feat!: add callee params to lsp20 & EXECUTE_RELAY_CALL permission & mapping reentrancyStatus

constants.ts

@@ -26,7 +26,7 @@ export const INTERFACE_IDS = {
   ERC725Y: '0x629aa694',
   LSP0ERC725Account: '0x24871b3d',
   LSP1UniversalReceiver: '0x6bb56a14',
-  LSP6KeyManager: '0x66918867',
+  LSP6KeyManager: '0xe7424397',
   LSP7DigitalAsset: '0x05519512',
   LSP8IdentifiableDigitalAsset: '0x1ae9ba1f',
   LSP9Vault: '0x28af17e6',
@@ -35,7 +35,7 @@ export const INTERFACE_IDS = {
   LSP17Extendable: '0xa918fa6b',
   LSP17Extension: '0xcee78b40',
   LSP20CallVerification: '0x1a0eb6a5',
-  LSP20CallVerifier: '0x480c0ec2',
+  LSP20CallVerifier: '0xc9dfc532',
   LSP25ExecuteRelayCall: '0x5ac79908',
 };
 
@@ -60,10 +60,10 @@ export const ERC1271_VALUES = {
  */
 export const LSP20_MAGIC_VALUES = {
   VERIFY_CALL: {
-    // bytes3(keccak256("lsp20VerifyCall(address,uint256,bytes)")) + "0x01"
-    WITH_POST_VERIFICATION: '0x9bf04b01',
-    // bytes3(keccak256("lsp20VerifyCall(address,uint256,bytes)")) + "0x00"
-    NO_POST_VERIFICATION: '0x9bf04b00',
+    // bytes3(keccak256("lsp20VerifyCall(address,address,uint256,bytes)")) + "0x00"
+    NO_POST_VERIFICATION: '0x1a238000',
+    // bytes3(keccak256("lsp20VerifyCall(address,address,uint256,bytes)")) + "0x01"
+    WITH_POST_VERIFICATION: '0x1a238001',
   },
   // bytes4(keccak256("lsp20VerifyCallResult(bytes32,bytes)"))
   VERIFY_CALL_RESULT: '0xd3fc45d3',
@@ -274,7 +274,7 @@ export const CALLTYPE = {
 /**
  * @dev `bytes32` hex value for all the LSP6 permissions excluding REENTRANCY, DELEGATECALL and SUPER_DELEGATECALL for security (these should be set manually)
  */
-export const ALL_PERMISSIONS = '0x00000000000000000000000000000000000000000000000000000000003f3f7f';
+export const ALL_PERMISSIONS = '0x00000000000000000000000000000000000000000000000000000000007f3f7f';
 
 export type LSP6PermissionName = keyof typeof PERMISSIONS;
 
@@ -283,28 +283,29 @@ export type LSP6PermissionName = keyof typeof PERMISSIONS;
  */
 // prettier-ignore
 export const PERMISSIONS = {
-  CHANGEOWNER: "0x0000000000000000000000000000000000000000000000000000000000000001",
-  ADDCONTROLLER: "0x0000000000000000000000000000000000000000000000000000000000000002",
-  EDITPERMISSIONS: "0x0000000000000000000000000000000000000000000000000000000000000004",
-  ADDEXTENSIONS: "0x0000000000000000000000000000000000000000000000000000000000000008",
-  CHANGEEXTENSIONS: "0x0000000000000000000000000000000000000000000000000000000000000010",
-  ADDUNIVERSALRECEIVERDELEGATE: "0x0000000000000000000000000000000000000000000000000000000000000020",
-  CHANGEUNIVERSALRECEIVERDELEGATE: "0x0000000000000000000000000000000000000000000000000000000000000040",
-  REENTRANCY: "0x0000000000000000000000000000000000000000000000000000000000000080",
-  SUPER_TRANSFERVALUE: "0x0000000000000000000000000000000000000000000000000000000000000100",
-  TRANSFERVALUE: "0x0000000000000000000000000000000000000000000000000000000000000200",
-  SUPER_CALL: "0x0000000000000000000000000000000000000000000000000000000000000400",
-  CALL: "0x0000000000000000000000000000000000000000000000000000000000000800",
-  SUPER_STATICCALL: "0x0000000000000000000000000000000000000000000000000000000000001000",
-  STATICCALL: "0x0000000000000000000000000000000000000000000000000000000000002000",
-  SUPER_DELEGATECALL: "0x0000000000000000000000000000000000000000000000000000000000004000",
-  DELEGATECALL: "0x0000000000000000000000000000000000000000000000000000000000008000",
-  DEPLOY: "0x0000000000000000000000000000000000000000000000000000000000010000",
-  SUPER_SETDATA: "0x0000000000000000000000000000000000000000000000000000000000020000",
-  SETDATA: "0x0000000000000000000000000000000000000000000000000000000000040000",
-  ENCRYPT: "0x0000000000000000000000000000000000000000000000000000000000080000",
-  DECRYPT: "0x0000000000000000000000000000000000000000000000000000000000100000",
-  SIGN: "0x0000000000000000000000000000000000000000000000000000000000200000",
+  CHANGEOWNER:                     '0x0000000000000000000000000000000000000000000000000000000000000001', // .... .... .... .... .... 0001
+  ADDCONTROLLER:                   '0x0000000000000000000000000000000000000000000000000000000000000002', // .... .... .... .... .... 0010
+  EDITPERMISSIONS:                 '0x0000000000000000000000000000000000000000000000000000000000000004', // .... .... .... .... .... 0100
+  ADDEXTENSIONS:                   '0x0000000000000000000000000000000000000000000000000000000000000008', // .... .... .... .... .... 1000
+  CHANGEEXTENSIONS:                '0x0000000000000000000000000000000000000000000000000000000000000010', // .... .... .... .... 0001 0000
+  ADDUNIVERSALRECEIVERDELEGATE:    '0x0000000000000000000000000000000000000000000000000000000000000020', // .... .... .... .... 0010 0000
+  CHANGEUNIVERSALRECEIVERDELEGATE: '0x0000000000000000000000000000000000000000000000000000000000000040', // .... .... .... .... 0100 0000
+  REENTRANCY:                      '0x0000000000000000000000000000000000000000000000000000000000000080', // .... .... .... .... 1000 0000
+  SUPER_TRANSFERVALUE:             '0x0000000000000000000000000000000000000000000000000000000000000100', // .... .... .... 0001 0000 0000
+  TRANSFERVALUE:                   '0x0000000000000000000000000000000000000000000000000000000000000200', // .... .... .... 0010 0000 0000
+  SUPER_CALL:                      '0x0000000000000000000000000000000000000000000000000000000000000400', // .... .... .... 0100 0000 0000
+  CALL:                            '0x0000000000000000000000000000000000000000000000000000000000000800', // .... .... .... 1000 0000 0000
+  SUPER_STATICCALL:                '0x0000000000000000000000000000000000000000000000000000000000001000', // .... .... 0001 0000 0000 0000
+  STATICCALL:                      '0x0000000000000000000000000000000000000000000000000000000000002000', // .... .... 0010 0000 0000 0000
+  SUPER_DELEGATECALL:              '0x0000000000000000000000000000000000000000000000000000000000004000', // .... .... 0100 0000 0000 0000
+  DELEGATECALL:                    '0x0000000000000000000000000000000000000000000000000000000000008000', // .... .... 1000 0000 0000 0000
+  DEPLOY:                          '0x0000000000000000000000000000000000000000000000000000000000010000', // .... 0001 0000 0000 0000 0000
+  SUPER_SETDATA:                   '0x0000000000000000000000000000000000000000000000000000000000020000', // .... 0010 0000 0000 0000 0000
+  SETDATA:                         '0x0000000000000000000000000000000000000000000000000000000000040000', // .... 0100 0000 0000 0000 0000
+  ENCRYPT:                         '0x0000000000000000000000000000000000000000000000000000000000080000', // .... 1000 0000 0000 0000 0000
+  DECRYPT:                         '0x0000000000000000000000000000000000000000000000000000000000100000', // 0001 0000 0000 0000 0000 0000
+  SIGN:                            '0x0000000000000000000000000000000000000000000000000000000000200000', // 0010 0000 0000 0000 0000 0000
+  EXECUTE_RELAY_CALL:              '0x0000000000000000000000000000000000000000000000000000000000400000', // 0100 0000 0000 0000 0000 0000
 }
 
 /**

contracts/LSP20CallVerification/ILSP20CallVerifier.sol

@@ -12,11 +12,13 @@ interface ILSP20CallVerifier {
      * the function is allowed, concatened with a byte that determines if the lsp20VerifyCallResult function should
      * be called after the original function call. The byte that invoke the lsp20VerifyCallResult function is strictly `0x01`.
      *
+     * @param callee The address of the contract that implements the `LSP20CallVerifier` interface
      * @param caller The address who called the function on the msg.sender
      * @param value The value sent by the caller to the function called on the msg.sender
      * @param receivedCalldata The receivedCalldata sent by the caller to the msg.sender
      */
     function lsp20VerifyCall(
+        address callee,
         address caller,
         uint256 value,
         bytes memory receivedCalldata

contracts/LSP20CallVerification/LSP20CallVerification.sol

@@ -33,6 +33,7 @@ abstract contract LSP20CallVerification {
         (bool success, bytes memory returnedData) = logicVerifier.call(
             abi.encodeWithSelector(
                 ILSP20.lsp20VerifyCall.selector,
+                address(this),
                 msg.sender,
                 msg.value,
                 msg.data
@@ -60,7 +61,14 @@ abstract contract LSP20CallVerification {
         (bool success, bytes memory returnedData) = logicVerifier.call(
             abi.encodeWithSelector(
                 ILSP20.lsp20VerifyCallResult.selector,
-                keccak256(abi.encodePacked(msg.sender, msg.value, msg.data)),
+                keccak256(
+                    abi.encodePacked(
+                        address(this),
+                        msg.sender,
+                        msg.value,
+                        msg.data
+                    )
+                ),
                 callResult
             )
         );

contracts/LSP20CallVerification/LSP20Constants.sol

@@ -4,14 +4,14 @@ pragma solidity ^0.8.4;
 // bytes4(keccak256("LSP20CallVerification"))
 bytes4 constant _INTERFACEID_LSP20_CALL_VERIFICATION = 0x1a0eb6a5;
 
-// `lsp20VerifyCall(address,uint256,bytes)` selector XOR `lsp20VerifyCallResult(bytes32,bytes)` selector
-bytes4 constant _INTERFACEID_LSP20_CALL_VERIFIER = 0x480c0ec2;
+// `lsp20VerifyCall(address,address,uint256,bytes)` selector XOR `lsp20VerifyCallResult(bytes32,bytes)` selector
+bytes4 constant _INTERFACEID_LSP20_CALL_VERIFIER = 0xc9dfc532;
 
 // bytes4(bytes.concat(bytes3(ILSP20.lsp20VerifyCall.selector), hex"01"))
-bytes4 constant _LSP20_VERIFY_CALL_MAGIC_VALUE_WITH_POST_VERIFICATION = 0x9bf04b01;
+bytes4 constant _LSP20_VERIFY_CALL_MAGIC_VALUE_WITH_POST_VERIFICATION = 0x1a238001;
 
 // bytes4(bytes.concat(bytes3(ILSP20.lsp20VerifyCall.selector), hex"00"))
-bytes4 constant _LSP20_VERIFY_CALL_MAGIC_VALUE_WITHOUT_POST_VERIFICATION = 0x9bf04b00;
+bytes4 constant _LSP20_VERIFY_CALL_MAGIC_VALUE_WITHOUT_POST_VERIFICATION = 0x1a238000;
 
 // bytes4(ILSP20.lsp20VerifyCallResult.selector)
 bytes4 constant _LSP20_VERIFY_CALL_RESULT_MAGIC_VALUE = 0xd3fc45d3;

contracts/LSP6KeyManager/LSP6Constants.sol

@@ -2,7 +2,7 @@
 pragma solidity ^0.8.4;
 
 // --- ERC165 interface ids
-bytes4 constant _INTERFACEID_LSP6 = 0x66918867;
+bytes4 constant _INTERFACEID_LSP6 = 0xe7424397;
 
 // --- ERC725Y Data Keys
 
@@ -52,9 +52,10 @@ bytes32 constant _PERMISSION_SETDATA                         = 0x000000000000000
 bytes32 constant _PERMISSION_ENCRYPT                         = 0x0000000000000000000000000000000000000000000000000000000000080000;
 bytes32 constant _PERMISSION_DECRYPT                         = 0x0000000000000000000000000000000000000000000000000000000000100000;
 bytes32 constant _PERMISSION_SIGN                            = 0x0000000000000000000000000000000000000000000000000000000000200000;
+bytes32 constant _PERMISSION_EXECUTE_RELAY_CALL              = 0x0000000000000000000000000000000000000000000000000000000000400000;
 
 // All Permissions currently exclude REENTRANCY, DELEGATECALL and SUPER_DELEGATECALL for security
-bytes32 constant ALL_REGULAR_PERMISSIONS = 0x00000000000000000000000000000000000000000000000000000000003f3f7f;
+bytes32 constant ALL_REGULAR_PERMISSIONS = 0x00000000000000000000000000000000000000000000000000000000007f3f7f;
 
 // AllowedCalls types
 bytes4 constant _ALLOWEDCALLS_TRANSFERVALUE   = 0x00000001; // 0000 0001

contracts/LSP6KeyManager/LSP6KeyManager.sol

@@ -21,6 +21,6 @@ contract LSP6KeyManager is LSP6KeyManagerCore {
     constructor(address target_) {
         if (target_ == address(0)) revert InvalidLSP6Target();
         _target = target_;
-        _setupLSP6ReentrancyGuard();
+        _setupLSP6ReentrancyGuard(target_);
     }
 }

contracts/LSP6KeyManager/LSP6KeyManagerCore.sol

@@ -23,6 +23,9 @@ import {ERC725Y} from "@erc725/smart-contracts/contracts/ERC725Y.sol";
 import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
 import {LSP6SetDataModule} from "./LSP6Modules/LSP6SetDataModule.sol";
 import {LSP6ExecuteModule} from "./LSP6Modules/LSP6ExecuteModule.sol";
+import {
+    LSP6ExecuteRelayCallModule
+} from "./LSP6Modules/LSP6ExecuteRelayCallModule.sol";
 import {LSP6OwnershipModule} from "./LSP6Modules/LSP6OwnershipModule.sol";
 import {
     LSP25MultiChannelNonce
@@ -83,6 +86,7 @@ abstract contract LSP6KeyManagerCore is
     ILSP25,
     LSP6SetDataModule,
     LSP6ExecuteModule,
+    LSP6ExecuteRelayCallModule,
     LSP6OwnershipModule,
     LSP25MultiChannelNonce
 {
@@ -94,9 +98,9 @@ abstract contract LSP6KeyManagerCore is
 
     // Variables, methods and modifier used for ReentrancyGuard are taken from the link below and modified accordingly.
     // https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v4.8/contracts/security/ReentrancyGuard.sol
-    uint8 internal _reentrancyStatus;
-    uint8 internal constant _NOT_ENTERED = 1;
-    uint8 internal constant _ENTERED = 2;
+    mapping(address => uint256) internal _reentrancyStatus;
+    uint256 internal constant _NOT_ENTERED = 1;
+    uint256 internal constant _ENTERED = 2;
 
     /**
      * @inheritdoc ILSP6
@@ -315,28 +319,27 @@ abstract contract LSP6KeyManagerCore is
      * on the {`target`} contract (while sending `msgValue` alongside the call).
      *
      * If the permissions have been verified successfully and `caller` is authorized, one of the following two LSP20 magic value will be returned:
-     *  - `0x9bf04b00`: LSP20 magic value **without** post verification (last byte is `0x00`).
-     *  - `0x9bf04b01`: LSP20 magic value **with** post-verification (last byte is `0x01`).
+     *  - `0x1a238000`: LSP20 magic value **without** post verification (last byte is `0x00`).
+     *  - `0x1a238001`: LSP20 magic value **with** post-verification (last byte is `0x01`).
      */
     function lsp20VerifyCall(
+        address targetContract,
         address caller,
         uint256 msgValue,
         bytes calldata data
     ) external virtual returns (bytes4) {
         bool isSetData = bytes4(data) == IERC725Y.setData.selector ||
             bytes4(data) == IERC725Y.setDataBatch.selector;
 
-        address targetContract = _target;
-
         // If target is invoking the verification, emit the event and change the reentrancy guard
         if (msg.sender == targetContract) {
-            uint8 reentrancyStatus = _nonReentrantBefore(
+            uint256 reentrancyStatus = _nonReentrantBefore(
                 targetContract,
                 isSetData,
                 caller
             );
 
-            _verifyPermissions(targetContract, caller, msgValue, data);
+            _verifyPermissions(targetContract, caller, msgValue, false, data);
             emit PermissionsVerified(caller, msgValue, bytes4(data));
 
             // if it's a setData call, do not invoke the `lsp20VerifyCallResult(..)` function
@@ -348,7 +351,7 @@ abstract contract LSP6KeyManagerCore is
         /// @dev If a different address is invoking the verification,
         /// do not change the state or emit the event to allow read-only verification
         else {
-            uint8 reentrancyStatus = _reentrancyStatus;
+            uint256 reentrancyStatus = _reentrancyStatus[targetContract];
 
             if (reentrancyStatus == _ENTERED) {
                 _requirePermissions(
@@ -358,7 +361,7 @@ abstract contract LSP6KeyManagerCore is
                 );
             }
 
-            _verifyPermissions(targetContract, caller, msgValue, data);
+            _verifyPermissions(targetContract, caller, msgValue, false, data);
 
             // if it's a setData call, do not invoke the `lsp20VerifyCallResult(..)` function
             return
@@ -378,7 +381,7 @@ abstract contract LSP6KeyManagerCore is
         // If it's the target calling, set back the reentrancy guard
         // to false, if not return the magic value
         if (msg.sender == _target) {
-            _nonReentrantAfter();
+            _nonReentrantAfter(msg.sender);
         }
         return _LSP20_VERIFY_CALL_RESULT_MAGIC_VALUE;
     }
@@ -396,13 +399,20 @@ abstract contract LSP6KeyManagerCore is
 
         address targetContract = _target;
 
-        uint8 reentrancyStatus = _nonReentrantBefore(
+        uint256 reentrancyStatus = _nonReentrantBefore(
             targetContract,
             isSetData,
             msg.sender
         );
 
-        _verifyPermissions(targetContract, msg.sender, msgValue, payload);
+        _verifyPermissions(
+            targetContract,
+            msg.sender,
+            msgValue,
+            false,
+            payload
+        );
+
         emit PermissionsVerified(msg.sender, msgValue, bytes4(payload));
 
         bytes memory result = _executePayload(
@@ -412,7 +422,7 @@ abstract contract LSP6KeyManagerCore is
         );
 
         if (reentrancyStatus == _NOT_ENTERED && !isSetData) {
-            _nonReentrantAfter();
+            _nonReentrantAfter(targetContract);
         }
 
         return result;
@@ -466,13 +476,13 @@ abstract contract LSP6KeyManagerCore is
         bool isSetData = bytes4(payload) == IERC725Y.setData.selector ||
             bytes4(payload) == IERC725Y.setDataBatch.selector;
 
-        uint8 reentrancyStatus = _nonReentrantBefore(
+        uint256 reentrancyStatus = _nonReentrantBefore(
             targetContract,
             isSetData,
             signer
         );
 
-        _verifyPermissions(targetContract, signer, msgValue, payload);
+        _verifyPermissions(targetContract, signer, msgValue, true, payload);
         emit PermissionsVerified(signer, msgValue, bytes4(payload));
 
         bytes memory result = _executePayload(
@@ -482,7 +492,7 @@ abstract contract LSP6KeyManagerCore is
         );
 
         if (reentrancyStatus == _NOT_ENTERED && !isSetData) {
-            _nonReentrantAfter();
+            _nonReentrantAfter(targetContract);
         }
 
         return result;
@@ -520,11 +530,19 @@ abstract contract LSP6KeyManagerCore is
         address targetContract,
         address from,
         uint256 msgValue,
+        bool isRelayedCall,
         bytes calldata payload
     ) internal view virtual {
         bytes32 permissions = ERC725Y(targetContract).getPermissionsFor(from);
         if (permissions == bytes32(0)) revert NoPermissionsSet(from);
 
+        if (isRelayedCall) {
+            LSP6ExecuteRelayCallModule._verifyExecuteRelayCallPermission(
+                from,
+                permissions
+            );
+        }
+
         bytes4 erc725Function = bytes4(payload);
 
         // ERC725Y.setData(bytes32,bytes)
@@ -589,8 +607,10 @@ abstract contract LSP6KeyManagerCore is
     /**
      * @dev Initialise _reentrancyStatus to _NOT_ENTERED.
      */
-    function _setupLSP6ReentrancyGuard() internal virtual {
-        _reentrancyStatus = 1;
+    function _setupLSP6ReentrancyGuard(
+        address targetContract
+    ) internal virtual {
+        _reentrancyStatus[targetContract] = 1;
     }
 
     /**
@@ -602,8 +622,8 @@ abstract contract LSP6KeyManagerCore is
         address targetContract,
         bool isSetData,
         address from
-    ) internal virtual returns (uint8 reentrancyStatus) {
-        reentrancyStatus = _reentrancyStatus;
+    ) internal virtual returns (uint256 reentrancyStatus) {
+        reentrancyStatus = _reentrancyStatus[targetContract];
         if (reentrancyStatus == _ENTERED) {
             // CHECK the caller has REENTRANCY permission
             _requirePermissions(
@@ -613,7 +633,7 @@ abstract contract LSP6KeyManagerCore is
             );
         } else {
             if (!isSetData) {
-                _reentrancyStatus = _ENTERED;
+                _reentrancyStatus[targetContract] = _ENTERED;
             }
         }
     }
@@ -622,10 +642,10 @@ abstract contract LSP6KeyManagerCore is
      * @dev Resets the status to `_NOT_ENTERED`
      * Used in the end of the `nonReentrant` modifier after the method execution is terminated
      */
-    function _nonReentrantAfter() internal virtual {
+    function _nonReentrantAfter(address targetContract) internal virtual {
         // By storing the original value once again, a refund is triggered (see
         // https://eips.ethereum.org/EIPS/eip-2200)
-        _reentrancyStatus = _NOT_ENTERED;
+        _reentrancyStatus[targetContract] = _NOT_ENTERED;
     }
 
     /**