Ethereum smart contracts for Authereum
Check out the Authereum contracts bug bounty program here!
The Authereum contracts are necessary pieces of the Authereum ecosystem. Users of the Authereum accounts own a proxy contract that points to an upgradeable logic contract. The contracts are organized in the following directories:
- account - The Authereum Account logic contract. All users on the Authereum platform will own a proxy contract that points to these contracts. This is upgradeable. Each users' state will live in their proxy contract but will interact with this contract.
- upgradeability - Upgradeability logic for Authereum accounts. Each user that joins Authereum creates a proxy (AuthereumProxy) through the Authereum proxy factory (AuthereumProxyFactory).
- admin - Administrative contracts to be used by Authereum creators.
- base - Base contracts used throughout the system.
- ens - Custom ENS contracts. Used to give Authereum users their own *.auth.eth subdomains. The Authereum ENS Resolver is upgradeable.
- firewall - Contracts that can be used as a firewall to protect user's accounts.
- modules - Independent contracts that are added as Auth Keys to Authereum accounts for extended functionality.
- interfaces - Interfaces used throughout the system.
- libs - Libraries used throughout the system.
- test - Contracts used during tests. None of these contracts are ever deployed as part of the system.
- utils - Utils used throughout the system.
When a user signs up for an account on authereum.com, a proxy contract (upgradeability/AuthereumProxy.sol
) is created for them through the Authereum proxy factory (upgradeability/AuthereumProxyFactory.sol
). The creation of the proxy simply points the proxy to the latest Authereum account logic (implementation) address, initializes the proxy for that logic address, and gives the proxy and ENS subdomain (*.auth.eth).
Each proxy is fully owned by the user who created it, and Authereum has no custody or control over it at all.
The proxies are upgradeable with the proxy-delegate pattern, which simply means they can point to a new logic address and initialize themselves at that address. The user controls the upgrade and they are the only ones that can perform the upgrade.
The system is designed to be transacted with by meta transactions. Authereum users will sign messages that are sent to relayers who will broadcast the transactions.
There are two types of keys that interact with the contracts: auth keys and login keys. Auth keys have the most power and can perform administrative actions such as adding/removing auth keys and upgrading the account. Login keys are more restricted and can only send transactions.
A core component of the system is the signing of keys. Auth keys and login keys sign messages off-chain, and these messages and their signatures are passed into the contracts so that the signer can recovered and verified on-chain. There are two types of signatures checked:
- For an auth key transaction, the transaction message data is signed by the auth key, and the signed data and the signature are passed into the contract transaction. These two items are used to verify that the auth key signed the message.
- For a login key transaction, two signatures are required. One signature is identical to the one mentioned above, except it is signed by the login key instead of the auth key. The second piece of the login key transaction is a signature of the login key (and some data) signed by the auth key. This can be thought of as
authKey.sign(loginKey, data)
. Both pieces of data and both signatures are sent to the transaction. The login key and auth key are recovered on-chain, and the contract verifies that these addresses are correct.
More information can be found here.
The account
directory contains the logic contract for an Authereum Account. It is a single contract with AuthereumAccount.sol
being the bottom-most contract on an inheritance tree. A user's proxy will point to this deployed contract and will use it for its logic.
This contract is upgradeable. Because of this, it is designed in such a way as to avoid overwriting any state variables. accounts/state/
, accounts/initializer/
, and accounts/event/
have been separated out into subdirectories that each have the contract's state, initializers, and events, respectively. Any upgrades to the contract will create a new version (e.g. AccountStateV2.sol) that gets inherited, in order, as to completely avoid overwriting any state. The initializer functions are meant to be called when upgrading a contract and are protected from being called multiple times with the lastInitializedVersion
state variable. Technically the contract events are able to be upgraded/overwritten without causing problems, but we put them in their own directory and will treat them similar to state upgrades. This is for cleanliness of code and so that the initializers can emit events.
In normal circumstances, transactions are meant to be sent by a relayer to one of two functions: executeMultipleAuthKeyMetaTransactions()
and executeMultipleLoginKeyMetaTransactions()
. See Top Level Design Decisions for more information about the different keys. These transactions perform the following functions:
- perform an atomic transaction with itself
- verify that the signers of the data are the expected addresses (login key and auth key)
- execute each of the batched transactions sent in the transactions
- refund the relayer with ETH or tokens (if necessary - certain auth key transactions are not required to do this)
The following section will break down each point above.
Atomic Transactions - The Authereum contracts perform atomic transactions within their own transaction. In the context of an Authereum transaction, this means that transactions sent to an Authereum contract perform a call
back to itself. The reason for this is to be able to revert within a transaction without reverting the entire transaction. This allows for the unwinding of state if a transaction fails while still allowing a relayer to be refunded.
Verify Signatures - See Top Level Design Decisions for more information about the signing. In short, signatures are created off-chain that are verified on-chain. This was done for efficiency and to minimize the number of on-chain transactions.
Execute Transactions - Authereum users can send batched transactions. These are multiple transactions that are all batched into one, single on-chain transaction. See here for more information. The Authereum contracts loop through each passed-in transaction and executes them with a call
.
Refunds - Most Authereum transactions should be sent by a relayer. Because of this, Authereum transactions refund the relayer who broadcasts the transaction at the conclusion of their transaction based on the amount of gas that was used. Refunds can be paid in ETH or tokens. It is expected that the relayer will not broadcast transactions that will be detrimental to themselves. The feeTokenRate
is passed in by the user and is used to calculate the number of tokens that are paid to the relayer in a refund. It is expected that a relayer will not send a transaction with a token rate that they do not agree with.
There is a gasOverhead
parameter that is passed into these functions as well. The value of this parameter is meant to be calculated off-chain and passed into the transaction. It represents the gas overhead that is not taken into account when calculating a refund. This may include the gas cost of the calldata
, as well as any additional logic that is not captured by the gas calculations.
Upgradeability logic lives within this contract as well. In order to perform an upgrade, a user must send a transaction to executeMultipleAuthKeyMetaTransactions()
that, in turn, calls its own upgradeToAndCall()
function.
Finally, 721 and 1125 hooks are used in order to receive those types of tokens in the Authereum contracts.
Authereum's contracts are upgradeable. Each Authereum user owns a proxy (AuthereumProxy.sol
) that points to their desired logic contract. This contract's sole function is to provide a fallback function that delegates calls to the proxy's logic contract. All Authereum user transactions go through this fallback.
Each proxy is created by the Authereum proxy factory (AuthereumProxyFactory.sol
). The Authereum proxy factory creates an account when createProxy()
is called. This function creates a proxy with create2
, initializes it, and registers a subdomain for the proxy. When a user creates an account on a later version of the Authereum contracts, they will have to iterate through each previous version's initializer. Because of this, the createProxy()
function loops through each piece of the initialize data.
The AuthereumEnsResolverProxy.sol
is nearly identical to the AuthereumProxy.sol
contract and is used for upgrading the Authereum ENS Resolver Proxy.
The Authereum contracts support "module" contracts that can be used to introduce additional functionality to an Authereum account. A module contract is added to an Authereum account by adding its address as an Auth Key. Because modules may contain critical functionality (e.g. the RecoveryModule), Login Keys should not be able to interact with modules. To prevent this, a check in LoginKeyMetaTxAccount.sol
will revert the transaction if a Login Key's transaction's destination is an Auth Key, which may be a module. In addition, when designing modules, care should be taken to ensure Login Key's cannot interact with a module before it's added to an account as an Auth Key. Both the RecoverModule and DelegateKeyModule prevent this with the onlyWhenRegisteredModule
modifier.
- A user can break their upgradeability on the Authereum system by upgrading their account to a logic address outside of the Authereum ecosystem.
- It is expected that a relayer will not broadcast a transaction that contains any data that would be detrimental to themselves. This includes:
- Transactions that will revert (because of gas, bad data, or improperly signed data)
- Transactions that contain a
feeTokenRate
that the relayer does not accept as a true rate
- The DelegateKeyModule does not enforce that the length of
_lockedParameters
and_lockedParameterValues
are equal to the actual number of parameters taken by the function being registered. In addition, dynamically-sized parameters cannot be locked but this is not enforced on-chain. When registering a Delegate Key, care should be taken to ensure that_lockedParameters
and_lockedParameterValues
equal the number of parameters in the function being registered and that none of the parameters being locked are dynamically-sized.
- An attacker cannot spend the account contract's funds, freeze the funds, or participate in account management.
- Transactions from the account contract can only be authorized by an Auth Key or Login Key either directly or through a meta transaction.
- Login Keys cannot participate in account management including adding and removing auth keys and upgrading the account. Anything marked as
onlySelf
oronlyAuthKeySenderOrSelf
should not be accessible by a Login Key. - Login Keys should not be able to interact with the RecoveryModule or the DelegateKeyModule in a meaningful way. Modules should prevent certain interactions when the module is not registered to the account contract and the account contract should not let Login Keys invoke functionality on Auth Keys which includes any modules registered to the account contract.
- Login Keys should only be able to interact with Auth Keys and with self in a limited capacity. Transactions from Login Keys to either an Auth Key or to self should be bounded by both data and gas values.
- Login Keys can bypass restrictions by setting the
validationContract
toaddress(0)
. It is expected that relayers who process transactions validate these restrictions off-chain, if desired.
Environment variables:
NETWORK_NAME=kovan
ETH_HTTP_PROVIDER_URI='https://kovan.rpc.authereum.com'
SENDER_ADDRESS=0x...
SENDER_PRIVATE_KEY=0x...
LOGIC_ADDRESS=0x...
You may also set the config by invoking the setConfig(config)
static method.
All the versioning in the Authereum system will use Unix timestamps. A dictionary will be kept that maps version numbers to human-readable names.
Advantage of Unix Timestamp:
- Consistent versioning
- Easy file/variable naming
- Infinitely scalable
Design Decisions:
- Semantic versioning is hard to do on file names and variables
- Sequential may cause issues down the road (ie renaming files/contracts to have more left padding)
Note: this requires a ganache-cli
version with the muirGlacier compiler. Please use [email protected]
or greater.
# In terminal 1
npm run ganache
# In terminal 2
npm run test
This update introduces a number of new features and cleans up existing code. It was audited by G0 Group.
General
- Update contract to Solidity 0.5.17
- Normalize
loginKeyRestrictionData
tologinKeyRestrictionsData
- Fix spelling issues
- Remove 0 fee payments (don't transfer 0 tokens/ETH)
- Remove refund check (now done by relayer)
- Change all instances of
authereum.eth
toauth.eth
- Update to Truffle
istanbul
compiler - Remove unnecessary return of the message hash from
_atomicExecuteMultipleMetaTransactions
- Add ERC777 support
- Allow for limited sending of transactions from a login key to an auth key or self
- Disallow auth keys from being
self
- Remove unused
onlyAuthKeySender
modifier - Add pre- and post-hooks to login key transactions
- Add
name
variable to contracts - Convert
authereumVersion
toversion
- Add
implementation()
- Add
implementation()
andupgradeToAndCall()
toIAuthereumAccount.sol
- Add
executeMultipleTransactions()
function and scope it to auth keys - Update
executeMultipleMetaTransactions()
function scope to self - Update ERC1271 logic to reflect newly finalized specification
- Add initialization v2 contract that registers the contract with the 1820 registry
Tests
- Add tests
This update adds the ability to pay for contract deployments:
General
- Add logic to allow users to pay for deployments of their contracts
This update is in response to samczsun's disclosure:
Bugfixes
- Validate both auth key and login key tx prior to execution
This update is in response to our Quantstamp audit.
General
- Require that initialization data has a length of > 0. Prior to this version, it simply did nothing if the length was 0.
- Fix typos
Bugfixes
- Return the appropriate data from
executeMultipleMetaTransactions()
Bugfixes
- Fee token rate calculation
General
- Major refactor
- Introduce fee toke
General
- Architecture upgrade
- Introduce
_feeTokenAddress
and_feeTokenRate
Bugfixes
- General bug fixes
General
- Original contract
General
- Update contract to Solidity 0.5.17
- Add
name
- Add
version
- Pass
initCode
directly into the constructor - Hash
initData
in thecreate2
salt to validate auth key - Update
salt
naming convention to be more explicit - Pass
_implementation
into thecreateProxy()
function - Add
_implementation
to the salt hash
General
- Add
initCode
setter and change event - Add
authereumEnsManager
setter and change event
General
- Original contract
General
- Update contract to Solidity 0.5.17
- Add
name
- Add
version
- Update internal variable from
name
to_name
General
- Add ability to change rootnode text
- Add ability to change rootnode contenthash
General
- Original contract
General
- Update contract to Solidity 0.5.17
- Add
version
General
- Update contract to Solidity 0.5.12
- Add
text
andcontenthash
to interface - Add
text
andcontenthash
as setter and getter
General
- Original contract
General
- Original contract
General
- Original contract
General
- Original contract