Skip to main content

Session Key Validator Module

Overview

The Session Key Validator module is a crucial component of our smart contract wallet, enabling temporary and limited access to wallet functionality through session keys. This module enhances security and usability by allowing users to grant time-bound, operation-limited access to their wallet without compromising their main keys.

Key Features

  • Time-bound session keys
  • Operation limit for non-master session keys
  • Whitelisting of target addresses for enhanced security
  • Support for single and batch execution calls
  • ERC-1271 compatible signature validation

Contract Structure

The SessionKeyValidator contract implements the IValidator interface and includes the following main components:

State Variables

  • sessionKeys: Mapping of wallet addresses to session key addresses and their associated SessionKey struct
  • initializedAccounts: Mapping to track initialized accounts

Structs

struct SessionKey {
    uint48 validAfter;
    uint48 validUntil;
    uint48 limit;
    bool masterSessionKey;
    bool whitelisting;
    mapping(address => bool) whitelist;
    address registrarAddress;
}

SessionKey Struct Fields Explanation

  1. validAfter (uint48):

    • Purpose: Defines the timestamp after which the session key becomes valid.
    • Usage: Ensures that the session key cannot be used before a specific time, allowing for future-dated permissions.

  2. validUntil (uint48):

    • Purpose: Specifies the timestamp until which the session key remains valid.
    • Usage: Automatically expires the session key after a certain time, enhancing security by limiting the key's lifespan.

  3. limit (uint48):

    • Purpose: Sets the maximum number of operations that can be performed using this session key.
    • Usage: Restricts the usage of the key to a specific number of transactions, providing an additional layer of control.

  4. masterSessionKey (bool):

    • Purpose: Indicates whether this is a master session key with elevated privileges.
    • Usage: If true, the key bypasses certain restrictions like operation limits and whitelisting, suitable for trusted devices or applications.

  5. whitelisting (bool):

    • Purpose: Determines if the whitelist feature is active for this session key.
    • Usage: When true, the session key can only interact with whitelisted addresses, providing granular control over the key's capabilities.

  6. whitelist (mapping(address => bool)):

    • Purpose: Stores a list of addresses that the session key is allowed to interact with.
    • Usage: When whitelisting is enabled, only transactions to these approved addresses will be permitted.

  7. registrarAddress (address):

    • Purpose: Stores the address of the account that registered this session key.
    • Usage: Helps in auditing and managing session keys by keeping track of which account created each key.

These fields work together to create a flexible and secure session key system. By adjusting these parameters, wallet owners can create session keys tailored to specific use cases, balancing between security and convenience.

Main Functions

validateUserOp

Validates a user operation signed by a session key.

function validateUserOp(
    PackedUserOperation calldata userOp,
    bytes32 userOpHash
) external override returns (uint256 validationData)
  • Verifies the signature
  • Checks session key validity (time range and operation limit)
  • For non-master keys, enforces whitelisting if enabled

registerSessionKey

Registers a new session key for a wallet.

function registerSessionKey(
    address sessionKey,
    uint48 validAfter,
    uint48 validUntil,
    uint48 limit,
    bool masterSessionKey,
    address[] calldata whitelist
) external

revokeSessionKey

Revokes an existing session key.

function revokeSessionKey(address sessionKey) external

isValidSignatureWithSender

Implements ERC-1271 signature validation for session keys.

function isValidSignatureWithSender(
    address sender,
    bytes32 hash,
    bytes calldata signature
) external view override returns (bytes4)

Usage

To use the Session Key Validator module:

  1. Install the module in your smart contract wallet.
  2. Register session keys using registerSessionKey.
  3. Use the session keys to sign operations within their validity period and limits.
  4. Revoke session keys when they are no longer needed using revokeSessionKey.

Security Considerations

  • Always set appropriate time limits and operation counts for session keys.
  • Use whitelisting for non-master session keys to restrict their capabilities.
  • Regularly audit and revoke unused or expired session keys.

Integration

To integrate this module with your smart contract wallet:

  1. Deploy the SessionKeyValidator contract.
  2. Add the module to your wallet using the wallet's module management function.
  3. Ensure your wallet's execution function checks with this validator when processing operations.

Conclusion

The Session Key Validator module provides a flexible and secure way to manage temporary access to smart contract wallets. By utilizing session keys, users can enhance their wallet's security while maintaining convenience for frequent operations.