rhinestonewtf / registry Goto Github PK

View Code? Open in Web Editor NEW

38.0 38.0 11.0 2.68 MB

An Attestation Registry for securely using Smart Account Modules

Home Page: https://docs.rhinestone.wtf/

License: GNU General Public License v3.0

Solidity 99.26% JavaScript 0.16% Shell 0.58%

registry's People

Contributors

Stargazers

Watchers

Forkers

evmbrahmin oracl360 zeroknots ravenerzz farhadfa22 dantegpt kanthgithub farzin146 0xscratch

registry's Issues

RegisterResolver function - Rename Modifier onlyResolver to isSupportedResolver

Background

registerResolver function has a modifier called onlyResolver
it checks if the resolver address is not zero address and supports the interface for IExternalResolver

Minor readability Issue

name onlyResolver may mean if it is checking the address is a resolver address
sounds similar to onlyOwner

Suggested change

rename onlyResolver to isSupportedResolver

Feature Request: Dynamic msg.value for module deployment

registry/src/lib/RSModuleDeploymentLib.sol

Line 42 in 3de0f51

moduleAddress := create2(0, add(initCode, 0x20), mload(initCode), salt)

Following discussion with @leekt, we should add dynamic msg.value to create2

feature request: support different deployment factories

Following on from feedback by Ankur at Biconomy

[RHI-590] Unused Variables in Tests

Saw that these are not used

https://github.com/rhinestonewtf/registry/blob/main/test/AttestationDelegation.t.sol#L316-L328

_RHI-590

enhancement: Specify chainID whitelist for propagations

the registry currently uses a boolean flag in attestations to allow for L2 propagations.

It would be better to implement a more complex whitelist, that allows attesters to either:

generally allow propagations
generally disallow propagations
pick chainIDs to propagate

Remove revocable flag from Schema and Attestation

Ongoing security is so critical to the module ecosystem and the Registry that I can't think of any legitimate reason to want to have a Schema or Attestation be un-revocable.

At best, this flag would only waste gas, at worst it could lead to security issues where attestations on compromised modules cannot be revoked.

GAS: optimizing revocationTime data fields

following to discussion with @shahafn

there are optimization opportunities how the registry is handling revocationTime and revocable in the attestation struct.

Not using the sender/owner to calculate the UID of Resolvers could lead to senders being frontrun and unable to register the Resolver because the UID is already taken - it could also lead to resolvers being owned by someone malicious without noticing and later changed (thanks to Lee Yu for pointing this out)

feature request: support attestating to a module using different schemas

Requires discussion

[RHI-19] test

_{From SyncLinear.com | RHI-19}

calculation of schema UIDs

we are currently deriving the schemaUID by calculating a hash on the schema string, the owner (wallet registering the schema) and if its revokable.

I am not sure if this is a good derivation path...

we need schemaIDs to be the same across chains to allow for propagation, and the schema need to be bound to the creator, or else someone could frontrun registration and block the schemaID.

the downside of the current derivation path is that it doesnt allow for wallet rotation for authorities in the future.

we could use the resolver address as a parameter in the hash derivation but that also makes things dangerous if some authorities choose to use create2 for their resolver and can be frontrun

https://github.com/rhinestonewtf/registry/blob/main/src/base/RSSchema.sol#L110-L121