OpenZeppelin
diff --git a/‎.changeset/tame-monkeys-make.md‎
Lines changed: 5 additions & 0 deletions b/‎.changeset/tame-monkeys-make.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.changeset/whole-turkeys-swim.md‎
Lines changed: 5 additions & 0 deletions b/‎.changeset/whole-turkeys-swim.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎contracts/account/utils/draft-ERC4337Utils.sol‎
Lines changed: 132 additions & 15 deletions b/‎contracts/account/utils/draft-ERC4337Utils.sol‎
Lines changed: 132 additions & 15 deletions
diff --git a/‎contracts/interfaces/draft-IERC4337.sol‎
Lines changed: 3 additions & 1 deletion b/‎contracts/interfaces/draft-IERC4337.sol‎
Lines changed: 3 additions & 1 deletion
@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`ERC4337Utils`: Added the `paymasterSignature` function to extract the signature in `paymasterAndData` after Entrypoint v0.9. Similarly, a variant of `paymasterData` that receives a flag to exclude the signature from the returned data.
@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`ERC4337Utils`: Added variants of `packValidationData(address,uint48,uint48)` and `packValidationData(bool,uint48,uint48)` that receive a `ValidationRange` argument, could be timestamp or block number. Similarly, the `parseValidationData` now returns a `ValidationRange` too.
@@ -6,6 +6,7 @@
 - `ERC1967Proxy` and `TransparentUpgradeableProxy`: Mandate initialization during construction. Deployment now reverts with `ERC1967ProxyUninitialized` if an initialize call is not provided. Developers that rely on the previous behavior and want to disable this check can do so by overriding the internal `_unsafeAllowUninitialized` function to return true. ([#5906](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5906))
 - `ERC721` and `ERC1155`: Prevent setting an operator for `address(0)`. In the case of `ERC721` this type of operator allowance could lead to obfuscated mint permission. ([#6171](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/6171))
 - `RLP`: The `encode(bytes32)` function now encodes `bytes32` as a fixed size item and not as a scalar in `encode(uint256)`. Users must replace calls to `encode(bytes32)` with `encode(uint256(bytes32))` to preserve the same behavior. ([#6167](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/6167))
+- `ERC4337Utils`: The `parseValidationData` now returns a `ValidationRange` as the last return tuple value indicating whether the `validationData` is compared against a timestamp or block number. Developers must update their code to handle this new return value (e.g. `(aggregator, validAfter, validUntil) -> (aggregator, validAfter, validUntil, range)`).
 
 ## 5.5.0 (2025-10-31)
 
 
@@ -36,14 +36,37 @@ library ERC4337Utils {
     /// @dev For simulation purposes, validateUserOp (and validatePaymasterUserOp) must return this value in case of signature failure, instead of revert.
     uint256 internal constant SIG_VALIDATION_FAILED = 1;
 
-    /// @dev Parses the validation data into its components. See {packValidationData}.
+    /// @dev Magic value used in EntryPoint v0.9+ to detect the presence of a paymaster signature in `paymasterAndData`.
+    bytes8 internal constant PAYMASTER_SIG_MAGIC = 0x22e325a297439656; // keccak256("PaymasterSignature")[:8]
+
+    /// @dev Highest bit set to 1 in a 6-bytes field.
+    uint48 internal constant BLOCK_RANGE_FLAG = 0x800000000000;
+
+    /// @dev Mask for the lower 47 bits of a 6-bytes field (equivalent to uint48(~BLOCK_RANGE_FLAG)).
+    uint48 internal constant BLOCK_RANGE_MASK = 0x7fffffffffff;
+
+    /// @dev Validity range of the validation data.
+    enum ValidationRange {
+        TIMESTAMP,
+        BLOCK
+    }
+
+    /**
+     * @dev Parses the validation data into its components and the validity range. See {packValidationData}.
+     * Strips away the highest bit flag from the `validAfter` and `validUntil` fields.
+     */
     function parseValidationData(
         uint256 validationData
-    ) internal pure returns (address aggregator, uint48 validAfter, uint48 validUntil) {
+    ) internal pure returns (address aggregator, uint48 validAfter, uint48 validUntil, ValidationRange range) {
         validAfter = uint48(bytes32(validationData).extract_32_6(0));
         validUntil = uint48(bytes32(validationData).extract_32_6(6));
         aggregator = address(bytes32(validationData).extract_32_20(12));
-        if (validUntil == 0) validUntil = type(uint48).max;
+        range = ((validAfter & validUntil & BLOCK_RANGE_FLAG) == 0) ? ValidationRange.TIMESTAMP : ValidationRange.BLOCK;
+
+        validAfter &= BLOCK_RANGE_MASK;
+        validUntil &= BLOCK_RANGE_MASK;
+
+        if (validUntil == 0) validUntil = BLOCK_RANGE_MASK;
     }
 
     /// @dev Packs the validation data into a single uint256. See {parseValidationData}.
@@ -52,10 +75,36 @@ library ERC4337Utils {
         uint48 validAfter,
         uint48 validUntil
     ) internal pure returns (uint256) {
+        return
+            packValidationData(
+                aggregator,
+                validAfter,
+                validUntil,
+                (validAfter & validUntil & BLOCK_RANGE_FLAG) == 0 ? ValidationRange.TIMESTAMP : ValidationRange.BLOCK
+            );
+    }
+
+    /**
+     * @dev Variant of {packValidationData} that forces which validity range to use. This overwrites the presence of
+     * flags in `validAfter` and `validUntil`).
+     */
+    function packValidationData(
+        address aggregator,
+        uint48 validAfter,
+        uint48 validUntil,
+        ValidationRange range
+    ) internal pure returns (uint256) {
+        if (range == ValidationRange.TIMESTAMP) {
+            validAfter &= BLOCK_RANGE_MASK;
+            validUntil &= BLOCK_RANGE_MASK;
+        } else if (range == ValidationRange.BLOCK) {
+            validAfter |= BLOCK_RANGE_FLAG;
+            validUntil |= BLOCK_RANGE_FLAG;
+        }
         return uint256(bytes6(validAfter).pack_6_6(bytes6(validUntil)).pack_12_20(bytes20(aggregator)));
     }
 
-    /// @dev Same as {packValidationData}, but with a boolean signature success flag.
+    /// @dev Variant of {packValidationData} that uses a boolean success flag instead of an aggregator address.
     function packValidationData(bool sigSuccess, uint48 validAfter, uint48 validUntil) internal pure returns (uint256) {
         return
             packValidationData(
@@ -65,27 +114,59 @@ library ERC4337Utils {
             );
     }
 
+    /**
+     * @dev Variant of {packValidationData} that uses a boolean success flag instead of an aggregator address and that
+     * forces which validity range to use. This overwrites the presence of flags in `validAfter` and `validUntil`).
+     */
+    function packValidationData(
+        bool sigSuccess,
+        uint48 validAfter,
+        uint48 validUntil,
+        ValidationRange range
+    ) internal pure returns (uint256) {
+        return
+            packValidationData(
+                address(uint160(Math.ternary(sigSuccess, SIG_VALIDATION_SUCCESS, SIG_VALIDATION_FAILED))),
+                validAfter,
+                validUntil,
+                range
+            );
+    }
+
     /**
      * @dev Combines two validation data into a single one.
      *
      * The `aggregator` is set to {SIG_VALIDATION_SUCCESS} if both are successful, while
      * the `validAfter` is the maximum and the `validUntil` is the minimum of both.
+     *
+     * NOTE: Returns `SIG_VALIDATION_FAILED` if the validation ranges differ.
      */
     function combineValidationData(uint256 validationData1, uint256 validationData2) internal pure returns (uint256) {
-        (address aggregator1, uint48 validAfter1, uint48 validUntil1) = parseValidationData(validationData1);
-        (address aggregator2, uint48 validAfter2, uint48 validUntil2) = parseValidationData(validationData2);
+        (address aggregator1, uint48 validAfter1, uint48 validUntil1, ValidationRange range1) = parseValidationData(
+            validationData1
+        );
+        (address aggregator2, uint48 validAfter2, uint48 validUntil2, ValidationRange range2) = parseValidationData(
+            validationData2
+        );
 
-        bool success = aggregator1 == address(uint160(SIG_VALIDATION_SUCCESS)) &&
-            aggregator2 == address(uint160(SIG_VALIDATION_SUCCESS));
-        uint48 validAfter = uint48(Math.max(validAfter1, validAfter2));
-        uint48 validUntil = uint48(Math.min(validUntil1, validUntil2));
-        return packValidationData(success, validAfter, validUntil);
+        if (range1 == range2) {
+            bool success = aggregator1 == address(uint160(SIG_VALIDATION_SUCCESS)) &&
+                aggregator2 == address(uint160(SIG_VALIDATION_SUCCESS));
+            uint48 validAfter = uint48(Math.max(validAfter1, validAfter2));
+            uint48 validUntil = uint48(Math.min(validUntil1, validUntil2));
+            return packValidationData(success, validAfter, validUntil, range1);
+        } else {
+            return SIG_VALIDATION_FAILED;
+        }
     }
 
     /// @dev Returns the aggregator of the `validationData` and whether it is out of time range.
     function getValidationData(uint256 validationData) internal view returns (address aggregator, bool outOfTimeRange) {
-        (address aggregator_, uint48 validAfter, uint48 validUntil) = parseValidationData(validationData);
-        return (aggregator_, block.timestamp < validAfter || validUntil < block.timestamp);
+        (address aggregator_, uint48 validAfter, uint48 validUntil, ValidationRange range) = parseValidationData(
+            validationData
+        );
+        uint256 current = Math.ternary(range == ValidationRange.TIMESTAMP, block.timestamp, block.number);
+        return (aggregator_, current <= validAfter || validUntil < current);
     }
 
     /// @dev Get the hash of a user operation for a given entrypoint
@@ -155,8 +236,44 @@ library ERC4337Utils {
         return self.paymasterAndData.length < 52 ? 0 : uint128(bytes16(self.paymasterAndData[36:52]));
     }
 
-    /// @dev Returns the fourth section of `paymasterAndData` from the {PackedUserOperation}.
+    /**
+     * @dev Returns the fourth section of `paymasterAndData` from the {PackedUserOperation}.
+     * If a paymaster signature is present, it is excluded from the returned data.
+     */
     function paymasterData(PackedUserOperation calldata self) internal pure returns (bytes calldata) {
-        return self.paymasterAndData.length < 52 ? Calldata.emptyBytes() : self.paymasterAndData[52:];
+        bool hasSignature = self.paymasterAndData.length > 9 &&
+            bytes8(self.paymasterAndData[self.paymasterAndData.length - 8:]) == PAYMASTER_SIG_MAGIC;
+        uint256 suffixLength = hasSignature ? _paymasterSignatureSize(self) + 10 : 0;
+        return
+            self.paymasterAndData.length < 52 + suffixLength
+                ? Calldata.emptyBytes()
+                : self.paymasterAndData[52:self.paymasterAndData.length - suffixLength];
+    }
+
+    /**
+     * @dev Returns the paymaster signature from `paymasterAndData` (EntryPoint v0.9+).
+     * Returns empty bytes if no paymaster signature is present.
+     */
+    function paymasterSignature(PackedUserOperation calldata self) internal pure returns (bytes calldata) {
+        if (
+            self.paymasterAndData.length < 10 ||
+            bytes8(self.paymasterAndData[self.paymasterAndData.length - 8:]) != PAYMASTER_SIG_MAGIC
+        ) return Calldata.emptyBytes();
+
+        uint256 sigSize = _paymasterSignatureSize(self);
+        uint256 sigEnd = self.paymasterAndData.length - 10;
+        return
+            self.paymasterAndData.length < 62 + sigSize
+                ? Calldata.emptyBytes()
+                : self.paymasterAndData[sigEnd - sigSize:sigEnd];
+    }
+
+    /**
+     * @dev Returns the size of the paymaster signature in `paymasterAndData` (EntryPoint v0.9+).
+     * Does not check minimum length of `paymasterAndData`.
+     */
+    function _paymasterSignatureSize(PackedUserOperation calldata self) private pure returns (uint256) {
+        return
+            uint16(bytes2(self.paymasterAndData[self.paymasterAndData.length - 10:self.paymasterAndData.length - 8]));
     }
 }
@@ -30,6 +30,8 @@ pragma solidity >=0.8.4;
  * - `preVerificationGas` (`uint256`)
  * - `gasFees` (`bytes32`): concatenation of maxPriorityFeePerGas (16 bytes) and maxFeePerGas (16 bytes)
  * - `paymasterAndData` (`bytes`): concatenation of paymaster fields (or empty)
+ *   For EntryPoint v0.9+, may optionally include `paymasterSignature` at the end:
+ *   `paymaster || paymasterVerificationGasLimit || paymasterPostOpGasLimit || paymasterData || paymasterSignature || paymasterSignatureSize || PAYMASTER_SIG_MAGIC`
  * - `signature` (`bytes`)
  */
 struct PackedUserOperation {
@@ -40,7 +42,7 @@ struct PackedUserOperation {
     bytes32 accountGasLimits; // `abi.encodePacked(verificationGasLimit, callGasLimit)` 16 bytes each
     uint256 preVerificationGas;
     bytes32 gasFees; // `abi.encodePacked(maxPriorityFeePerGas, maxFeePerGas)` 16 bytes each
-    bytes paymasterAndData; // `abi.encodePacked(paymaster, paymasterVerificationGasLimit, paymasterPostOpGasLimit, paymasterData)` (20 bytes, 16 bytes, 16 bytes, dynamic)
+    bytes paymasterAndData; // `abi.encodePacked(paymaster, paymasterVerificationGasLimit, paymasterPostOpGasLimit, paymasterData[, paymasterSignature, paymasterSignatureSize, PAYMASTER_SIG_MAGIC])` (20 bytes, 16 bytes, 16 bytes, dynamic[, dynamic, 2 bytes, 8 bytes])
     bytes signature;
 }
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'openzeppelin-solidity': minor
 +---
++
 +`ERC4337Utils`: Added the `paymasterSignature` function to extract the signature in `paymasterAndData` after Entrypoint v0.9. Similarly, a variant of `paymasterData` that receives a flag to exclude the signature from the returned data.