Merge branch 'main' of github.com:safe-global/safe-modules into deps/…

…bump

.github/workflows/certora_passkey.yml

@@ -0,0 +1,66 @@
+name: certora
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - modules/passkey/**
+  pull_request:
+    branches:
+      - main
+    paths:
+      - modules/passkey/**
+
+  workflow_dispatch:
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rule:
+          [
+            'GetConfigurationConf',
+            'GetSigner',
+            'ProxySimulator',
+            'SafeWebAuthnSignerFactory',
+            'SafeWebAuthnSignerProxy',
+            'SafeWebAuthnSignerSingleton',
+            'SignerCreationCantOverride',
+            'SingletonIsValidSignatureRevertingConditions',
+            'ValidSignatureForSignerIntegrity',
+            'VerifyEQtoIsValidSignatureForSigner',
+            'WebAuthn',
+          ]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9
+
+      - name: Install python
+        uses: actions/setup-python@v4
+        with: { python-version: 3.11 }
+
+      - name: Install certora cli
+        run: pip install -r modules/passkey/certora/requirements.txt
+
+      - name: Install solc
+        run: |
+          wget https://github.com/ethereum/solidity/releases/download/v0.8.26/solc-static-linux
+          chmod +x solc-static-linux
+          sudo mv solc-static-linux /usr/local/bin/solc8.26
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Verify rule ${{ matrix.rule }}
+        working-directory: ./modules/passkey
+        run: |
+          echo "Certora key length" ${#CERTORAKEY}
+          certoraRun certora/conf/${{ matrix.rule }}.conf --wait_for_results=all
+        env:
+          CERTORAKEY: ${{ secrets.CERTORA_KEY }}

modules/4337/package.json

@@ -24,6 +24,7 @@
     "benchmark": "pnpm run test test/gas/*.ts",
     "deploy-all": "hardhat deploy-contracts --network",
     "deploy": "hardhat deploy --network",
+    "deploy-custom": "rm -rf deployments/custom && npm run deploy custom",
     "lint": "pnpm run lint:sol && npm run lint:ts",
     "lint:sol": "solhint 'contracts/**/*.sol'",
     "lint:ts": "eslint ./src && eslint ./test",

modules/allowances/.env.sample

@@ -1,3 +1,4 @@
 MNEMONIC=
 INFURA_KEY=
 ETHERSCAN_API_KEY=
+CUSTOM_NODE_URL=

modules/allowances/hardhat.config.ts

@@ -9,7 +9,7 @@ import { getSingletonFactoryInfo } from '@safe-global/safe-singleton-factory'
 
 dotenv.config()
 
-const { INFURA_KEY, MNEMONIC, ETHERSCAN_API_KEY } = process.env
+const { INFURA_KEY, MNEMONIC, ETHERSCAN_API_KEY, CUSTOM_NODE_URL } = process.env
 
 const sharedNetworkConfig: HttpNetworkUserConfig = {
   accounts: {
@@ -19,6 +19,15 @@ const sharedNetworkConfig: HttpNetworkUserConfig = {
   },
 }
 
+const customNetwork = CUSTOM_NODE_URL
+  ? {
+      custom: {
+        ...sharedNetworkConfig,
+        url: CUSTOM_NODE_URL,
+      },
+    }
+  : {}
+
 const config: HardhatUserConfig = {
   paths: {
     artifacts: 'build/artifacts',
@@ -78,6 +87,7 @@ const config: HardhatUserConfig = {
       ...sharedNetworkConfig,
       url: `https://api.avax.network/ext/bc/C/rpc`,
     },
+    ...customNetwork,
   },
   deterministicDeployment,
   namedAccounts: {

modules/allowances/package.json

@@ -14,6 +14,7 @@
     "test": "hardhat test",
     "coverage": "hardhat coverage",
     "deploy": "hardhat deploy-verify --network",
+    "deploy-custom": "rm -rf deployments/custom && npm run deploy custom",
     "prepare": "pnpm run clean && npm run build",
     "lint": "pnpm run lint:sol && npm run lint:ts",
     "lint:sol": "solhint 'contracts/**/*.sol'",

modules/passkey/certora/conf/GetConfigurationConf.conf

@@ -0,0 +1,25 @@
+{
+	"assert_autofinder_success": true,
+	"files": [
+		"certora/munged/SafeWebAuthnSignerSingleton.sol",
+		"certora/harnesses/GetConfigurationProxyHarness.sol",
+		"contracts/SafeWebAuthnSignerFactory.sol"
+	],
+	"link": [
+		"GetConfigurationProxyHarness:_SINGLETON=SafeWebAuthnSignerSingleton"
+	],
+	"loop_iter": "6",
+	"optimistic_hashing": true,
+	"optimistic_loop": true,
+	"packages": [
+		"@safe-global=node_modules/@safe-global",
+		"@account-abstraction=node_modules/@account-abstraction"
+	],
+	"process": "emv",
+	"prover_args": [
+		" -split false"
+	],
+	"rule_sanity": "basic",
+	"solc": "solc8.26",
+	"verify": "GetConfigurationProxyHarness:certora/specs/GetConfigurationSpec.spec"
+}

modules/passkey/certora/conf/GetSigner.conf

@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/GetSignerHarness.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol"
+    ],
+    "hashing_length_bound": "4694",
+    "link": [
+        "GetSignerHarness:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "144",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "GetSignerHarness:certora/specs/GetSigner.spec"
+}

modules/passkey/certora/conf/ProxySimulator.conf

@@ -0,0 +1,27 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/ProxySimulator.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "hashing_length_bound": "2048",
+    "link": [
+        "ProxySimulator:_proxy=SafeWebAuthnSignerProxy",
+        "SafeWebAuthnSignerProxy:_VERIFIERS=P256",
+        "SafeWebAuthnSignerProxy:_SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "ProxySimulator:certora/specs/ProxySimulator.spec"
+}

modules/passkey/certora/conf/SafeWebAuthnSignerFactory.conf

@@ -0,0 +1,30 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/FactoryHarnessForSignerConsistency.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol"
+    ],
+    "link": [
+        "FactoryHarnessForSignerConsistency:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "rule": [
+        "createAndGetSignerEquivalence",
+        "getSignerRevertingConditions",
+        "hasNoCodeIntegrity",
+        "isValidSignatureForSignerConsistency",
+        "singletonNeverChanges"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "FactoryHarnessForSignerConsistency:certora/specs/SafeWebAuthnSignerFactoryWithMunge.spec"
+}

modules/passkey/certora/conf/SafeWebAuthnSignerProxy.conf

@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "contracts/SafeWebAuthnSignerProxy.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol"
+    ],
+    "link": [
+        "SafeWebAuthnSignerProxy:_VERIFIERS=P256",
+        "SafeWebAuthnSignerProxy:_SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerProxy:certora/specs/SafeWebAuthnSignerProxy.spec"
+}

modules/passkey/certora/conf/SafeWebAuthnSignerSingleton.conf

@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "contracts/SafeWebAuthnSignerFactory.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "link": [
+        "SafeWebAuthnSignerFactory:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerSingleton:certora/specs/SafeWebAuthnSignerSingleton.spec"
+}

modules/passkey/certora/conf/SignerCreationCantOverride.conf

@@ -0,0 +1,31 @@
+{
+    "assert_autofinder_success": true,
+    "exclude_rule": [
+        "createAndVerifyEQtoIsValidSignatureForSigner"
+    ],
+    "files": [
+        "certora/harnesses/SafeWebAuthnSignerFactoryHarness.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "hashing_length_bound": "912",
+    "link": [
+        "SafeWebAuthnSignerFactoryHarness:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule": [
+        "SignerCreationCantOverride"
+    ],
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerFactoryHarness:certora/specs/SafeWebAuthnSignerFactory.spec"
+}

modules/passkey/certora/conf/SingletonIsValidSignatureRevertingConditions.conf

@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "contracts/SafeWebAuthnSignerFactory.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule": [
+        "isValidSignatureRevertingConditions"
+    ],
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerSingleton:certora/specs/SafeWebAuthnSignerSingleton.spec"
+}

modules/passkey/certora/conf/ValidSignatureForSignerIntegrity.conf

@@ -0,0 +1,26 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/SafeWebAuthnSignerFactoryHarness.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol"
+    ],
+    "link": [
+        "SafeWebAuthnSignerFactoryHarness:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule": [
+        "isValidSignatureForSignerIntegrity"
+    ],
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerFactoryHarness:certora/specs/SafeWebAuthnSignerFactory.spec"
+}