Added Sample 4337 Module

contracts/SafeProtocolManager.sol

@@ -26,7 +26,7 @@
      * @notice Mapping of a mapping what stores information about plugins that are enabled per account.
      *         address (module address) => address (account address) => EnabledPluginInfo
      */
-    mapping(address => mapping(address => PluginAccessInfo)) public enabledPlugins;
+    mapping(address => mapping(address => PluginAccessInfo)) internal enabledPlugins;
     struct PluginAccessInfo {
         uint8 permissions;
         address nextPluginPointer;
@@ -464,4 +464,13 @@
             revert MissingPluginPermission(msg.sender, requiresPermissions, permission, givenPermissions);
         }
     }
+
+    function transferPrefund(
+        address account,
+        address payable entrypoint,
+        uint256 missingAccountFunds
+    ) external override {
+        require(functionHandlers[hex"3a871cdd"][account] == msg.sender);
+        IAccount(account).execTransactionFromModule(entrypoint, missingAccountFunds, "", 0);
+    }
 }

contracts/base/FunctionHandlerManager.sol

@@ -16,7 +16,7 @@ abstract contract FunctionHandlerManager is RegistryManager {
     // Storage
     /** @dev Mapping that stores information about an account, function selector, and address of the account.
      */
-    mapping(bytes4 => mapping(address => address)) public functionHandlers;
+    mapping(bytes4 => mapping(address => address)) internal functionHandlers;
 
     // Events
     event FunctionHandlerChanged(address indexed account, bytes4 indexed selector, address indexed functionHandler);

contracts/base/HooksManager.sol

@@ -7,7 +7,7 @@ import {OnlyAccountCallable} from "./OnlyAccountCallable.sol";
 import {MODULE_TYPE_HOOKS} from "../common/Constants.sol";
 
 abstract contract HooksManager is RegistryManager {
-    mapping(address => address) public enabledHooks;
+    mapping(address => address) internal enabledHooks;
 
     struct TempHooksInfo {
         address hooksAddress;

contracts/interfaces/Manager.sol

@@ -29,6 +29,8 @@ interface ISafeProtocolManager {
      *         in case of succcessful execution. Empty if the call failed.
      */
     function executeRootAccess(address account, SafeRootAccess calldata rootAccess) external returns (bytes memory data);
+
+    function transferPrefund(address account, address payable entrypoint, uint256 missingAccountFunds) external;
 }
 
 interface ISafeProtocolSignatureValidatorManager {

contracts/modules/erc4337/SafeProtocol4337Module.sol

@@ -0,0 +1,132 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity ^0.8.18;
+
+import {SafeProtocolAction, SafeTransaction} from "../../DataTypes.sol";
+import {PLUGIN_PERMISSION_EXECUTE_CALL} from "../../common/Constants.sol";
+import {IAccount} from "../../interfaces/Accounts.sol";
+import {ISafeProtocolManager} from "../../interfaces/Manager.sol";
+import {IERC165, ISafeProtocolFunctionHandler, ISafeProtocolPlugin} from "../../interfaces/Modules.sol";
+import {UserOperation} from "./interfaces/IERC4337.sol";
+import {ISafeProtocol4337Handler} from "./interfaces/ISafeProtocol4337Handler.sol";
+
+contract SafeProtocol4337Module is ISafeProtocolFunctionHandler, ISafeProtocolPlugin {
+    uint256 private constant VALIDATION_SIG_SUCCESS = 0;
+    uint256 private constant VALIDATION_SIG_FAILURE = 0;
+
+    address payable public immutable entrypoint;
+
+    constructor(address payable _entrypoint) {
+        require(_entrypoint != address(0), "invalid entrypoint address");
+        entrypoint = _entrypoint;
+    }
+
+    /**
+     * @inheritdoc IERC165
+     */
+    function supportsInterface(bytes4 interfaceId) external pure override returns (bool) {
+        return
+            interfaceId == type(IERC165).interfaceId ||
+            interfaceId == type(ISafeProtocolFunctionHandler).interfaceId ||
+            interfaceId == type(ISafeProtocolPlugin).interfaceId;
+    }
+
+    /**
+     * @inheritdoc ISafeProtocolFunctionHandler
+     */
+    function handle(address account, address sender, uint256 value, bytes calldata data) external override returns (bytes memory result) {
+        require(sender == entrypoint, "unsupported entrypoint");
+        require(value == 0, "not payable");
+
+        ISafeProtocolManager manager = ISafeProtocolManager(msg.sender);
+        bytes4 selector = bytes4(data[:4]);
+        if (selector == ISafeProtocol4337Handler(account).validateUserOp.selector) {
+            (UserOperation memory userOp, bytes32 userOpHash, uint256 missingAccountFunds) = abi.decode(
+                data[4:],
+                (UserOperation, bytes32, uint256)
+            );
+            uint256 validationData = _validateUserOp(manager, account, userOp, userOpHash, missingAccountFunds);
+            result = abi.encode(validationData);
+        } else if (selector == ISafeProtocol4337Handler(account).executeUserOp.selector) {
+            (address to, uint256 opValue, bytes memory opData) = abi.decode(data[4:], (address, uint256, bytes));
+            _executeUserOp(manager, account, to, opValue, opData);
+        }
+    }
+
+    /**
+     * Validate account operation.
+     * @param manager the protocol manager.
+     * @param account the account.
+     * @param userOp the operation that is about to be executed.
+     * @param missingAccountFunds missing funds on the account's deposit in the entrypoint.
+     * @return validationData packaged validation data.
+     */
+    function _validateUserOp(
+        ISafeProtocolManager manager,
+        address account,
+        UserOperation memory userOp,
+        bytes32 userOpHash,
+        uint256 missingAccountFunds
+    ) internal returns (uint256 validationData) {
+        require(bytes4(userOp.callData) == ISafeProtocol4337Handler(account).executeUserOp.selector, "unsupported execution");
+
+        if (missingAccountFunds > 0) {
+            manager.transferPrefund(account, entrypoint, missingAccountFunds);
+        }
+
+        try IAccount(account).checkSignatures(userOpHash, "", userOp.signature) {
+            validationData = VALIDATION_SIG_SUCCESS;
+        } catch {
+            validationData = VALIDATION_SIG_FAILURE;
+        }
+    }
+
+    /**
+     * Executes a account operation.
+     * @param manager the protocol manager.
+     * @param account the account.
+     * @param to target of the operation.
+     * @param value value of the operation.
+     * @param data calldata for the operation.
+     */
+    function _executeUserOp(ISafeProtocolManager manager, address account, address to, uint256 value, bytes memory data) internal {
+        SafeTransaction memory transaction;
+        {
+            transaction.actions = new SafeProtocolAction[](1);
+            transaction.actions[0].to = payable(to);
+            transaction.actions[0].value = value;
+            transaction.actions[0].data = data;
+        }
+        manager.executeTransaction(account, transaction);
+    }
+
+    /**
+     * @inheritdoc ISafeProtocolPlugin
+     */
+    function metadataProvider()
+        external
+        view
+        override(ISafeProtocolFunctionHandler, ISafeProtocolPlugin)
+        returns (uint256 providerType, bytes memory location)
+    {}
+
+    /**
+     * @inheritdoc ISafeProtocolPlugin
+     */
+    function name() external pure override returns (string memory) {
+        return "Safe Protocol ERC-4337 Plugin";
+    }
+
+    /**
+     * @inheritdoc ISafeProtocolPlugin
+     */
+    function version() external pure override returns (string memory) {
+        return "1";
+    }
+
+    /**
+     * @inheritdoc ISafeProtocolPlugin
+     */
+    function requiresPermissions() external pure override returns (uint8 permissions) {
+        permissions = PLUGIN_PERMISSION_EXECUTE_CALL;
+    }
+}

contracts/modules/erc4337/interfaces/IERC4337.sol

@@ -0,0 +1,6 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity ^0.8.18;
+
+import {IAccount} from "@account-abstraction/contracts/interfaces/IAccount.sol";
+import {IEntryPoint} from "@account-abstraction/contracts/interfaces/IEntryPoint.sol";
+import {UserOperation} from "@account-abstraction/contracts/interfaces/UserOperation.sol";

contracts/modules/erc4337/interfaces/ISafeProtocol4337Handler.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity ^0.8.18;
+
+import {IAccount} from "./IERC4337.sol";
+
+interface ISafeProtocol4337Handler is IAccount {
+    function executeUserOp(address to, uint256 value, bytes calldata data) external;
+}

deploy/deploy_plugins.ts

@@ -0,0 +1,37 @@
+import { DeployFunction } from "hardhat-deploy/types";
+import { HardhatRuntimeEnvironment } from "hardhat/types";
+
+import { MODULE_TYPE_FUNCTION_HANDLER, MODULE_TYPE_PLUGIN } from "../src/utils/constants";
+
+const ENTRYPOINT = process.env.SAFE_PROTOCOL_ERC4337_ENTRYPOINT ?? "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789";
+
+const deploy: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+    const { ethers, deployments, getNamedAccounts } = hre;
+    const { deployer, owner } = await getNamedAccounts();
+    const { deploy } = deployments;
+
+    const registry = await deploy("SafeProtocolRegistry", {
+        from: deployer,
+        args: [owner],
+        log: true,
+        deterministicDeployment: true,
+    });
+
+    const module = await deploy("SafeProtocol4337Module", {
+        from: deployer,
+        args: [ENTRYPOINT],
+        log: true,
+        deterministicDeployment: true,
+    });
+    await ethers.getContractAt("SafeProtocolRegistry", registry.address).then(async (registry) => {
+        const { listedAt } = await registry.check(module.address, ethers.toBeHex(ethers.MaxUint256));
+        if (listedAt == 0n) {
+            await registry
+                .connect(await ethers.getSigner(owner))
+                .addModule(module.address, MODULE_TYPE_PLUGIN | MODULE_TYPE_FUNCTION_HANDLER);
+        }
+    });
+};
+
+deploy.tags = ["plugin"];
+export default deploy;

package.json

@@ -37,6 +37,7 @@
     "build:ts": "yarn rimraf dist && tsc -p tsconfig.prod.json"
   },
   "devDependencies": {
+    "@account-abstraction/contracts": "^0.6.0",
     "@nomicfoundation/hardhat-chai-matchers": "^2.0.0",
     "@nomicfoundation/hardhat-ethers": "^3.0.0",
     "@nomicfoundation/hardhat-network-helpers": "^1.0.0",
@@ -59,7 +60,7 @@
     "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-no-only-tests": "^3.1.0",
     "eslint-plugin-prettier": "^4.2.1",
-    "ethers": "^6.4.0",
+    "ethers": "^6.8.1",
     "hardhat": "^2.15.0",
     "hardhat-deploy": "^0.11.34",
     "hardhat-gas-reporter": "^1.0.8",
@@ -74,4 +75,4 @@
     "typescript": "~5.0.0",
     "yargs": "^17.7.2"
   }
-}
+}

scripts/user-operation.ts

@@ -0,0 +1,92 @@
+/**
+ * Script to execute an ERC-4337 user operation for a test executor.
+ */
+
+import { ethers, deployments } from "hardhat";
+
+import { PLUGIN_PERMISSION_EXECUTE_CALL } from "../src/utils/constants";
+import { UserOperationStruct } from "../typechain-types/@account-abstraction/contracts/interfaces/IAccount";
+
+const BUNDLER = process.env.SAFE_PROTOCOL_ERC4337_BUNDLER_URL ?? "http://localhost:3000/rpc";
+const ENTRYPOINT = process.env.SAFE_PROTOCOL_ERC4337_ENTRYPOINT ?? "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789";
+
+async function main() {
+    const bundler = await bundlerRpc(BUNDLER);
+
+    const manager = await deployments
+        .get("SafeProtocolManager")
+        .then(({ address }) => ethers.getContractAt("SafeProtocolManager", address));
+    const module = await deployments
+        .get("SafeProtocol4337Module")
+        .then(({ address }) => ethers.getContractAt("SafeProtocol4337Module", address));
+    const handler = await ethers.getContractAt("ISafeProtocol4337Handler", await module.getAddress());
+    const entrypoint = await ethers.getContractAt("EntryPoint", ENTRYPOINT);
+
+    const account = await ethers.deployContract("TestExecutor", [await manager.getAddress()]);
+    console.log(`using account ${await account.getAddress()}`);
+
+    await fundAddress(await account.getAddress());
+    await account.setModule(await manager.getAddress());
+    await account.exec(
+        await account.getAddress(),
+        0,
+        manager.interface.encodeFunctionData("enablePlugin", [await module.getAddress(), PLUGIN_PERMISSION_EXECUTE_CALL]),
+    );
+    await account.exec(
+        await account.getAddress(),
+        0,
+        manager.interface.encodeFunctionData("setFunctionHandler", [handler.validateUserOp.fragment.selector, await handler.getAddress()]),
+    );
+    await account.exec(
+        await account.getAddress(),
+        0,
+        manager.interface.encodeFunctionData("setFunctionHandler", [handler.executeUserOp.fragment.selector, await handler.getAddress()]),
+    );
+
+    const { maxFeePerGas, maxPriorityFeePerGas } = await ethers.provider.getFeeData();
+    const op = {
+        sender: await account.getAddress(),
+        nonce: ethers.toBeHex(await entrypoint.getNonce(await account.getAddress(), 0)),
+        initCode: "0x",
+        callData: handler.interface.encodeFunctionData("executeUserOp", [ethers.ZeroAddress, 0, "0x"]),
+        callGasLimit: ethers.toBeHex(100000),
+        verificationGasLimit: ethers.toBeHex(200000),
+        preVerificationGas: ethers.toBeHex(100000),
+        maxFeePerGas: ethers.toBeHex(maxFeePerGas ?? 0),
+        maxPriorityFeePerGas: ethers.toBeHex(maxPriorityFeePerGas ?? 0),
+        paymasterAndData: "0x",
+        signature: "0x",
+    };
+    console.log("sending operation", op);
+
+    const result = await bundler.sendUserOperation(op, await entrypoint.getAddress());
+    console.log("sent user operation", result);
+}
+
+async function bundlerRpc(url: string) {
+    const provider = new ethers.JsonRpcProvider(url, await ethers.provider.getNetwork());
+    return {
+        sendUserOperation: async (op: UserOperationStruct, entrypoint: string) => {
+            return await provider._send({
+                jsonrpc: "2.0",
+                method: "eth_sendUserOperation",
+                params: [op, entrypoint],
+                id: 4337,
+            });
+        },
+    };
+}
+
+async function fundAddress(to: string) {
+    const [signer] = await ethers.getSigners();
+    const balance = await ethers.provider.getBalance(to);
+    const value = ethers.parseEther("1.0") - balance;
+    if (value > 0n) {
+        await signer.sendTransaction({ to, value }).then((tx) => tx.wait());
+    }
+}
+
+main().catch((err) => {
+    console.error(err);
+    process.exitCode = 1;
+});

test/SafeProtocolManager.spec.ts

@@ -48,7 +48,7 @@ describe("SafeProtocolManager", async () => {
             expect(await safeProtocolManager.supportsInterface.staticCall("0x945b8148")).to.be.true;
             expect(await safeProtocolManager.supportsInterface.staticCall("0xe6d7a83a")).to.be.true;
             expect(await safeProtocolManager.supportsInterface.staticCall("0x01ffc9a7")).to.be.true;
-            expect(await safeProtocolManager.supportsInterface.staticCall("0x3f6c68ec")).to.be.true;
+            expect(await safeProtocolManager.supportsInterface.staticCall("0x3cd5a81c")).to.be.true;
         });
 
         it("Should return false when non-supported interfaceId is passed as parameter", async () => {