Skip to content

Feat/stx validator#18

Open
filmakarov wants to merge 113 commits into
developfrom
feat/stx-validator
Open

Feat/stx validator#18
filmakarov wants to merge 113 commits into
developfrom
feat/stx-validator

Conversation

@filmakarov

@filmakarov filmakarov commented Feb 2, 2026

Copy link
Copy Markdown
Contributor

StxValidator: Modular ERC-7579 Validator for MEE SuperTransactions

Overview

This PR introduces StxValidator, a next-generation ERC-7579 compatible validator module that replaces the legacy K1MeeValidator with a modular, extensible architecture designed for validating MEE (Modular Execution Environment) SuperTransactions.

Key Innovation: While K1MeeValidator was tightly coupled to secp256k1 (EOA) signatures, StxValidator implements a signature-agnostic architecture that supports multiple signing schemes including EOA, Passkeys (P256/secp256r1), Safe multisig, and any custom signature format implementing ERC-7780.

What are MEE SuperTransactions?

MEE SuperTransactions (Stx) are versatile data structures that enable users to execute complex, multi-chain operations with a single signature. They can contain:

  • Multiple ERC-4337 UserOperations
  • Arbitrary signed EIP-712 data structures (intents, off-chain orders, permits)
  • Cross-chain instructions with "elegant degradation" across execution environments

StxValidator validates both the UserOps and arbitrary signed data objects that comprise these SuperTransactions.

Architecture

Two-Layer Modular Design

StxValidator implements a clean separation of concerns through two distinct validation layers:

1️⃣ Stx Mode Verification (IStxModeVerifier)

Validates that a UserOp or data object is part of a SuperTransaction. Supported modes:

2️⃣ Signature Verification (IStatelessValidator / ERC-7780)

Cryptographic validation of signatures, fully decoupled from signing scheme:

  • EOA (secp256k1) (EOAStatelessValidator.sol) - Traditional Ethereum signatures
  • Passkeys (P256/secp256r1) (P256StatelessValidator.sol) - WebAuthn/Passkey support with RIP-7212 precompile + Solidity fallback
  • Safe Multisig - Built into SafeAccountSubmodule
  • Custom Validators - Any contract implementing IStatelessValidator

Configuration Management

The validator uses a flexible per-account configuration system (ConfigManager.sol):

  • Preconfigured Signature Types: Common combinations (EOA+Simple, P256+Simple, etc.) use optimized 4-byte prefixes
  • Custom Configs: Accounts can enable custom (stxModeVerifier, statelessValidator) pairs via configId
  • Multiple Configs: Each account can enable multiple validation strategies simultaneously
  • Ownership Data: Per-account, per-validator storage for public keys/credentials

Major Changes

🗑️ Removed

  • K1MeeValidator.sol - Replaced by modular StxValidator
  • ❌ Legacy validation mode libraries (NoMeeFlowLib, PermitValidatorLib, SafeAccountValidatorLib, SimpleValidatorLib)

✨ Added

Core Validator

  • StxValidator.sol - Main validator contract with ERC-7579, ERC-7780, and ERC-7739 support
  • ConfigManager.sol - Flexible configuration management system
  • ERC7739Validator.sol - Native ERC-7739 nested typed data sign support

Stx Mode Verifiers

  • SimpleModeSubmodule.sol - Simple mode implementation
  • PermitSubmodule.sol - Permit mode with ERC-2612 integration
  • TxSubmodule.sol - On-chain transaction mode
  • SafeAccountSubmodule.sol - Safe multisig mode (dual IStxModeVerifier + IStatelessValidator)
  • NoStxModeVerifier.sol - Fallback for non-Stx flows

Stateless Validators

  • EOAStatelessValidator.sol - EOA signature verification (secp256k1)
  • P256StatelessValidator.sol - Passkey signature verification (secp256r1)
  • P256Verifier.sol - Solidity implementation of P256 curve (Daimo's FCL library)

Interfaces

  • IStxModeVerifier.sol - Interface for Stx mode verification modules
  • IERC7739Multiplexer.sol - Interface for ERC-7739 hash/signature multiplexing

🔄 Modified

  • HashLib.sol - Enhanced to support new modular architecture
  • MEEUserOpHashLib.sol - Updated for new UserOp hashing flows
  • EcdsaHelperLib.sol - Signature malleability fixes
  • Constants.sol - New signature type constants for all mode combinations

Testing

Comprehensive test coverage with 23 test files covering:

End-to-End Tests

  • ✅ All Stx modes (Simple, Permit, Tx, Safe Account, No-Stx)
  • ✅ Multi-chain scenarios (Simple Mode)
  • ✅ P256 passkey integration
  • ✅ Fork tests against live Safe deployments

Unit Tests

  • ✅ Configuration management (add, replace, delete configs)
  • ✅ Signature type routing
  • ✅ ERC-7739 multiplexer
  • ✅ Module initialization/uninstallation
  • ✅ Safe senders management
  • ✅ Individual submodule validation logic
  • ✅ Ownership data management

Test Structure: Reorganized from test/unit/ to test/unit-and-e2e/ to better reflect test types.

Key Features

🔐 Signature Agnostic

Unlike K1MeeValidator (EOA-only), StxValidator supports:

  • Traditional EOA wallets
  • Passkey/WebAuthn (P256) - enabling passwordless authentication
  • Safe multisig wallets
  • Any custom signature scheme via ERC-7780

🎯 Modular & Extensible

  • Plug-and-play Stx mode verifiers
  • Plug-and-play signature validators
  • Easy to add new modes or signature schemes without touching core logic

🌐 ERC-7739 Support

Full nested typed data sign support for:

  • Safe caller detection (MulticallerWithSigner)
  • Nested EIP-712 workflow
  • RPC-based signature validation
  • Custom safe senders registry

⚙️ Flexible Configuration

  • Multiple validation strategies per account
  • Runtime config management (add/replace/delete)
  • Preconfigured common patterns with optimized gas
  • Support for custom configurations

🔄 Backwards Compatible

  • Maintains support for vanilla ERC-4337 UserOps (via NoStxModeVerifier)
  • ERC-1271 signature validation without Stx (via signature type 0x177eee05)
  • EIP-7702 delegation support for EOA smart accounts

Deployment

Updated deployment scripts with:

  • ✅ All submodule deployments
  • ✅ Deterministic deployment via Safe Singleton Deployer
  • ✅ Comprehensive artifact generation
  • ✅ Multi-chain deployment support

Deployment Artifacts: See script/deploy/artifacts/stx-validator/ for all deployed contract addresses and verification data.

Migration from K1MeeValidator

For existing users of K1MeeValidator:

  1. Same Modes Supported: All existing MEE modes are preserved (Simple, Permit, Tx, Safe Account)
  2. Enhanced Capabilities: Now with P256/Passkey support
  3. Same Integration: ERC-7579 compatible, drop-in replacement
  4. New Features: Multiple configs, ERC-7739, better modularity

Related Standards & Documentation

Statistics

  • 193 files changed: 10,540 insertions(+), 2,005 deletions(-)
  • 23 comprehensive test files
  • 8 new submodules implementing modular architecture
  • 7 deployment artifacts for all submodules

Breaking Changes

⚠️ K1MeeValidator.sol has been removed. Users should migrate to StxValidator which provides all the same functionality plus extensibility for additional signature types.


Checklist

  • All MEE modes implemented and tested
  • P256/Passkey support added
  • Comprehensive unit and E2E tests
  • Deployment scripts updated
  • ERC-7739 support implemented
  • Configuration management system
  • Documentation and NatSpec complete
  • Gas optimizations applied
  • Security considerations addressed

This PR represents a significant architectural improvement that positions the validator for future extensibility while maintaining full backwards compatibility with existing MEE SuperTransaction flows.

@filmakarov filmakarov marked this pull request as ready for review February 20, 2026 10:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant