileges(signer) == bytes32(0)) return SIG_VALIDATION_FAILED;
 
 		return SIG_VALIDATION_SUCCESS;
 	}
@@ -377,7 +399,7 @@ contract AmbireAccount is IAmbireAccount {
 		// the privileges key
 		(signerKey, validatorAddr, validatorData, innerSig) = abi.decode(sig, (address, address, bytes, bytes));
 		require(
-			privileges[signerKey] == keccak256(abi.encode(validatorAddr, validatorData)),
+			privileges(signerKey) == keccak256(abi.encode(validatorAddr, validatorData)),
 			'EXTERNAL_VALIDATION_NOT_SET'
 		);
 

diff --git a/contracts/AmbireAccount7702.sol b/contracts/AmbireAccount7702.sol
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: agpl-3.0
+pragma solidity 0.8.19;
+
+import './AmbireAccount.sol';
+
+/**
+ * @notice A contract that extends AmbireAccount to make it 7702 adaptable
+ * @dev We hardcode the entry point address so we don't have to use
+ * any storage slots after authorization. If it changes, the users
+ * will have to authrorize another contract with the new entry point addr
+ * to continue
+ */
+contract AmbireAccount7702 is AmbireAccount {
+	address private constant ENTRY_POINT = address(0x0000000071727De22E5E9d8BAf0edAc6f37da032);
+
+	function privileges(address key) public override view returns (bytes32) {
+		if (key == address(this)) return bytes32(uint256(2));
+
+		// if the entry point is the sender, we return the marker priv
+		if (key == ENTRY_POINT) return ENTRY_POINT_MARKER;
+
+		return getAmbireStorage().privileges[key];
+	}
+}
diff --git a/contracts/AmbireToken.sol b/contracts/AmbireToken.sol
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: agpl-3.0
+pragma solidity 0.8.19;
+
+import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+contract AmbireToken is ERC20 {
+    mapping (address => uint) lastMint;
+
+    uint256 public constant WAIT_TIME = 24 hours;
+
+    uint256 public constant MINT_AMOUNT = 5 * 10 ** 18;
+
+    constructor(uint256 initialSupply) ERC20("Ambire", "AMW") {
+        _mint(msg.sender, initialSupply);
+    }
+
+    function mint() public {
+        require(
+            block.timestamp >= lastMint[msg.sender] + WAIT_TIME,
+            "Wait 24 hours before minting again"
+        );
+
+        lastMint[msg.sender] = block.timestamp;
+
+        _mint(msg.sender, MINT_AMOUNT);
+    }
+}