feat: StatelessValidatorMultiPlexer#23
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new StatelessValidatorMultiPlexer module that enables multiple stateless validators to be used together in a single validation operation. The implementation allows for composition of different validator types (e.g., ECDSA and WebAuthn) where all validators must pass for the overall validation to succeed.
- Implements a new multiplexer contract that validates signatures by calling multiple stateless validators
- Adds comprehensive test coverage for various validation scenarios including edge cases
- Updates Solidity version from 0.8.25 to 0.8.28 across the project
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/StatelessValidatorMultiPlexer/StatelessValidatorMultiPlexer.sol |
Core multiplexer implementation with signature validation logic |
test/StatelessValidatorMultiPlexer/StatelessValidatorMultiPlexer.sol |
Comprehensive test suite covering success/failure scenarios |
foundry.toml |
Updates Solidity compiler version to 0.8.28 |
.vscode/settings.json |
Configures VS Code to use Solidity 0.8.28 |
Comments suppressed due to low confidence (2)
test/StatelessValidatorMultiPlexer/StatelessValidatorMultiPlexer.sol:124
- The test
test_OnInstallonly assertsassertTrue(true)which provides no meaningful validation. Consider testing actual behavior or state changes.
assertTrue(true);
test/StatelessValidatorMultiPlexer/StatelessValidatorMultiPlexer.sol:129
- The test
test_OnUninstallonly assertsassertTrue(true)which provides no meaningful validation. Consider testing actual behavior or state changes.
assertTrue(true);
greg-rhinestone
left a comment
greg-rhinestone
left a comment
There was a problem hiding this comment.
🤖 Automated review by Greg
PR Review
Summary: Adds a new module implementing M-of-N stateless validation — callers combine multiple stateless validators (e.g. OwnableValidator + WebAuthnValidator) with a configurable threshold. Also bumps Solc from 0.8.25 to 0.8.28.
Risk: Medium — new security-critical module handling signature validation; the overflow issue below could cause silent auth bypass in edge cases.
Issues:
src/StatelessValidatorMultiPlexer/StatelessValidatorMultiPlexer.sol:72—validCountisuint8butvalidatorsLengthisuint256. If >255 validators are provided and all return true,validCountwraps to 0 — threshold match fails even though all validators passed. Useuint256forvalidCount.src/StatelessValidatorMultiPlexer/StatelessValidatorMultiPlexer.sol:76— No early exit once threshold is met; all remaining validators are called unnecessarily. Addif (validCount >= threshold) return true;inside the loop after incrementing.src/StatelessValidatorMultiPlexer/StatelessValidatorMultiPlexer.sol:30—isInitializedhas no return statement (implicitly returnsfalse). Add an explicitreturn false;for clarity.
Suggestions:
- Consider validating
threshold <= validators.lengthup front to fail fast when the threshold can never be met. - NatSpec should note that validator addresses are trusted caller inputs.
Missing:
- Fuzz tests for edge cases:
threshold > validators.length,validators.length > 255.
Verdict: Needs changes
| (address[] memory validators, bytes[] memory validatorData, uint8 threshold) = | ||
| abi.decode(data, (address[], bytes[], uint8)); | ||
|
|
||
| // Ensure the threshold is not zero |
There was a problem hiding this comment.
validCount is uint8 — if more than 255 validators are passed and all return true, this wraps to 0 and the threshold check fails silently. Use uint256 validCount = 0; instead.
| if (threshold == 0) { | ||
| return false; | ||
| } | ||
|
|
There was a problem hiding this comment.
No early exit once threshold is met. Add if (validCount >= threshold) return true; immediately after validCount++ to short-circuit and save gas.
No description provided.