call debug_traceCall and filter for base forbidden opcodes (#48)

hazim-j · web-flow · commit 58b77a63af53 · 2022-12-05T00:24:25.000+11:00
diff --git a/internal/start/private.go b/internal/start/private.go
@@ -10,6 +10,7 @@ import (
 	badger "github.com/dgraph-io/badger/v3"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/ethclient"
+	"github.com/ethereum/go-ethereum/rpc"
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 	"github.com/stackup-wallet/stackup-bundler/internal/config"
@@ -59,11 +60,13 @@ func PrivateMode() {
 	defer db.Close()
 	runDBGarbageCollection(db)
 
-	eth, err := ethclient.Dial(conf.EthClientUrl)
+	rpc, err := rpc.Dial(conf.EthClientUrl)
 	if err != nil {
 		log.Fatal(err)
 	}
 
+	eth := ethclient.NewClient(rpc)
+
 	chain, err := eth.ChainID(context.Background())
 	if err != nil {
 		log.Fatal(err)
@@ -74,7 +77,7 @@ func PrivateMode() {
 		log.Fatal(err)
 	}
 
-	check := checks.New(eth, conf.MaxVerificationGas)
+	check := checks.New(rpc, conf.MaxVerificationGas)
 	relayer := relay.New(db, eoa, eth, chain, beneficiary, logr)
 	paymaster := paymaster.New(db)
 
diff --git a/pkg/entrypoint/handleops.go b/pkg/entrypoint/handleops.go
@@ -15,7 +15,7 @@ import (
 	"github.com/stackup-wallet/stackup-bundler/pkg/userop"
 )
 
-func ToAbiType(batch []*userop.UserOperation) []UserOperation {
+func toAbiType(batch []*userop.UserOperation) []UserOperation {
 	ops := []UserOperation{}
 	for _, op := range batch {
 		ops = append(ops, UserOperation(*op))
@@ -46,7 +46,7 @@ func EstimateHandleOpsGas(
 	auth.GasLimit = math.MaxUint64
 	auth.NoSend = true
 
-	tx, err := ep.HandleOps(auth, ToAbiType(batch), beneficiary)
+	tx, err := ep.HandleOps(auth, toAbiType(batch), beneficiary)
 	if err != nil {
 		return 0, nil, err
 	}
@@ -99,7 +99,7 @@ func HandleOps(
 	auth.GasTipCap = tip
 	auth.GasFeeCap = maxFee
 
-	txn, err = ep.HandleOps(auth, ToAbiType(batch), beneficiary)
+	txn, err = ep.HandleOps(auth, toAbiType(batch), beneficiary)
 	if err != nil {
 		revert, err := newFailedOpRevert(err)
 		if err != nil {
diff --git a/pkg/entrypoint/simulation.go b/pkg/entrypoint/simulation.go
@@ -1,18 +1,70 @@
 package entrypoint
 
 import (
+	"context"
 	"errors"
 	"fmt"
+	"math"
+	"math/big"
 
+	mapset "github.com/deckarep/golang-set/v2"
+	"github.com/ethereum/go-ethereum/accounts/abi/bind"
 	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/ethereum/go-ethereum/ethclient"
+	"github.com/ethereum/go-ethereum/rpc"
 	"github.com/stackup-wallet/stackup-bundler/pkg/userop"
 )
 
+var (
+	// A dummy private key used to build *bind.TransactOpts for simulation.
+	dummyPk, _ = crypto.GenerateKey()
+
+	// A marker to delimit between account and paymaster simulation.
+	markerOpCode = "NUMBER"
+
+	// All opcodes executed at this depth are from the EntryPoint and allowed.
+	allowedDepth = float64(1)
+
+	// The gas opcode is only allowed if followed immediately by callOpcodes.
+	// gasOpCode = "GAS"
+
+	// Only one create2 opcode is allowed if these two conditions are met:
+	// 	1. op.initcode.length != 0
+	// 	2. During account simulation (i.e. before markerOpCode)
+	// create2OpCode = "CREATE2"
+
+	// List of opcodes related to CALL.
+	// callOpcodes = mapset.NewSet(
+	// 	"CALL",
+	// 	"DELEGATECALL",
+	// 	"CALLCODE",
+	// 	"STATICCALL",
+	// )
+
+	// List of opcodes not allowed during simulation for depth > allowedDepth (i.e. account, paymaster, or
+	// contracts called by them).
+	baseForbiddenOpCodes = mapset.NewSet(
+		"GASPRICE",
+		"GASLIMIT",
+		"DIFFICULTY",
+		"TIMESTAMP",
+		"BASEFEE",
+		"BLOCKHASH",
+		"NUMBER",
+		"SELFBALANCE",
+		"BALANCE",
+		"ORIGIN",
+		"CREATE",
+		"COINBASE",
+	)
+)
+
 // SimulateValidation makes a static call to Entrypoint.simulateValidation(userop) and returns the
 // results without any state changes.
-func SimulateValidation(eth *ethclient.Client, entryPoint common.Address, op *userop.UserOperation) (*SimulationResultRevert, error) {
-	ep, err := NewEntrypoint(entryPoint, eth)
+func SimulateValidation(rpc *rpc.Client, entryPoint common.Address, op *userop.UserOperation) (*SimulationResultRevert, error) {
+	ep, err := NewEntrypoint(entryPoint, ethclient.NewClient(rpc))
 	if err != nil {
 		return nil, err
 	}
@@ -33,6 +85,82 @@ func SimulateValidation(eth *ethclient.Client, entryPoint common.Address, op *us
 		return nil, errors.New(fo.Reason)
 	}
 
-	// TODO: Trace forbidden opcodes
 	return sim, nil
 }
+
+type structLog struct {
+	Depth   float64  `json:"depth"`
+	Gas     float64  `json:"gas"`
+	GasCost float64  `json:"gasCost"`
+	Op      string   `json:"op"`
+	Pc      float64  `json:"pc"`
+	Stack   []string `json:"stack"`
+}
+
+type traceCallRes struct {
+	Failed      bool        `json:"failed"`
+	Gas         float64     `json:"gas"`
+	ReturnValue []byte      `json:"returnValue"`
+	StructLogs  []structLog `json:"structLogs"`
+}
+
+type traceCallReq struct {
+	From common.Address `json:"from"`
+	To   common.Address `json:"to"`
+	Data hexutil.Bytes  `json:"data"`
+}
+
+type traceCallOpts struct {
+	DisableStorage bool `json:"disableStorage"`
+	DisableMemory  bool `json:"disableMemory"`
+}
+
+// TraceSimulateValidation makes a debug_traceCall to Entrypoint.simulateValidation(userop) and returns the
+// results without any state changes.
+func TraceSimulateValidation(rpc *rpc.Client, entryPoint common.Address, op *userop.UserOperation, chainID *big.Int) error {
+	ep, err := NewEntrypoint(entryPoint, ethclient.NewClient(rpc))
+	if err != nil {
+		return err
+	}
+	auth, err := bind.NewKeyedTransactorWithChainID(dummyPk, chainID)
+	if err != nil {
+		return err
+	}
+	auth.GasLimit = math.MaxUint64
+	auth.NoSend = true
+	tx, err := ep.SimulateValidation(auth, UserOperation(*op))
+	if err != nil {
+		return err
+	}
+
+	var res traceCallRes
+	req := traceCallReq{
+		From: common.HexToAddress("0x"),
+		To:   entryPoint,
+		Data: tx.Data(),
+	}
+	opts := traceCallOpts{
+		DisableStorage: false,
+		DisableMemory:  false,
+	}
+	if err := rpc.CallContext(context.Background(), &res, "debug_traceCall", &req, "latest", &opts); err != nil {
+		return err
+	}
+
+	simFor := "account"
+	for _, sl := range res.StructLogs {
+		if sl.Depth == allowedDepth && sl.Op == markerOpCode {
+			simFor = "paymaster"
+		}
+
+		if sl.Depth == allowedDepth {
+			continue
+		}
+
+		if baseForbiddenOpCodes.Contains(sl.Op) {
+			return fmt.Errorf("%s: uses forbidden opcode %s", simFor, sl.Op)
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/modules/checks/standalone.go b/pkg/modules/checks/standalone.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/ethclient"
+	"github.com/ethereum/go-ethereum/rpc"
 	"github.com/stackup-wallet/stackup-bundler/pkg/entrypoint"
 	"github.com/stackup-wallet/stackup-bundler/pkg/modules"
 	"golang.org/x/sync/errgroup"
@@ -16,14 +17,16 @@ import (
 // intended for bundlers that are independent of an Ethereum node and hence relies on a given ethClient to
 // query blockchain state.
 type Standalone struct {
+	rpc                *rpc.Client
 	eth                *ethclient.Client
 	maxVerificationGas *big.Int
 }
 
 // New returns a Standalone instance with methods that can be used in Client and Bundler modules to perform
 // standard checks as specified in EIP-4337.
-func New(eth *ethclient.Client, maxVerificationGas *big.Int) *Standalone {
-	return &Standalone{eth, maxVerificationGas}
+func New(rpc *rpc.Client, maxVerificationGas *big.Int) *Standalone {
+	eth := ethclient.NewClient(rpc)
+	return &Standalone{rpc, eth, maxVerificationGas}
 }
 
 // ValidateOpValues returns a UserOpHandler that runs through some first line sanity checks for new UserOps
@@ -42,19 +45,23 @@ func (s *Standalone) ValidateOpValues() modules.UserOpHandlerFunc {
 		g.Go(func() error { return checkCallGasLimit(ctx.UserOp) })
 		g.Go(func() error { return checkFeePerGas(s.eth, ctx.UserOp) })
 
-		if err := g.Wait(); err != nil {
-			return err
-		}
-		return nil
+		return g.Wait()
 	}
 }
 
-// SimulateOp returns a UserOpHandler that runs through simulation of new UserOps with the EntryPoint. This
-// should be done after all validations are complete.
+// SimulateOp returns a UserOpHandler that runs through simulation of new UserOps with the EntryPoint.
 func (s *Standalone) SimulateOp() modules.UserOpHandlerFunc {
 	return func(ctx *modules.UserOpHandlerCtx) error {
-		_, err := entrypoint.SimulateValidation(s.eth, ctx.EntryPoint, ctx.UserOp)
-		return err
+		g := new(errgroup.Group)
+		g.Go(func() error {
+			_, err := entrypoint.SimulateValidation(s.rpc, ctx.EntryPoint, ctx.UserOp)
+			return err
+		})
+		g.Go(func() error {
+			return entrypoint.TraceSimulateValidation(s.rpc, ctx.EntryPoint, ctx.UserOp, ctx.ChainID)
+		})
+
+		return g.Wait()
 	}
 }
 
