|
1 | 1 | # Overview |
2 | 2 |
|
3 | | -Purse: A Simple(_r_) Smart Wallet |
| 3 | +Purse: Personalize your Wallet |
4 | 4 |
|
5 | 5 | ## Design |
6 | 6 |
|
7 | 7 | Purse is a (very) simple smart wallet for EOAs, using EIP-7702 for core functionality. |
8 | 8 | Purse only works for EOAs since it uses the SetCode transactions on supported neworks to install and uninstall it. |
9 | 9 |
|
10 | 10 | Out of the box, Purse has no features other than controlling a set of "accessories" that it can install (and uninstall) at will. |
11 | | -Through the accessories, Purse can expand it's capabilities, such as adding multicall support and enabling automation through 3rd party accounts. |
12 | | -The only invariant is that Purse can only add or remove accessories by directly calling itself from itself, which means it only works in a EIP-7702 context via EOA delegatecall. |
13 | | - |
14 | | -Purse calls its accessories through the fallback (`__default__` method in Vyper), where the method ID of the calldata is used to load the target. |
15 | | -It will then forward all the calldata to that previously-approved target as it gets called via `DELEGATECALL`. |
| 11 | +Through the accessories, Purse can expand it's capabilities, |
| 12 | +such as adding multicall support and enabling automation through 3rd party delegation services. |
| 13 | +The only invariant in Purse is that only the EOA can add or remove accessories by directly calling these methods to itself, |
| 14 | +which means it only works in a EIP-7702 context via EOA delegatecall. |
| 15 | + |
| 16 | +Purse calls its accessories through the fallback method (`__default__` method in Vyper), |
| 17 | +where the method ID of the calldata is used to load the target address. |
| 18 | +It will then forward the entire calldata to that previously-approved target as it gets called via `DELEGATECALL`. |
16 | 19 | How the accessory chooses to handle the calldata is up to them, the rest of the calldata is simply passed through to it. |
17 | | -Also note that beyond restrictions of how accessories can be added or removed, there are no invariants maintained through 3rd party accessories unless they themsleves implement those measures. |
| 20 | +Also note that beyond restrictions of how accessories can be added or removed, |
| 21 | +there are no invariants maintained through 3rd party accessories unless they implement those measures themsleves. |
18 | 22 |
|
19 | 23 | If any accessory call has a failure, Purse's call handling will raise it and not continue processing the transaction. |
20 | 24 | This presents a nicer interface when debugging call failures without dealing with nonce management features. |
21 | | - |
22 | | -Additionally, since all accessory calls are executed using `DELEGATECALL`, technically all accessories use a shared storage space. |
23 | | -**It is highly recommended not to use stateful accessories** without further security analysis, but stateful accessories are possible. |
24 | | -If designing a stateful accessory, it is highly recommended to manage the entire storage lifecycle, as well as use storage namespacing to ensure that no conflicts will exist between accessories (unless desired). |
25 | | -Purse makes no guarantees about storage namespacing, and it is potentially highly dangerous and could lead to **total account compromise** if implemented poorly, since this also potentially allows eliding Purse's own security invariants for accessory management. |
26 | | - |
27 | | -Technically, Purse can probably work with Threshold or MPC technology, but it is not advised at this time without a security review. |
| 25 | +Therefore, **if you need replay protection**, your accessory should implement it for itself. |
| 26 | + |
| 27 | +Additionally, since all accessory calls are executed using `DELEGATECALL`, |
| 28 | +technically all accessories use the shared storage space: your EOA account. |
| 29 | +**It is highly recommended not to use stateful accessories** without further security analysis of their interactions with other accessories, |
| 30 | +but stateful accessories are possible. |
| 31 | +If designing a stateful accessory, it is highly recommended to manage the entire storage lifecycle, |
| 32 | +as well to make use of storage namespacing to ensure that no conflicts will exist between accessories (unless desired). |
| 33 | +Purse makes no guarantees about storage namespacing, |
| 34 | +and it is potentially highly dangerous and could lead to **total account compromise** if implemented poorly, |
| 35 | +since this also potentially allows eliding Purse's own security invariants for accessory management. |
| 36 | + |
| 37 | +Technically, Purse can probably work with Threshold Signature or MPC technology, |
| 38 | +but it is not advised at this time without a security review. |
28 | 39 | In fact, using Purse at all is probably not advised as it is an un-audited experiment based on a half-baked idea I had from seeing 7702 in the wild. |
29 | 40 |
|
30 | 41 | --- |
|
0 commit comments