Repot Logo
ContractsChainsProtocolsSocial Media
Search for all contractsSearch for code snippets
Contracts
Protocols
Repot
v0.8.0
Repot
DocumentationPrivacyTerms
Social
DiscordXTelegram
Alchemy - Modular Account

Alchemy - Modular Account

Audited

Modular Account

gh_ci_badge tg_badge

Alchemy's Modular Account is a maximally modular, upgradeable smart contract account that is compatible with ERC-4337 and ERC-6900.

[!WARNING]
This branch contains changes that are under development. To use the latest audited version make sure to use the correct commit. The tagged versions can be found in the releases.

Overview

This repository contains:

  • ERC-6900 compatible account implementations: src/account
  • Account factory: src/factory
  • Helper contracts and libraries: src/helpers, src/libraries
  • ERC-6900 compatible modules: src/modules
    • Validation modules:
      • SingleSignerValidationModule: Enables validation for a single signer (EOA or contract).
      • WebAuthnValidationModule: Enables validation for passkey signers.
    • Permission-enforcing hook modules:
      • AllowlistModule: Enforces ERC-20 spend limits and address/selector allowlists.
      • NativeTokenLimitModule: Enforces native token spend limits.
      • PaymasterGuardModule: Enforces use of a specific paymaster.
      • TimeRangeModule: Enforces time ranges for a given entity.

The contracts conform to these ERC versions:

  • ERC-4337: v0.7.0
  • ERC-6900: v0.8.0-rc.5

Development

Building and testing

# Install dependencies
forge install
pnpm install

# Build
forge build
FOUNDRY_PROFILE=optimized-build forge build --sizes

# Lint
pnpm lint

# Format
pnpm fmt

# Coverage
pnpm lcov

# Generate gas snapshots
pnpm gas

# Test
pnpm test
forge test -vvv

Deployment

A deployment script can be found in the scripts/ folder

forge script script/Deploy.s.sol --rpc-url $RPC_URL --broadcast

Security and audits

Our audit reports can be found in audits. The filenames for the reports have the format: YYYY-MM-DD_VENDOR_FFFFFFF.pdf, where YYYY-MM-DD refers to the date on which the final report was received, VENDOR refers to the conductor of the audit, and FFFFFFF refers to the short commit hash on which the audit was conducted.

Bug bounty

Details of our bug bounty program can be found at https://hackerone.com/alchemyplatform.

Acknowledgements

The contracts in this repository adhere to the ERC-6900 specification, and are heavily influenced by the design of the ERC-6900 reference implementation.

License

The modules provided in this repository (src/modules) are licensed under the GNU General Public License v3.0, included in our repository in LICENSE-GPL.

All other code for Modular Account is UNLICENSED.

Alchemy Insights, Inc., 548 Market St., PMB 49099, San Francisco, CA 94104; [email protected]

Smart Contract Function Descriptions for AccountBase.sol

Function validateUserOp

  • Visibility: external
  • Parameters: PackedUserOperation calldata userOp, bytes32 userOpHash, uint256 missingAccountFunds
  • Description: This function implements the validateUserOp logic. Provide further details based on the functionality.

Function entryPoint

  • Visibility: external
  • Parameters: None
  • Description: This function implements the entryPoint logic. Provide further details based on the functionality.

Function _validateUserOp

  • Visibility: internal
  • Parameters: PackedUserOperation calldata userOp, bytes32 userOpHash
  • Description: This function implements the _validateUserOp logic. Provide further details based on the functionality.

Function _requireFromEntryPoint

  • Visibility: internal
  • Parameters: None
  • Description: This function implements the _requireFromEntryPoint logic. Provide further details based on the functionality.
Download CodeOpen Code

account/AccountBase.sol