Closed filmakarov closed 7 months ago
[https://github.com/zerodevapp/kernel/blob/main/src/validator/SessionKeyValidator.sol](https://github.com/zerodevapp/kernel/blob/main/src/validator/SessionKeyValidator.sol)
If the argument is address then how does rules like <= >= apply and be relevant
can you document more about how to add rules. I think we will hand hold people a lot understanding offset especially. and generating session key data accordingly cause this heavily depends on contract and method
can sessionKeyData just be concat of
sessionKey,
permission.destContract,
permission.functionSelector,
and not providing anything else at all?
can you document more about how to add rules. I think we will hand hold people a lot understanding offset especially. and generating session key data accordingly cause this heavily depends on contract and method
Yeah, it is explained here I think https://www.notion.so/biconomy/ABI-SVM-the-universal-Session-Validation-Module-for-basic-use-cases-2716292a4efe4b6b96d4910927ea3cca Looking forward to getting your feedback on this doc
If the argument is address then how does rules like <= >= apply and be relevant
technically any address is a uint as well. so technically it can be applied, but logically it rarely makes sense but since we consider everything as bytes32 not address or uint, all the conditions can be applied to any arg
can sessionKeyData just be concat of
sessionKey, permission.destContract, permission.functionSelector,
and not providing anything else at all?
yes, added according test case
can you document more about how to add rules. I think we will hand hold people a lot understanding offset especially. and generating session key data accordingly cause this heavily depends on contract and method
Yeah, it is explained here I think https://www.notion.so/biconomy/ABI-SVM-the-universal-Session-Validation-Module-for-basic-use-cases-2716292a4efe4b6b96d4910927ea3cca Looking forward to getting your feedback on this doc
will provide feedback this week
can sessionKeyData just be concat of
sessionKey, permission.destContract, permission.functionSelector,
and not providing anything else at all?
yes, added according test case
can you link it here or on dm. sorry for trouble again
==== SELF-REVIEW AND INTERNAL REVIEWS ARE DONE ====
Linking the documentation in the PR Description
Passing to Security Auditors
Summary
Introduces the new Session Validation Module, which can validate an action, performed by userOp, based on:
It allows a dApp to validate calls from a SmartAccount to any method of any contract. This SVM can be a useful building block for custom flows via the Batched Session Router.
Detailed Document: ABI SVM the universal Session Validation Module 2716292a4efe4b6b96d4910927ea3cca.pdf
Related Issue: #SMA-363
Change Type
Checklist