From 19f18e35c57002dd15fc540b656440696a8563cb Mon Sep 17 00:00:00 2001 From: Shivendra Singh Date: Sat, 4 Nov 2023 19:11:19 +0530 Subject: [PATCH 1/3] restoring to util contract deployments to createAccount() --- .../account/non-upgradeable/Account.sol | 13 +++++------ .../non-upgradeable/AccountFactory.sol | 13 +++-------- .../prebuilts/account/utils/AccountCore.sol | 9 ++------ .../prebuilts/account/utils/AccountLock.sol | 22 +++++++++---------- .../account/utils/BaseAccountFactory.sol | 19 ++++++++-------- 5 files changed, 32 insertions(+), 44 deletions(-) diff --git a/contracts/prebuilts/account/non-upgradeable/Account.sol b/contracts/prebuilts/account/non-upgradeable/Account.sol index 6bdeaef94..7455a196f 100644 --- a/contracts/prebuilts/account/non-upgradeable/Account.sol +++ b/contracts/prebuilts/account/non-upgradeable/Account.sol @@ -45,9 +45,8 @@ contract Account is AccountCore, ContractMetadata, ERC1271, ERC721Holder, ERC115 Constructor, Initializer, Modifiers //////////////////////////////////////////////////////////////*/ - constructor(IEntryPoint _entrypoint, address _factory, Guardian _guardian) AccountCore(_entrypoint, _factory) { + constructor(IEntryPoint _entrypoint, address _factory) AccountCore(_entrypoint, _factory) { paused = false; - guardian = _guardian; } /// @notice Checks whether the caller is the EntryPoint contract or the admin. @@ -133,12 +132,12 @@ contract Account is AccountCore, ContractMetadata, ERC1271, ERC721Holder, ERC115 paused = pauseStatus; } - function deployAccountGuardian(address accountClone, AccountLock _accountLock) public override { - accountLock = _accountLock; + // function deployAccountGuardian(address accountClone, AccountLock _accountLock) public override { + // accountLock = _accountLock; - accountGuardian = new AccountGuardian(guardian, accountLock, accountClone); - guardian.linkAccountToAccountGuardian(accountClone, address(accountGuardian)); - } + // accountGuardian = new AccountGuardian(guardian, accountLock, accountClone); + // guardian.linkAccountToAccountGuardian(accountClone, address(accountGuardian)); + // } /*/////////////////////////////////////////////////////////////// Internal functions diff --git a/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol b/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol index 30d875ec2..16b59e0bc 100644 --- a/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol +++ b/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol @@ -27,15 +27,13 @@ import { Guardian } from "../utils/Guardian.sol"; // \____/ \__| \__|\__|\__| \_______| \_____\____/ \_______|\_______/ contract AccountFactory is BaseAccountFactory, ContractMetadata, PermissionsEnumerable { - Guardian guardian = new Guardian(); - /*/////////////////////////////////////////////////////////////// Constructor //////////////////////////////////////////////////////////////*/ constructor( IEntryPoint _entrypoint - ) BaseAccountFactory(address(new Account(_entrypoint, address(this), guardian)), address(_entrypoint), guardian) { + ) BaseAccountFactory(address(new Account(_entrypoint, address(this))), address(_entrypoint)) { _setupRole(DEFAULT_ADMIN_ROLE, msg.sender); } @@ -44,13 +42,8 @@ contract AccountFactory is BaseAccountFactory, ContractMetadata, PermissionsEnum //////////////////////////////////////////////////////////////*/ /// @dev Called in `createAccount`. Initializes the account contract created in `createAccount`. - function _initializeAccount( - address _account, - address _admin, - bytes calldata _data, - AccountLock _accountLock - ) internal override { - Account(payable(_account)).initialize(_admin, _data, _account, _accountLock); + function _initializeAccount(address _account, address _admin, bytes calldata _data) internal override { + Account(payable(_account)).initialize(_admin, _data); } /// @dev Returns whether contract metadata can be set in the given execution context. diff --git a/contracts/prebuilts/account/utils/AccountCore.sol b/contracts/prebuilts/account/utils/AccountCore.sol index 29f1c422e..7c84ceba1 100644 --- a/contracts/prebuilts/account/utils/AccountCore.sol +++ b/contracts/prebuilts/account/utils/AccountCore.sol @@ -57,17 +57,12 @@ contract AccountCore is IAccountCore, Initializable, Multicall, BaseAccount, Acc } /// @notice Initializes the smart contract wallet. - function initialize( - address _defaultAdmin, - bytes calldata, - address _accountClone, - AccountLock _accountLock - ) public virtual initializer { + function initialize(address _defaultAdmin, bytes calldata) public virtual initializer { // This is passed as data in the `_registerOnFactory()` call in `AccountExtension` / `Account`. AccountCoreStorage.data().firstAdmin = _defaultAdmin; _setAdmin(_defaultAdmin, true); - deployAccountGuardian(_accountClone, _accountLock); + // deployAccountGuardian(_accountClone, _accountLock); } /*/////////////////////////////////////////////////////////////// diff --git a/contracts/prebuilts/account/utils/AccountLock.sol b/contracts/prebuilts/account/utils/AccountLock.sol index 5a6654897..6a0b45459 100644 --- a/contracts/prebuilts/account/utils/AccountLock.sol +++ b/contracts/prebuilts/account/utils/AccountLock.sol @@ -141,9 +141,9 @@ contract AccountLock is IAccountLock, AutomationCompatibleInterface { } lockRequestEvaluationStatus[lockRequest] = true; - if (validGuardianSignatures > (guardianCount / 2)) { - _lockAccount(payable(account)); - } + // if (validGuardianSignatures > (guardianCount / 2)) { + // _lockAccount(payable(account)); + // } } } } @@ -224,18 +224,18 @@ contract AccountLock is IAccountLock, AutomationCompatibleInterface { return false; } - /** - * @notice Will lock all account assets and transactions - * @param account The account to be locked - */ - function _lockAccount(address payable account) internal { - Account(account).setPaused(true); - } + // /** + // * @notice Will lock all account assets and transactions + // * @param account The account to be locked + // */ + // function _lockAccount(address payable account) internal { + // Account(account).setPaused(true); + // } function _verifyLockRequestSignature( bytes32 lockRequest, bytes memory guardianSignature - ) internal returns (address) { + ) internal pure returns (address) { // verify address recoveredGuardian = ECDSA.recover(lockRequest, guardianSignature); diff --git a/contracts/prebuilts/account/utils/BaseAccountFactory.sol b/contracts/prebuilts/account/utils/BaseAccountFactory.sol index a752bc829..ad0d06024 100644 --- a/contracts/prebuilts/account/utils/BaseAccountFactory.sol +++ b/contracts/prebuilts/account/utils/BaseAccountFactory.sol @@ -35,6 +35,7 @@ abstract contract BaseAccountFactory is IAccountFactory, Multicall { address public immutable accountImplementation; address public immutable entrypoint; + Guardian guardian; AccountLock public accountLock; EnumerableSet.AddressSet private allAccounts; @@ -44,10 +45,11 @@ abstract contract BaseAccountFactory is IAccountFactory, Multicall { Constructor //////////////////////////////////////////////////////////////*/ - constructor(address _accountImpl, address _entrypoint, Guardian _guardian) { + constructor(address _accountImpl, address _entrypoint) { accountImplementation = _accountImpl; entrypoint = _entrypoint; - accountLock = new AccountLock(_guardian); + // guardian = new Guardian(); + // accountLock = new AccountLock(guardian); } /*/////////////////////////////////////////////////////////////// @@ -70,8 +72,12 @@ abstract contract BaseAccountFactory is IAccountFactory, Multicall { require(allAccounts.add(account), "AccountFactory: account already registered"); } - _initializeAccount(account, _admin, _data, accountLock); + _initializeAccount(account, _admin, _data); emit AccountCreated(account, _admin); + + // AccountGuardian accountGuardian = new AccountGuardian(guardian, accountLock, account); + // guardian.linkAccountToAccountGuardian(account, address(accountGuardian)); + return account; } @@ -157,10 +163,5 @@ abstract contract BaseAccountFactory is IAccountFactory, Multicall { } /// @dev Called in `createAccount`. Initializes the account contract created in `createAccount`. - function _initializeAccount( - address _account, - address _admin, - bytes calldata _data, - AccountLock _accountLock - ) internal virtual; + function _initializeAccount(address _account, address _admin, bytes calldata _data) internal virtual; } From 0ddb444f63aa25acdc94c1452bf0b3a9cf23237c Mon Sep 17 00:00:00 2001 From: Shivendra Singh Date: Wed, 8 Nov 2023 14:20:58 +0530 Subject: [PATCH 2/3] Changed the approach of calling Account.sol from AccountLock.sol --- .../account/non-upgradeable/Account.sol | 9 - .../prebuilts/account/utils/AccountLock.sol | 25 +- .../account/utils/BaseAccountFactory.sol | 10 +- .../utils/AccountGuardianTest.t.sol | 230 +++++++++--------- 4 files changed, 133 insertions(+), 141 deletions(-) diff --git a/contracts/prebuilts/account/non-upgradeable/Account.sol b/contracts/prebuilts/account/non-upgradeable/Account.sol index 7455a196f..457740923 100644 --- a/contracts/prebuilts/account/non-upgradeable/Account.sol +++ b/contracts/prebuilts/account/non-upgradeable/Account.sol @@ -22,7 +22,6 @@ import "../utils/BaseAccountFactory.sol"; import { Guardian } from "../utils/Guardian.sol"; import { AccountLock } from "../utils/AccountLock.sol"; -import { AccountGuardian } from "../utils/AccountGuardian.sol"; // $$\ $$\ $$\ $$\ $$\ // $$ | $$ | \__| $$ | $$ | @@ -39,7 +38,6 @@ contract Account is AccountCore, ContractMetadata, ERC1271, ERC721Holder, ERC115 bool public paused; Guardian guardian; AccountLock accountLock; - AccountGuardian accountGuardian; /*/////////////////////////////////////////////////////////////// Constructor, Initializer, Modifiers @@ -132,13 +130,6 @@ contract Account is AccountCore, ContractMetadata, ERC1271, ERC721Holder, ERC115 paused = pauseStatus; } - // function deployAccountGuardian(address accountClone, AccountLock _accountLock) public override { - // accountLock = _accountLock; - - // accountGuardian = new AccountGuardian(guardian, accountLock, accountClone); - // guardian.linkAccountToAccountGuardian(accountClone, address(accountGuardian)); - // } - /*/////////////////////////////////////////////////////////////// Internal functions //////////////////////////////////////////////////////////////*/ diff --git a/contracts/prebuilts/account/utils/AccountLock.sol b/contracts/prebuilts/account/utils/AccountLock.sol index 6a0b45459..9dd19ccfe 100644 --- a/contracts/prebuilts/account/utils/AccountLock.sol +++ b/contracts/prebuilts/account/utils/AccountLock.sol @@ -3,7 +3,6 @@ pragma solidity ^0.8.12; import { IAccountLock } from "../interface/IAccountLock.sol"; -import { Account } from "contracts/prebuilts/account/non-upgradeable/Account.sol"; import { Guardian } from "contracts/prebuilts/account/utils/Guardian.sol"; import { AccountGuardian } from "contracts/prebuilts/account/utils/AccountGuardian.sol"; import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; @@ -103,7 +102,7 @@ contract AccountLock is IAccountLock, AutomationCompatibleInterface { revert ActiveLockRequestFound(); } - bytes32 lockRequestHash = keccak256(abi.encodePacked("_lockRequest(address account)", account)); + bytes32 lockRequestHash = keccak256(abi.encodePacked("_lockAccount(address account)", account)); accountToLockRequest[account] = lockRequestHash; lockRequestToCreationTime[lockRequestHash] = block.timestamp; @@ -141,9 +140,9 @@ contract AccountLock is IAccountLock, AutomationCompatibleInterface { } lockRequestEvaluationStatus[lockRequest] = true; - // if (validGuardianSignatures > (guardianCount / 2)) { - // _lockAccount(payable(account)); - // } + if (validGuardianSignatures > (guardianCount / 2)) { + _lockAccount(payable(account)); + } } } } @@ -224,13 +223,15 @@ contract AccountLock is IAccountLock, AutomationCompatibleInterface { return false; } - // /** - // * @notice Will lock all account assets and transactions - // * @param account The account to be locked - // */ - // function _lockAccount(address payable account) internal { - // Account(account).setPaused(true); - // } + /** + * @notice Will lock all account assets and transactions + * @param account The account to be locked + */ + function _lockAccount(address payable account) internal { + (bool success, ) = account.call(abi.encodeWithSignature("setPaused(bool)", true)); + + require(success, "Locking account failed"); + } function _verifyLockRequestSignature( bytes32 lockRequest, diff --git a/contracts/prebuilts/account/utils/BaseAccountFactory.sol b/contracts/prebuilts/account/utils/BaseAccountFactory.sol index ad0d06024..41c32d167 100644 --- a/contracts/prebuilts/account/utils/BaseAccountFactory.sol +++ b/contracts/prebuilts/account/utils/BaseAccountFactory.sol @@ -35,7 +35,7 @@ abstract contract BaseAccountFactory is IAccountFactory, Multicall { address public immutable accountImplementation; address public immutable entrypoint; - Guardian guardian; + Guardian public guardian; AccountLock public accountLock; EnumerableSet.AddressSet private allAccounts; @@ -48,8 +48,8 @@ abstract contract BaseAccountFactory is IAccountFactory, Multicall { constructor(address _accountImpl, address _entrypoint) { accountImplementation = _accountImpl; entrypoint = _entrypoint; - // guardian = new Guardian(); - // accountLock = new AccountLock(guardian); + guardian = new Guardian(); + accountLock = new AccountLock(guardian); } /*/////////////////////////////////////////////////////////////// @@ -75,8 +75,8 @@ abstract contract BaseAccountFactory is IAccountFactory, Multicall { _initializeAccount(account, _admin, _data); emit AccountCreated(account, _admin); - // AccountGuardian accountGuardian = new AccountGuardian(guardian, accountLock, account); - // guardian.linkAccountToAccountGuardian(account, address(accountGuardian)); + AccountGuardian accountGuardian = new AccountGuardian(guardian, accountLock, account); + guardian.linkAccountToAccountGuardian(account, address(accountGuardian)); return account; } diff --git a/src/test/smart-wallet/utils/AccountGuardianTest.t.sol b/src/test/smart-wallet/utils/AccountGuardianTest.t.sol index f8f52ad30..d69d3a754 100644 --- a/src/test/smart-wallet/utils/AccountGuardianTest.t.sol +++ b/src/test/smart-wallet/utils/AccountGuardianTest.t.sol @@ -1,115 +1,115 @@ -// // SPDX-License-Identifier: GPL-3.0 -// pragma solidity ^0.8.12; - -// import { Test } from "forge-std/Test.sol"; -// import { EntryPoint } from "contracts/prebuilts/account/utils/EntryPoint.sol"; -// import { AccountFactory } from "contracts/prebuilts/account/non-upgradeable/AccountFactory.sol"; -// import { Guardian } from "contracts/prebuilts/account/utils/Guardian.sol"; -// import { AccountGuardian } from "contracts/prebuilts/account/utils/AccountGuardian.sol"; -// import { AccountLock } from "contracts/prebuilts/account/utils/AccountLock.sol"; -// import { DeployGuardian } from "scripts/DeployGuardian.s.sol"; -// import { IAccountGuardian } from "contracts/prebuilts/account/interface/IAccountGuardian.sol"; - -// contract AccountGuardianTest is Test { -// AccountGuardian accountGuardian; -// Guardian public guardianContract; -// AccountLock public accountLock; -// address randomUser = makeAddr("randomUser"); -// address guardian = makeAddr("guardian"); - -// event GuardianRemoved(address indexed guardian); - -// function setUp() public { -// EntryPoint entryPoint = new EntryPoint(); - -// AccountFactory accountFactory = new AccountFactory(entryPoint); - -// guardianContract = accountFactory.guardian(); -// accountLock = accountFactory.accountLock(); - -// address account = accountFactory.createAccount(address(this), ""); - -// accountGuardian = new AccountGuardian(guardianContract, accountLock, account); -// } - -// modifier addVerifiedGuardian() { -// vm.prank(guardian); -// guardianContract.addVerifiedGuardian(); -// _; -// } - -// ////////////////////////// -// /// addGuardian() tests/// -// ////////////////////////// -// function testRevertIfGuardianAddedNotByOwner() public { -// vm.prank(randomUser); -// vm.expectRevert(AccountGuardian.NotOwnerOrAccountLock.selector); -// accountGuardian.addGuardian(randomUser); -// } - -// function testRevertOnAddingUnverifiedGuardian() public { -// vm.expectRevert(abi.encodeWithSelector(IAccountGuardian.GuardianNotVerified.selector, randomUser)); - -// accountGuardian.addGuardian(randomUser); -// } - -// function testAddGuardianAddsGuardianToList() public addVerifiedGuardian { -// // ACT -// accountGuardian.addGuardian(guardian); - -// address[] memory accountGuardians = accountGuardian.getAllGuardians(); - -// assertEq(accountGuardians.length, 1); -// assertEq(accountGuardians[0], guardian); -// } - -// ///////////////////////////// -// /// removeGuardian() tests/// -// ///////////////////////////// - -// function testRevertRemoveGuardianNotByOwner() external { -// vm.prank(randomUser); -// vm.expectRevert(AccountGuardian.NotOwnerOrAccountLock.selector); -// accountGuardian.removeGuardian(guardian); -// } - -// function testRevertIfRemovingGuardianThatDoesNotExist() external { -// vm.expectRevert(abi.encodeWithSelector(IAccountGuardian.NotAGuardian.selector, guardian)); -// accountGuardian.removeGuardian(guardian); -// } - -// function testRemoveGuardianRemovesGuardianFromList() external addVerifiedGuardian { -// // SETUP -// accountGuardian.addGuardian(guardian); - -// // Act -// vm.expectEmit(true, false, false, false, address(accountGuardian)); -// emit GuardianRemoved(guardian); -// accountGuardian.removeGuardian(guardian); - -// // ASSERT -// address[] memory accountGuardians = accountGuardian.getAllGuardians(); -// assertEq(accountGuardians[0], address(0)); // the delete function in `removeGuardian()` will remove the guardian address but replace it with a zero address rather than removing the entry. -// } - -// ///////////////////////////// -// /// getAllGuardians() tests/// -// ///////////////////////////// - -// function testRevertIfNotOwnerTriesToGetGuardians() external { -// vm.prank(randomUser); -// vm.expectRevert(AccountGuardian.NotOwnerOrAccountLock.selector); -// accountGuardian.getAllGuardians(); -// } - -// function testGetAllGuardians() external addVerifiedGuardian { -// // SETUP -// accountGuardian.addGuardian(guardian); - -// // ACT -// address[] memory accountGuardians = accountGuardian.getAllGuardians(); - -// // Assert -// assertEq(accountGuardians[0], guardian); -// } -// } +// SPDX-License-Identifier: GPL-3.0 +pragma solidity ^0.8.12; + +import { Test } from "forge-std/Test.sol"; +import { EntryPoint } from "contracts/prebuilts/account/utils/EntryPoint.sol"; +import { AccountFactory } from "contracts/prebuilts/account/non-upgradeable/AccountFactory.sol"; +import { Guardian } from "contracts/prebuilts/account/utils/Guardian.sol"; +import { AccountGuardian } from "contracts/prebuilts/account/utils/AccountGuardian.sol"; +import { AccountLock } from "contracts/prebuilts/account/utils/AccountLock.sol"; +import { DeployGuardian } from "scripts/DeployGuardian.s.sol"; +import { IAccountGuardian } from "contracts/prebuilts/account/interface/IAccountGuardian.sol"; + +contract AccountGuardianTest is Test { + AccountGuardian accountGuardian; + Guardian public guardianContract; + AccountLock public accountLock; + address randomUser = makeAddr("randomUser"); + address guardian = makeAddr("guardian"); + + event GuardianRemoved(address indexed guardian); + + function setUp() public { + EntryPoint entryPoint = new EntryPoint(); + + AccountFactory accountFactory = new AccountFactory(entryPoint); + + guardianContract = accountFactory.guardian(); + accountLock = accountFactory.accountLock(); + + address account = accountFactory.createAccount(address(this), ""); + + accountGuardian = new AccountGuardian(guardianContract, accountLock, account); + } + + modifier addVerifiedGuardian() { + vm.prank(guardian); + guardianContract.addVerifiedGuardian(); + _; + } + + ////////////////////////// + /// addGuardian() tests/// + ////////////////////////// + function testRevertIfGuardianAddedNotByOwner() public { + vm.prank(randomUser); + vm.expectRevert(AccountGuardian.NotOwnerOrAccountLock.selector); + accountGuardian.addGuardian(randomUser); + } + + function testRevertOnAddingUnverifiedGuardian() public { + vm.expectRevert(abi.encodeWithSelector(IAccountGuardian.GuardianNotVerified.selector, randomUser)); + + accountGuardian.addGuardian(randomUser); + } + + function testAddGuardianAddsGuardianToList() public addVerifiedGuardian { + // ACT + accountGuardian.addGuardian(guardian); + + address[] memory accountGuardians = accountGuardian.getAllGuardians(); + + assertEq(accountGuardians.length, 1); + assertEq(accountGuardians[0], guardian); + } + + ///////////////////////////// + /// removeGuardian() tests/// + ///////////////////////////// + + function testRevertRemoveGuardianNotByOwner() external { + vm.prank(randomUser); + vm.expectRevert(AccountGuardian.NotOwnerOrAccountLock.selector); + accountGuardian.removeGuardian(guardian); + } + + function testRevertIfRemovingGuardianThatDoesNotExist() external { + vm.expectRevert(abi.encodeWithSelector(IAccountGuardian.NotAGuardian.selector, guardian)); + accountGuardian.removeGuardian(guardian); + } + + function testRemoveGuardianRemovesGuardianFromList() external addVerifiedGuardian { + // SETUP + accountGuardian.addGuardian(guardian); + + // Act + vm.expectEmit(true, false, false, false, address(accountGuardian)); + emit GuardianRemoved(guardian); + accountGuardian.removeGuardian(guardian); + + // ASSERT + address[] memory accountGuardians = accountGuardian.getAllGuardians(); + assertEq(accountGuardians[0], address(0)); // the delete function in `removeGuardian()` will remove the guardian address but replace it with a zero address rather than removing the entry. + } + + ///////////////////////////// + /// getAllGuardians() tests/// + ///////////////////////////// + + function testRevertIfNotOwnerTriesToGetGuardians() external { + vm.prank(randomUser); + vm.expectRevert(AccountGuardian.NotOwnerOrAccountLock.selector); + accountGuardian.getAllGuardians(); + } + + function testGetAllGuardians() external addVerifiedGuardian { + // SETUP + accountGuardian.addGuardian(guardian); + + // ACT + address[] memory accountGuardians = accountGuardian.getAllGuardians(); + + // Assert + assertEq(accountGuardians[0], guardian); + } +} From 9c15308e5d2107b54243e0bbc5701fda6708433e Mon Sep 17 00:00:00 2001 From: Shivendra Singh Date: Wed, 8 Nov 2023 14:35:17 +0530 Subject: [PATCH 3/3] added modifier to restrict an Account's lock status change by AccountLocker.sol --- .../account/non-upgradeable/Account.sol | 17 ++++++++++++++--- .../account/non-upgradeable/AccountFactory.sol | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/contracts/prebuilts/account/non-upgradeable/Account.sol b/contracts/prebuilts/account/non-upgradeable/Account.sol index 457740923..e76949677 100644 --- a/contracts/prebuilts/account/non-upgradeable/Account.sol +++ b/contracts/prebuilts/account/non-upgradeable/Account.sol @@ -37,14 +37,17 @@ contract Account is AccountCore, ContractMetadata, ERC1271, ERC721Holder, ERC115 using EnumerableSet for EnumerableSet.AddressSet; bool public paused; Guardian guardian; - AccountLock accountLock; + address accountLock; + + error NotAuthorizedToLock(address locker); /*/////////////////////////////////////////////////////////////// Constructor, Initializer, Modifiers //////////////////////////////////////////////////////////////*/ - constructor(IEntryPoint _entrypoint, address _factory) AccountCore(_entrypoint, _factory) { + constructor(IEntryPoint _entrypoint, address _factory, address _accountLock) AccountCore(_entrypoint, _factory) { paused = false; + accountLock = _accountLock; } /// @notice Checks whether the caller is the EntryPoint contract or the admin. @@ -53,6 +56,14 @@ contract Account is AccountCore, ContractMetadata, ERC1271, ERC721Holder, ERC115 _; } + /// @notice The account can be paused only by the AccountLock contract + modifier onlyAccountLock(address locker) { + if (locker != accountLock) { + revert NotAuthorizedToLock(locker); + } + _; + } + /// @notice Will check if the Account transactions has been paused by the guardians. If paused, it will not allow the `execute(..)` or the `executeBatch(..)` function to run. modifier whenNotPaused() { require(!paused, "Smart account has been paused."); @@ -126,7 +137,7 @@ contract Account is AccountCore, ContractMetadata, ERC1271, ERC721Holder, ERC115 } } - function setPaused(bool pauseStatus) external { + function setPaused(bool pauseStatus) external onlyAccountLock(msg.sender) { paused = pauseStatus; } diff --git a/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol b/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol index 16b59e0bc..af8c7ad75 100644 --- a/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol +++ b/contracts/prebuilts/account/non-upgradeable/AccountFactory.sol @@ -33,7 +33,7 @@ contract AccountFactory is BaseAccountFactory, ContractMetadata, PermissionsEnum constructor( IEntryPoint _entrypoint - ) BaseAccountFactory(address(new Account(_entrypoint, address(this))), address(_entrypoint)) { + ) BaseAccountFactory(address(new Account(_entrypoint, address(this), address(accountLock))), address(_entrypoint)) { _setupRole(DEFAULT_ADMIN_ROLE, msg.sender); }