Found an approach that might work

cag · cag · commit 1ba2cadadd67 · 2020-12-29T18:05:12.000-06:00
diff --git a/contracts/solc-0.8/CPKFactory.sol b/contracts/solc-0.8/CPKFactory.sol
@@ -3,13 +3,23 @@ pragma solidity >=0.8.0;
 
 import { IGnosisSafeProxyFactory } from "./dep-ports/IGnosisSafeProxyFactory.sol";
 import { ProxyImplSetter } from "./ProxyImplSetter.sol";
+import { SafeSignatureUtils } from "./SafeSignatureUtils.sol";
+
+enum TxReaction {
+    RevertOnReturnFalse,
+    CaptureBoolReturn,
+    IgnoreReturn
+}
 
 struct CPKFactoryTx {
     uint value;
     bytes data;
+    TxReaction reaction;
 }
 
 contract CPKFactory {
+    using SafeSignatureUtils for bytes;
+
     event CPKCreation(
         address indexed proxy,
         address initialImpl,
@@ -40,12 +50,17 @@ contract CPKFactory {
         address owner,
         address safeVersion,
         uint256 salt,
-        CPKFactoryTx[] calldata txs
+        CPKFactoryTx[] calldata txs,
+        bytes calldata signature
     )
         external
         payable
         returns (bool execTransactionSuccess)
     {
+        bytes memory data = abi.encode(safeVersion, salt, txs);
+        bytes32 dataHash = keccak256(data);
+        signature.check(dataHash, data, owner);
+
         bytes32 saltNonce = keccak256(abi.encode(owner, salt));
 
         address payable proxy = gnosisSafeProxyFactory.createProxyWithNonce(
@@ -57,33 +72,38 @@ contract CPKFactory {
         ProxyImplSetter(proxy).setImplementation(safeVersion);
 
         uint sumTxsValues = 0;
-        bytes memory lastReturnData;
         for (uint i = 0; i < txs.length; i++) {
             bool txSuccess;
+            bytes memory returnData;
             uint txValue = txs[i].value;
             sumTxsValues += txValue;
-            (txSuccess, lastReturnData) = proxy.call{value: txValue}(txs[i].data);
+            (txSuccess, returnData) = proxy.call{value: txValue}(txs[i].data);
             assembly {
                 // txSuccess == 0 means the call failed
                 if iszero(txSuccess) {
-                    // The revert data begins one word after the lastReturnData pointer.
-                    // At the location lastReturnData in memory, the length of the bytes is stored.
-                    // This differs from the high-level revert(string(lastReturnData))
-                    // as the high-level version encodes the lastReturnData in a Error(string) object.
+                    // The revert data begins one word after the returnData pointer.
+                    // At the location returnData in memory, the length of the bytes is stored.
+                    // This differs from the high-level revert(string(returnData))
+                    // as the high-level version encodes the returnData in a Error(string) object.
                     // We want to avoid that because the underlying call should have already
                     // formatted the data in an Error(string) object
-                    revert(add(0x20, lastReturnData), mload(lastReturnData))
+                    revert(add(0x20, returnData), mload(returnData))
                 }
             }
+
+            TxReaction txReaction = txs[i].reaction;
+            if (txReaction == TxReaction.RevertOnReturnFalse) {
+                bool success = abi.decode(returnData, (bool));
+                require(success, "tx returned boolean indicating internal failure");
+            } else if (txReaction == TxReaction.CaptureBoolReturn) {
+                execTransactionSuccess = abi.decode(returnData, (bool));
+            } // else txReaction assumed to be IgnoreReturn, which does nothing else here
         }
 
         // it is up to the caller to make sure that the msg.value of this method
         // equals the sum of all the values in the txs
         require(msg.value == sumTxsValues, "msg.value must equal sum of txs' values");
 
-        // final call in txs is assumed to be execTransaction
-        execTransactionSuccess = abi.decode(lastReturnData, (bool));
-
         emit CPKCreation(proxy, safeVersion, owner, salt);
     }
 }
diff --git a/contracts/solc-0.8/CPKFactoryFacade.sol b/contracts/solc-0.8/CPKFactoryFacade.sol
@@ -2,9 +2,12 @@
 pragma solidity >=0.8.0;
 
 import { Enum } from "./dep-ports/Enum.sol";
-import { CPKFactory, CPKFactoryTx } from "./CPKFactory.sol";
+import { CPKFactory, CPKFactoryTx, TxReaction } from "./CPKFactory.sol";
+import { SafeSignatureUtils } from "./SafeSignatureUtils.sol";
 
 contract CPKFactoryFacade {
+    using SafeSignatureUtils for bytes;
+
     CPKFactory immutable cpkFactory;
     address immutable safeVersion;
     uint256 immutable salt;
@@ -38,22 +41,35 @@ contract CPKFactoryFacade {
         payable
         returns (bool)
     {
+        // The signatures here aren't just the Gnosis Safe signatures,
+        // but more data has been appended to them. In particular, the
+        // format for the signatures is now like the following:
+        // [inner sig][owner][outer sig]
+        // where the inner signature is what is submitted to the
+        // proxy as a first transaction to be executed after its creation,
+        // the owner is the address of the owner of the new proxy,
+        // left-padded to 32 bytes, and the outer signature is the overall
+        // signature required by the CPKFactory.
+        // The following process copies this signatures data into memory,
+        // and then figures out the length of the inner signature,
+        // and then extracts the owner from the signatures in memory,
+        // and then overwrites the owner in memory with the length
+        // of the outer signature, which is just the remaining
+        // bytes of the signature. We end up with a situation in memory like
+        // [inner sig]*[outer sig length][outer sig]
+        // where the * is the pointer assigned to outerSig.
+        bytes memory outerSig;
         address owner;
-        // the following assembly block extracts the owner from the signature data
-        // solium-disable-next-line security/no-inline-assembly
-        assembly {
-            // 0x124 is the start of the calldata word for the signature parameter
-            // since it's a dynamic type, it stores the offset to the part of the calldata
-            // that stores the actual data being sent as a signature so we load the
-            // offset to the data, and then load the first word of the data which is
-            // the length of the signature. Adding this offset to the signature data position
-            // lets us grab the trailing word of the signature, which we will interpret
-            // as the owner.
-            let sigPos := calldataload(0x124)
-            owner := and(
-                calldataload(add(sigPos, calldataload(sigPos))),
-                0xffffffffffffffffffffffffffffffffffffffff
-            )
+        uint innerSigLen;
+        {
+            bytes memory innerSig = signatures;
+            innerSigLen = innerSig.actualLength();
+            uint outerSigLen = signatures.length - innerSigLen - 0x20;
+            assembly {
+                outerSig := add(add(innerSig, 0x20), innerSigLen)
+                owner := mload(outerSig)
+                mstore(outerSig, outerSigLen)
+            }
         }
 
         CPKFactoryTx[] memory txs = new CPKFactoryTx[](2);
@@ -75,23 +91,58 @@ contract CPKFactoryFacade {
                     ")",
                     owners, uint256(1), address(0), "",
                     fallbackHandler, address(0), uint256(0), payable(0)
-                )
+                ),
+                reaction: TxReaction.IgnoreReturn
             });
         }
 
-        // msg.data works here as a substitute for encoding because this function's signature
-        // exactly matches the execTransaction signature from the Gnosis Safe, so the calldata
-        // encoding will be the same.
-        txs[1] = CPKFactoryTx({
-            value: msg.value,
-            data: msg.data
-        });
+        {
+            // trying to reencode the msg.data with the params except instead
+            // of signatures using innerSig would be the obvious and readable approach
+            // except we run into stack too deep errors that can't be circumvented yet,
+            // so instead we copy the entire msg.data into memory and
+            // mutate the signatures portion in it.
+            bytes memory innerTxData = msg.data;
+            assembly {
+                // index param 9 is signatures, and 9 * 0x20 + 4 = 0x124
+                // 0x124 from the start of the data portion of innerTxData
+                // contains the offset to the start of the word
+                // containing a further offset of where the signatures data
+                // begins.
+                // We add 0x20 to account for the word containing the length
+                // of innerTxData, making a total offset of 0x144 to the offset data
+                // Then we add that offset, a word for the overall length, and
+                // the pointer to innerTxData, to arrive at a pointer to the signatures
+                // inside innerTxData
+                let sigs := add(innerTxData, add(mload(add(innerTxData, 0x144)), 0x20))
+                // Since we know the length of the inner signature, we get the
+                // size reduction we need by subtracting the inner signature length
+                // from the size of all the signature data
+                let sizeReduction := sub(mload(sigs), innerSigLen)
+                mstore(sigs, innerSigLen)
+                // The size reduction is then used to cut the outer signature out
+                // of the msg.data.
+                // This assumes that the signatures data is the last chunk of data
+                // in the msg.data.
+                // We can't keep the outer signature in the inner transaction data
+                // because the outer signature signs the inner transaction data,
+                // so keeping that there would make the outer signature impossible
+                // to generate.
+                mstore(innerTxData, sub(mload(innerTxData), sizeReduction))
+            }
+            txs[1] = CPKFactoryTx({
+                value: msg.value,
+                data: innerTxData,
+                reaction: TxReaction.CaptureBoolReturn
+            });
+        }
 
         return cpkFactory.createProxyAndExecTransaction{value: msg.value}(
             owner,
             safeVersion,
             salt,
-            txs
+            txs,
+            outerSig
         );
     }
 }
diff --git a/contracts/solc-0.8/SafeSignatureUtils.sol b/contracts/solc-0.8/SafeSignatureUtils.sol
@@ -0,0 +1,115 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity >=0.8.0;
+
+import { ISignatureValidator, EIP1271_MAGIC_VALUE } from "./dep-ports/ISignatureValidator.sol";
+
+library SafeSignatureUtils {
+    // Adapted from SignatureDecoder
+    function components(bytes memory signature)
+        internal
+        pure
+        returns (uint8 v, bytes32 r, bytes32 s)
+    {
+        // The signature format is a compact form of:
+        //   {bytes32 r}{bytes32 s}{uint8 v}
+        // Compact means, uint8 is not padded to 32 bytes.
+        // solium-disable-next-line security/no-inline-assembly
+        assembly {
+            r := mload(add(signature, 0x20))
+            s := mload(add(signature, 0x40))
+            // Here we are loading the last 32 bytes, including 31 bytes
+            // of 's'. There is no 'mload8' to do this.
+            //
+            // 'byte' is not working due to the Solidity parser, so lets
+            // use the second best option, 'and'
+            v := and(mload(add(signature, 0x41)), 0xff)
+        }
+    }
+
+    // Adapted from GnosisSafe
+    function check(bytes memory signature, bytes32 dataHash, bytes memory data, address owner)
+        internal
+        view
+    {
+        // Check that the provided signature data is not too short
+        require(signature.length >= 65, "Signature data too short");
+
+        uint8 v;
+        bytes32 r;
+        bytes32 s;
+        (v, r, s) = components(signature);
+
+        address derivedOwner;
+        // If v is 0 then it is a contract signature
+        if (v == 0) {
+            // When handling contract signatures the address of the contract is encoded into r
+            derivedOwner = address(uint160(uint256(r)));
+
+            uint256 contractSignatureLen = requireContractSignatureLength(signature, uint256(s));
+            require(uint256(s) + 32 + contractSignatureLen <= signature.length, "Invalid contract signature location: data not complete");
+
+            // Check signature
+            bytes memory contractSignature;
+            // solium-disable-next-line security/no-inline-assembly
+            assembly {
+                // The signature data for contract signatures is appended to the concatenated signatures and the offset is stored in s
+                contractSignature := add(add(signature, s), 0x20)
+            }
+            require(ISignatureValidator(derivedOwner).isValidSignature(data, contractSignature) == EIP1271_MAGIC_VALUE, "Invalid contract signature provided");
+        // If v is 1 then it is an approved hash
+        } else if (v == 1) {
+            // When handling approved hashes the address of the approver is encoded into r
+            derivedOwner = address(uint160(uint256(r)));
+            // Hashes are automatically approved by the sender of the message or when they have been pre-approved via a separate transaction
+            require(msg.sender == derivedOwner);
+        } else if (v > 30) {
+            // To support eth_sign and similar we adjust v and hash the messageHash with the Ethereum message prefix before applying ecrecover
+            derivedOwner = ecrecover(keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", dataHash)), v - 4, r, s);
+        } else {
+            // Use ecrecover with the messageHash for EOA signatures
+            derivedOwner = ecrecover(dataHash, v, r, s);
+        }
+        require (derivedOwner == owner, "Invalid owner provided");
+    }
+
+    function requireContractSignatureLength(
+        bytes memory signature,
+        uint256 sigLoc
+    )
+        internal
+        pure
+        returns (uint256 contractSignatureLen)
+    {
+        // Check that signature data pointer (s) is not pointing inside the static part of the signatures bytes
+        // This check is not completely accurate, since it is possible that more signatures than the threshold are send.
+        // Here we only check that the pointer is not pointing inside the part that is being processed
+        require(sigLoc >= 65, "Invalid contract signature location: inside static part");
+
+        // Check that signature data pointer (s) is in bounds (points to the length of data -> 32 bytes)
+        require(sigLoc + 32 <= signature.length, "Invalid contract signature location: length not present");
+
+        // Check if the contract signature is in bounds: start of data is s + 32 and end is start + signature length
+        // solium-disable-next-line security/no-inline-assembly
+        assembly {
+            contractSignatureLen := mload(add(add(signature, sigLoc), 0x20))
+        }
+    }
+
+    function actualLength(bytes memory signature)
+        internal
+        pure
+        returns (uint256)
+    {
+        uint8 v;
+        bytes32 r;
+        bytes32 s;
+        (v, r, s) = components(signature);
+
+        if (v == 0) {
+            uint256 contractSignatureLen = requireContractSignatureLength(signature, uint256(s));
+            return uint256(s) + 32 + contractSignatureLen;
+        }
+
+        return 0x41;
+    }
+}
diff --git a/contracts/solc-0.8/dep-ports/ISignatureValidator.sol b/contracts/solc-0.8/dep-ports/ISignatureValidator.sol
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-3.0-only
+pragma solidity >=0.8.0;
+
+// bytes4(keccak256("isValidSignature(bytes,bytes)")
+bytes4 constant EIP1271_MAGIC_VALUE = 0x20c13b0b;
+
+interface ISignatureValidator {
+
+    /**
+    * @dev Should return whether the signature provided is valid for the provided data
+    * @param _data Arbitrary length data signed on the behalf of address(this)
+    * @param _signature Signature byte array associated with _data
+    *
+    * MUST return the bytes4 magic value 0x20c13b0b when function passes.
+    * MUST NOT modify state (using STATICCALL for solc < 0.5, view modifier for solc > 0.5)
+    * MUST allow external calls
+    */
+    function isValidSignature(
+        bytes memory _data,
+        bytes memory _signature)
+        external
+        view
+        returns (bytes4);
+}
