A library to validate the ERC-4337 rules within Foundry

This library allows you to validate:

• [ ] Banned opcodes
• [x] Banned storage locations
• [x] Disallowed *CALLs
• [x] Disallowed use of EXT* opcodes
• [x] Disallowed use CREATE opcode

It also supports both v0.6 and v0.7 of ERC-4337.

This library is in active development and is subject to breaking changes. If you spot a bug, please take out an issue and we will fix it as soon as we can.

forge install rhinestonewtf/erc4337-validation

pnpm i @rhinestone/erc4337-validation

To use this library, simply import the Simulator and set it up as follows:

contract Example {
    using Simulator for PackedUserOperation; // or UserOperation

   function verify(PackedUserOperation memory userOp) external view {
        // Verify the ERC-4337 rules
        userOp.simulateUserOp(entryPointAddress);
    }
}

If the userOp breaks any of the rules, the function will revert with a message indicating which rule was broken.

Note that the entryPointAddress needs to be the address of the EntryPointSimulations contract if you are using v0.7 of ERC-4337. For an example see the Simulator test, the Simulator test v0.6 and the relevant test bases.

To install the dependencies, run:

pnpm install

To build the project, run:

forge build

To run the tests, run:

forge test

For feature or change requests, feel free to open a PR, start a discussion or get in touch with us.

• Dror: For the implementation approach and an initial prototype