Barz v2

[PowerStream3604]

Barz V2 Upgrade

1. Add Multi-tier Module System

• Add Facet Guard for permission access control between Facets & Modules
• Support ERC 7579 (Executor, Validator, Hook, FallbackHandler, Policy and Signer through Permission)
• Support ERC 6900 v0.8 - Work in Progress

Concept and Distinction between Facets and Modules

Architecture of Facets in Multi-tier Module System

1. MMSAFacet makes Barz to be ERC 7579 Compliant
2. MSCAFacet makes Barz to be ERC 6900 Compliant

2. Add V2 Migrator Facet

• Facilitate Secure Migration to V2

3. Update Compiler Version to 0.8.26

• Compiler Update

[zeroknots]

allowing self-call in execute functions should be considered carefully.

there is an attack scenario here, where a user is tricked to permit a session key access to address(this).execute(), not knowing what this permission really entails.

the session key can then build a userop. that has userop.calldata with two nested executions, the first one passing the sessionkey permission, the 2nd one would be arbitrary executions. this can lead to loss of funds

[PowerStream3604]

@zeroknots Actually, the execute function of the 7579 part, the MMSAFacet's execute() cannot make a self call.
Self calls can only be made when the user uses the default VerificationFacet for UserOp Validation and use executeSingle() / executeBatch() from AccountFacetV2 for execution.

But it's a good callout, something worth deep consideration.

[Mehdisirjani3510]

Msirjani2015@gmail.com