Implement branching for safe 1271 callers and fallback for personal sign

Author: zhongeric

snapshots/ERC7914Test.json

@@ -1,5 +1,5 @@
 {
   "approveNative": "45972",
   "approveNativeTransient": "24024",
-  "transferFromNative": "31956"
+  "transferFromNative": "31978"
 }

snapshots/MinimalDelegation4337Test.json

@@ -1,4 +1,4 @@
 {
-  "hanldeOps_BATCHED_CALL_singleCall_P256": "209155",
-  "hanldeOps_BATCHED_CALL_singleCall_eoaSigner": "184181"
+  "hanldeOps_BATCHED_CALL_singleCall_P256": "209177",
+  "hanldeOps_BATCHED_CALL_singleCall_eoaSigner": "184203"
 }

snapshots/MinimalDelegationExecuteTest.json

@@ -1,13 +1,13 @@
 {
-  "execute_BATCHED_CALL_SUPPORTS_OPDATA_singleCall": "92954",
-  "execute_BATCHED_CALL_SUPPORTS_OPDATA_twoCalls": "129562",
-  "execute_BATCHED_CALL_opData_P256_singleCall": "118266",
-  "execute_BATCHED_CALL_opData_singleCall": "92954",
-  "execute_BATCHED_CALL_opData_singleCall_native": "93784",
-  "execute_BATCHED_CALL_opData_twoCalls": "129562",
-  "execute_BATCHED_CALL_singleCall": "59600",
-  "execute_BATCHED_CALL_singleCall_native": "59679",
-  "execute_BATCHED_CALL_twoCalls": "95394",
-  "execute_invalidMode_reverts": "22997",
-  "multicall": "178476"
+  "execute_BATCHED_CALL_SUPPORTS_OPDATA_singleCall": "92976",
+  "execute_BATCHED_CALL_SUPPORTS_OPDATA_twoCalls": "129584",
+  "execute_BATCHED_CALL_opData_P256_singleCall": "118288",
+  "execute_BATCHED_CALL_opData_singleCall": "92976",
+  "execute_BATCHED_CALL_opData_singleCall_native": "93806",
+  "execute_BATCHED_CALL_opData_twoCalls": "129584",
+  "execute_BATCHED_CALL_singleCall": "59622",
+  "execute_BATCHED_CALL_singleCall_native": "59701",
+  "execute_BATCHED_CALL_twoCalls": "95416",
+  "execute_invalidMode_reverts": "23019",
+  "multicall": "178542"
 }

snapshots/MinimalDelegationIsValidSignatureTest.json

@@ -1,8 +1,12 @@
 {
   "isValidSignature_P256": "41828",
+  "isValidSignature_P256_personalSign": "33738",
+  "isValidSignature_P256_personalSign_notNested_usingHashTypedData": "306194",
+  "isValidSignature_P256_typedData_notNested_safeERC1271Caller": "32853",
   "isValidSignature_P256_withHook": "47986",
   "isValidSignature_WebAuthnP256": "48515",
-  "isValidSignature_personalSign_P256Key": "13429",
-  "isValidSignature_personalSign_rootKey": "6992",
-  "isValidSignature_rootKey": "17370"
+  "isValidSignature_rootKey": "17370",
+  "isValidSignature_rootKey_personalSign": "9301",
+  "isValidSignature_rootKey_personalSign_notNested_usingHashTypedData": "13708",
+  "isValidSignature_rootKey_typedData_notNested_safeERC1271Caller": "8416"
 }

snapshots/MinimalDelegationTest.json

@@ -1,7 +1,7 @@
 {
-  "minimalDelegationEntry bytecode size": "20673",
+  "minimalDelegationEntry bytecode size": "20946",
   "register": "184758",
-  "revoke": "54543",
+  "revoke": "54560",
   "validateUserOp_missingAccountFunds": "64567",
   "validateUserOp_no_missingAccountFunds": "33929"
 }

snapshots/NonceManagerTest.json

@@ -1,3 +1,3 @@
 {
-  "invalidateNonce": "45356"
+  "invalidateNonce": "45378"
 }

src/ERC1271.sol

@@ -2,15 +2,29 @@
 pragma solidity ^0.8.23;
 
 import {IERC1271} from "./interfaces/IERC1271.sol";
+import {BaseAuthorization} from "./BaseAuthorization.sol";
 
 /// @title ERC-1271
-/// @notice Abstract ERC1271 implementation
-abstract contract ERC1271 is IERC1271 {
+/// @notice Abstract ERC1271 implementation which supports nested EIP-712 workflows as defined by ERC-7739
+abstract contract ERC1271 is IERC1271, BaseAuthorization {
+    mapping(address => bool) private _erc1271CallerIsSafe;
+
     /// @dev The magic value returned by `isValidSignature()` if the signature is valid.
     bytes4 internal constant _1271_MAGIC_VALUE = 0x1626ba7e;
     /// @dev The magic value returned by `isValidSignature()` if the signature is invalid.
     bytes4 internal constant _1271_INVALID_VALUE = 0xffffffff;
 
+    /// @dev Returns whether the caller is considered safe, such
+    /// that we don't need to use the nested EIP-712 workflow as defined by ERC-7739
+    function _isSafeERC1271Caller(address caller) internal view virtual returns (bool) {
+        return _erc1271CallerIsSafe[caller];
+    }
+
+    /// @dev Sets whether the caller is considered safe to skip the nested EIP-712 workflow
+    function setERC1271CallerIsSafe(address caller, bool isSafe) external onlyThis {
+        _erc1271CallerIsSafe[caller] = isSafe;
+    }
+    
     /// @inheritdoc IERC1271
     function isValidSignature(bytes32 hash, bytes calldata signature) public view virtual returns (bytes4);
 }

src/MinimalDelegation.sol

@@ -197,11 +197,21 @@ contract MinimalDelegation is
 
         Key memory key = getKey(keyHash);
 
-        // Must be branched because we do abi decoding in memory which will throw since the ecnoding schemes are different
-        // Early check for personal signature which must be length 64 or 65 (k1 or r1 curve)
         bool isValid;
+        // Must be branched because we do abi decoding in memory which will throw since the encoding schemes are different
+        // ECDSA signatures are 65 bytes while P256 signatures are 64 bytes
         if (signature.length == 64 || signature.length == 65) {
-            isValid = _isValidNestedPersonalSignature(key, data, signature);
+            if(_isSafeERC1271Caller(msg.sender)) {
+                // If the caller is safe we can simply verify the key's signature over `data`
+                // Data is already hashed with the app's domain separator so we don't rehash
+                isValid = key.verify(data, signature);
+            } else {
+                // Otherwise, we try to verify the signature using NestedPersonalSign
+                // falling back to regular PersonalSign
+                isValid = 
+                    _isValidNestedPersonalSignature(key, data, signature) 
+                    || key.verify(hashTypedData(data), signature);
+            }
         } else {
             isValid = _isValidTypedDataSig(key, data, signature);
         }

src/interfaces/IERC1271.sol

@@ -3,6 +3,9 @@ pragma solidity ^0.8.0;
 
 /// @title IERC1271
 interface IERC1271 {
+    /// @notice Sets whether the caller is considered safe to skip the nested EIP-712 workflow
+    function setERC1271CallerIsSafe(address caller, bool isSafe) external;
+
     /// @notice Validates the `signature` against the given `hash`.
     /// @dev Wraps the given `hash` in a EIP-712 compliant struct along with the domain separator to be replay safe. Then validates the signature against it.
     /// @return result `0x1626ba7e` if validation succeeded, else `0xffffffff`.