Gasless ContractPublisher without chainid in typehash (#235)

* Forwarder with no chainid in typehash

* replace repo forwarder with prod forwarder code

* Add EIP712ChainlessDomain to set of modified oz presets

* replace ForwarderNoChainid -> ForwarderChainlessDomain

* move forwarder related code to dedicated directory

* fix import paths in tests

* update namehash in forwarder tets

* run prettier

* docs update

* move ForwarderEOAOnly to dedicated forwarder dir

Co-authored-by: Krishang Nadgauda <nkrishang@Krishangs-MacBook-Pro.local>

Author: nkrishang

contracts/Forwarder.sol

@@ -0,0 +1,67 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import "@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol";
+
+/*
+ * @dev Minimal forwarder for GSNv2
+ */
+contract Forwarder is EIP712 {
+    using ECDSA for bytes32;
+
+    struct ForwardRequest {
+        address from;
+        address to;
+        uint256 value;
+        uint256 gas;
+        uint256 nonce;
+        bytes data;
+    }
+
+    bytes32 private constant TYPEHASH =
+        keccak256("ForwardRequest(address from,address to,uint256 value,uint256 gas,uint256 nonce,bytes data)");
+
+    mapping(address => uint256) private _nonces;
+
+    constructor() EIP712("GSNv2 Forwarder", "0.0.1") {}
+
+    function getNonce(address from) public view returns (uint256) {
+        return _nonces[from];
+    }
+
+    function verify(ForwardRequest calldata req, bytes calldata signature) public view returns (bool) {
+        address signer = _hashTypedDataV4(
+            keccak256(abi.encode(TYPEHASH, req.from, req.to, req.value, req.gas, req.nonce, keccak256(req.data)))
+        ).recover(signature);
+
+        return _nonces[req.from] == req.nonce && signer == req.from;
+    }
+
+    function execute(ForwardRequest calldata req, bytes calldata signature)
+        public
+        payable
+        returns (bool, bytes memory)
+    {
+        require(verify(req, signature), "MinimalForwarder: signature does not match request");
+        _nonces[req.from] = req.nonce + 1;
+
+        // solhint-disable-next-line avoid-low-level-calls
+        (bool success, bytes memory result) = req.to.call{ gas: req.gas, value: req.value }(
+            abi.encodePacked(req.data, req.from)
+        );
+
+        if (!success) {
+            // Next 5 lines from https://ethereum.stackexchange.com/a/83577
+            if (result.length < 68) revert("Transaction reverted silently");
+            assembly {
+                result := add(result, 0x04)
+            }
+            revert(abi.decode(result, (string)));
+        }
+        // Check gas: https://ronan.eth.link/blog/ethereum-gas-dangers/
+        assert(gasleft() > req.gas / 63);
+        return (success, result);
+    }
+}

contracts/forwarder/Forwarder.sol

@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v4.5.0) (metatx/MinimalForwarder.sol)
+
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import "../openzeppelin-presets/cryptography/EIP712ChainlessDomain.sol";
+
+/**
+ * @dev Simple minimal forwarder to be used together with an ERC2771 compatible contract. See {ERC2771Context}.
+ */
+contract ForwarderChainlessDomain is EIP712ChainlessDomain {
+    using ECDSA for bytes32;
+
+    struct ForwardRequest {
+        address from;
+        address to;
+        uint256 value;
+        uint256 gas;
+        uint256 nonce;
+        bytes data;
+        uint256 chainid;
+    }
+
+    bytes32 private constant _TYPEHASH =
+        keccak256(
+            "ForwardRequest(address from,address to,uint256 value,uint256 gas,uint256 nonce,bytes data,uint256 chainid)"
+        );
+
+    mapping(address => uint256) private _nonces;
+
+    constructor() EIP712ChainlessDomain("GSNv2 Forwarder", "0.0.1") {}
+
+    function getNonce(address from) public view returns (uint256) {
+        return _nonces[from];
+    }
+
+    function verify(ForwardRequest calldata req, bytes calldata signature) public view returns (bool) {
+        address signer = _hashTypedDataV4(
+            keccak256(
+                abi.encode(
+                    _TYPEHASH,
+                    req.from,
+                    req.to,
+                    req.value,
+                    req.gas,
+                    req.nonce,
+                    keccak256(req.data),
+                    block.chainid
+                )
+            )
+        ).recover(signature);
+        return _nonces[req.from] == req.nonce && signer == req.from;
+    }
+
+    function execute(ForwardRequest calldata req, bytes calldata signature)
+        public
+        payable
+        returns (bool, bytes memory)
+    {
+        // require(req.chainid == block.chainid, "MinimalForwarder: invalid chainId");
+        require(verify(req, signature), "MinimalForwarder: signature does not match request");
+        _nonces[req.from] = req.nonce + 1;
+
+        (bool success, bytes memory returndata) = req.to.call{ gas: req.gas, value: req.value }(
+            abi.encodePacked(req.data, req.from)
+        );
+
+        // Validate that the relayer has sent enough gas for the call.
+        // See https://ronan.eth.link/blog/ethereum-gas-dangers/
+        if (gasleft() <= req.gas / 63) {
+            // We explicitly trigger invalid opcode to consume all gas and bubble-up the effects, since
+            // neither revert or assert consume all gas since Solidity 0.8.0
+            // https://docs.soliditylang.org/en/v0.8.0/control-structures.html#panic-via-assert-and-error-via-require
+            assembly {
+                invalid()
+            }
+        }
+
+        return (success, returndata);
+    }
+}

contracts/forwarder/ForwarderChainlessDomain.sol

@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.11;
+
+import "@openzeppelin/contracts/metatx/ERC2771Context.sol";
+
+contract ForwarderConsumer is ERC2771Context {
+    address public caller;
+
+    constructor(address trustedForwarder) ERC2771Context(trustedForwarder) {}
+
+    function setCaller() external {
+        caller = _msgSender();
+    }
+}

contracts/forwarder/ForwarderConsumer.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.11;
 
-import "./openzeppelin-presets/metatx/MinimalForwarderEOAOnly.sol";
+import "../openzeppelin-presets/metatx/MinimalForwarderEOAOnly.sol";
 
 /*
  * @dev Minimal forwarder for GSNv2

contracts/ForwarderEOAOnly.sol renamed to contracts/forwarder/ForwarderEOAOnly.sol

@@ -0,0 +1,100 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts v4.4.1 (utils/cryptography/draft-EIP712.sol)
+
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+
+/**
+ * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
+ *
+ * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
+ * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
+ * they need in their contracts using a combination of `abi.encode` and `keccak256`.
+ *
+ * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
+ * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
+ * ({_hashTypedDataV4}).
+ *
+ * The implementation of the domain separator was designed to be as efficient as possible while still properly updating
+ * the chain id to protect against replay attacks on an eventual fork of the chain.
+ *
+ * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
+ * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
+ *
+ * _Available since v3.4._
+ */
+abstract contract EIP712ChainlessDomain {
+    /* solhint-disable var-name-mixedcase */
+    // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
+    // invalidate the cached domain separator if the chain id changes.
+    bytes32 private immutable _CACHED_DOMAIN_SEPARATOR;
+    address private immutable _CACHED_THIS;
+
+    bytes32 private immutable _HASHED_NAME;
+    bytes32 private immutable _HASHED_VERSION;
+    bytes32 private immutable _TYPE_HASH;
+
+    /* solhint-enable var-name-mixedcase */
+
+    /**
+     * @dev Initializes the domain separator and parameter caches.
+     *
+     * The meaning of `name` and `version` is specified in
+     * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
+     *
+     * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
+     * - `version`: the current major version of the signing domain.
+     *
+     * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
+     * contract upgrade].
+     */
+    constructor(string memory name, string memory version) {
+        bytes32 hashedName = keccak256(bytes(name));
+        bytes32 hashedVersion = keccak256(bytes(version));
+        bytes32 typeHash = keccak256("EIP712Domain(string name,string version,address verifyingContract)");
+        _HASHED_NAME = hashedName;
+        _HASHED_VERSION = hashedVersion;
+        _CACHED_DOMAIN_SEPARATOR = _buildDomainSeparator(typeHash, hashedName, hashedVersion);
+        _CACHED_THIS = address(this);
+        _TYPE_HASH = typeHash;
+    }
+
+    /**
+     * @dev Returns the domain separator for the current chain.
+     */
+    function _domainSeparatorV4() internal view returns (bytes32) {
+        if (address(this) == _CACHED_THIS) {
+            return _CACHED_DOMAIN_SEPARATOR;
+        } else {
+            return _buildDomainSeparator(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION);
+        }
+    }
+
+    function _buildDomainSeparator(
+        bytes32 typeHash,
+        bytes32 nameHash,
+        bytes32 versionHash
+    ) private view returns (bytes32) {
+        return keccak256(abi.encode(typeHash, nameHash, versionHash, address(this)));
+    }
+
+    /**
+     * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
+     * function returns the hash of the fully encoded EIP712 message for this domain.
+     *
+     * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
+     *
+     * ```solidity
+     * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
+     *     keccak256("Mail(address to,string contents)"),
+     *     mailTo,
+     *     keccak256(bytes(mailContents))
+     * )));
+     * address signer = ECDSA.recover(digest, signature);
+     * ```
+     */
+    function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
+        return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash);
+    }
+}

contracts/openzeppelin-presets/cryptography/EIP712ChainlessDomain.sol

@@ -0,0 +1,12 @@
+# EIP712ChainlessDomain
+
+
+
+
+
+
+
+*https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data. The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible, thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in their contracts using a combination of `abi.encode` and `keccak256`. This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA ({_hashTypedDataV4}). The implementation of the domain separator was designed to be as efficient as possible while still properly updating the chain id to protect against replay attacks on an eventual fork of the chain. NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask]. _Available since v3.4._*
+
+
+

docs/EIP712ChainlessDomain.md

@@ -13,7 +13,7 @@
 ### execute
 
 ```solidity
-function execute(MinimalForwarder.ForwardRequest req, bytes signature) external payable returns (bool, bytes)
+function execute(Forwarder.ForwardRequest req, bytes signature) external payable returns (bool, bytes)
 ```
 
 
@@ -24,7 +24,7 @@ function execute(MinimalForwarder.ForwardRequest req, bytes signature) external
 
 | Name | Type | Description |
 |---|---|---|
-| req | MinimalForwarder.ForwardRequest | undefined |
+| req | Forwarder.ForwardRequest | undefined |
 | signature | bytes | undefined |
 
 #### Returns
@@ -59,7 +59,7 @@ function getNonce(address from) external view returns (uint256)
 ### verify
 
 ```solidity
-function verify(MinimalForwarder.ForwardRequest req, bytes signature) external view returns (bool)
+function verify(Forwarder.ForwardRequest req, bytes signature) external view returns (bool)
 ```
 
 
@@ -70,7 +70,7 @@ function verify(MinimalForwarder.ForwardRequest req, bytes signature) external v
 
 | Name | Type | Description |
 |---|---|---|
-| req | MinimalForwarder.ForwardRequest | undefined |
+| req | Forwarder.ForwardRequest | undefined |
 | signature | bytes | undefined |
 
 #### Returns

docs/Forwarder.md

@@ -1,4 +1,4 @@
-# MinimalForwarder
+# ForwarderChainlessDomain
 
 
 
@@ -13,7 +13,7 @@
 ### execute
 
 ```solidity
-function execute(MinimalForwarder.ForwardRequest req, bytes signature) external payable returns (bool, bytes)
+function execute(ForwarderChainlessDomain.ForwardRequest req, bytes signature) external payable returns (bool, bytes)
 ```
 
 
@@ -24,7 +24,7 @@ function execute(MinimalForwarder.ForwardRequest req, bytes signature) external
 
 | Name | Type | Description |
 |---|---|---|
-| req | MinimalForwarder.ForwardRequest | undefined |
+| req | ForwarderChainlessDomain.ForwardRequest | undefined |
 | signature | bytes | undefined |
 
 #### Returns
@@ -59,7 +59,7 @@ function getNonce(address from) external view returns (uint256)
 ### verify
 
 ```solidity
-function verify(MinimalForwarder.ForwardRequest req, bytes signature) external view returns (bool)
+function verify(ForwarderChainlessDomain.ForwardRequest req, bytes signature) external view returns (bool)
 ```
 
 
@@ -70,7 +70,7 @@ function verify(MinimalForwarder.ForwardRequest req, bytes signature) external v
 
 | Name | Type | Description |
 |---|---|---|
-| req | MinimalForwarder.ForwardRequest | undefined |
+| req | ForwarderChainlessDomain.ForwardRequest | undefined |
 | signature | bytes | undefined |
 
 #### Returns