feat: add ExecutionBoundEnforcer — exact execution commitment at redemption

Author: terriclaw

script/DeployCaveatEnforcers.s.sol

@@ -23,6 +23,7 @@ import { ExactCalldataBatchEnforcer } from "../src/enforcers/ExactCalldataBatchE
 import { ExactCalldataEnforcer } from "../src/enforcers/ExactCalldataEnforcer.sol";
 import { ExactExecutionBatchEnforcer } from "../src/enforcers/ExactExecutionBatchEnforcer.sol";
 import { ExactExecutionEnforcer } from "../src/enforcers/ExactExecutionEnforcer.sol";
+import { ExecutionBoundEnforcer } from "../src/enforcers/ExecutionBoundEnforcer.sol";
 import { IdEnforcer } from "../src/enforcers/IdEnforcer.sol";
 import { LimitedCallsEnforcer } from "../src/enforcers/LimitedCallsEnforcer.sol";
 import { LogicalOrWrapperEnforcer } from "../src/enforcers/LogicalOrWrapperEnforcer.sol";
@@ -122,6 +123,9 @@ contract DeployCaveatEnforcers is Script {
         deployedAddress = address(new ExactExecutionEnforcer{ salt: salt }());
         console2.log("ExactExecutionEnforcer: %s", deployedAddress);
 
+        deployedAddress = address(new ExecutionBoundEnforcer{ salt: salt }());
+        console2.log("ExecutionBoundEnforcer: %s", deployedAddress);
+
         deployedAddress = address(new IdEnforcer{ salt: salt }());
         console2.log("IdEnforcer: %s", deployedAddress);
 

src/enforcers/ExecutionBoundEnforcer.sol

@@ -0,0 +1,178 @@
+// SPDX-License-Identifier: MIT AND Apache-2.0
+pragma solidity 0.8.23;
+
+import { ExecutionLib } from "@erc7579/lib/ExecutionLib.sol";
+import { ModeLib } from "@erc7579/lib/ModeLib.sol";
+import { SignatureChecker } from "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol";
+import { MessageHashUtils } from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";
+
+import { CaveatEnforcer } from "./CaveatEnforcer.sol";
+import { ModeCode } from "../utils/Types.sol";
+
+/**
+ * @title ExecutionBoundEnforcer
+ * @notice Enforces that the actual execution at redemption exactly matches a pre-signed ExecutionIntent.
+ * @dev Unlike ExactExecutionEnforcer (which encodes the expected execution statically in terms at
+ *      delegation time), this enforcer binds execution dynamically at redemption time via a second
+ *      EIP-712 signature.
+ *
+ *      The delegator signs the delegation (who may redeem).
+ *      The signer signs the ExecutionIntent (what must be executed).
+ *      These may be different keys, enabling session keys, agents, and co-signers.
+ *
+ *      terms: unused. Pass empty bytes.
+ *      args:  abi.encode(ExecutionIntent intent, address signer, bytes signature)
+ *
+ *      The nonce is scoped by (account, signer) and consumed only after successful signature
+ *      verification, preventing griefing via invalid signature nonce consumption.
+ *
+ * @dev This enforcer operates only in single execution call type and with default execution mode.
+ */
+contract ExecutionBoundEnforcer is CaveatEnforcer {
+    using ExecutionLib for bytes;
+    using ModeLib for ModeCode;
+
+    ////////////////////////////// Structs //////////////////////////////
+
+    struct ExecutionIntent {
+        address account;
+        address target;
+        uint256 value;
+        bytes32 dataHash;
+        uint256 nonce;
+        uint256 deadline;
+    }
+
+    ////////////////////////////// State //////////////////////////////
+
+    bytes32 private constant DOMAIN_TYPEHASH =
+        keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
+
+    bytes32 private constant EXECUTION_INTENT_TYPEHASH = keccak256(
+        "ExecutionIntent(address account,address target,uint256 value,bytes32 dataHash,uint256 nonce,uint256 deadline)"
+    );
+
+    bytes32 public immutable domainSeparator;
+
+    mapping(address account => mapping(address signer => mapping(uint256 nonce => bool))) public usedNonces;
+
+    ////////////////////////////// Events //////////////////////////////
+
+    event NonceConsumed(address indexed account, address indexed signer, uint256 nonce);
+
+    ////////////////////////////// Errors //////////////////////////////
+
+    error AccountMismatch(address intentAccount, address delegator);
+    error TargetMismatch(address intentTarget, address executionTarget);
+    error ValueMismatch(uint256 intentValue, uint256 executionValue);
+    error DataHashMismatch(bytes32 intentDataHash, bytes32 executionDataHash);
+    error IntentExpired(uint256 deadline, uint256 blockTimestamp);
+    error NonceAlreadyUsed(address account, address signer, uint256 nonce);
+    error InvalidSignature();
+
+    ////////////////////////////// Constructor //////////////////////////////
+
+    constructor() {
+        domainSeparator = keccak256(
+            abi.encode(
+                DOMAIN_TYPEHASH,
+                keccak256("ExecutionBoundEnforcer"),
+                keccak256("1"),
+                block.chainid,
+                address(this)
+            )
+        );
+    }
+
+    ////////////////////////////// Public Methods //////////////////////////////
+
+    /**
+     * @notice Enforces that the actual execution exactly matches the signed ExecutionIntent.
+     * @param _args              abi.encode(ExecutionIntent intent, address signer, bytes signature)
+     * @param _mode              Must be single callType, default execType.
+     * @param _executionCallData The actual execution calldata to be validated.
+     * @param _delegator         The delegating smart account. Must match intent.account.
+     */
+    function beforeHook(
+        bytes calldata,
+        bytes calldata _args,
+        ModeCode _mode,
+        bytes calldata _executionCallData,
+        bytes32,
+        address _delegator,
+        address
+    )
+        public
+        override
+        onlySingleCallTypeMode(_mode)
+        onlyDefaultExecutionMode(_mode)
+    {
+
+        (ExecutionIntent memory intent, address signer, bytes memory signature) =
+            abi.decode(_args, (ExecutionIntent, address, bytes));
+
+        (address target_, uint256 value_, bytes calldata callData_) = _executionCallData.decodeSingle();
+
+        if (intent.account != _delegator) revert AccountMismatch(intent.account, _delegator);
+        if (intent.target != target_) revert TargetMismatch(intent.target, target_);
+        if (intent.value != value_) revert ValueMismatch(intent.value, value_);
+
+        bytes32 executionDataHash_ = keccak256(callData_);
+        if (intent.dataHash != executionDataHash_) revert DataHashMismatch(intent.dataHash, executionDataHash_);
+
+        if (intent.deadline != 0 && block.timestamp > intent.deadline) {
+            revert IntentExpired(intent.deadline, block.timestamp);
+        }
+
+        if (usedNonces[intent.account][signer][intent.nonce]) {
+            revert NonceAlreadyUsed(intent.account, signer, intent.nonce);
+        }
+
+        bytes32 digest_ = MessageHashUtils.toTypedDataHash(domainSeparator, _hashIntent(intent));
+        if (!SignatureChecker.isValidSignatureNow(signer, digest_, signature)) revert InvalidSignature();
+
+        usedNonces[intent.account][signer][intent.nonce] = true;
+        emit NonceConsumed(intent.account, signer, intent.nonce);
+    }
+
+    /**
+     * @notice Decodes the args used in this enforcer.
+     */
+    function getArgsInfo(bytes calldata _args)
+        public
+        pure
+        returns (ExecutionIntent memory intent_, address signer_, bytes memory signature_)
+    {
+        (intent_, signer_, signature_) = abi.decode(_args, (ExecutionIntent, address, bytes));
+    }
+
+    /**
+     * @notice Computes the EIP-712 digest for a given intent.
+     */
+    function intentDigest(ExecutionIntent calldata _intent) external view returns (bytes32) {
+        return MessageHashUtils.toTypedDataHash(domainSeparator, _hashIntent(_intent));
+    }
+
+    /**
+     * @notice Returns whether a nonce has been consumed.
+     */
+    function isNonceUsed(address _account, address _signer, uint256 _nonce) external view returns (bool) {
+        return usedNonces[_account][_signer][_nonce];
+    }
+
+    ////////////////////////////// Internal Methods //////////////////////////////
+
+    function _hashIntent(ExecutionIntent memory _intent) internal pure returns (bytes32) {
+        return keccak256(
+            abi.encode(
+                EXECUTION_INTENT_TYPEHASH,
+                _intent.account,
+                _intent.target,
+                _intent.value,
+                _intent.dataHash,
+                _intent.nonce,
+                _intent.deadline
+            )
+        );
+    }
+}