auth list validation rules

packages/bundler/src/modules/BundleManager.ts

@@ -230,7 +230,7 @@ export class BundleManager implements IBundleManager {
     const authorizationList: AuthorizationList = eip7702Tuples.map(it => {
       const res = {
         // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion,@typescript-eslint/no-base-to-string
-        chainId: `0x${parseInt(it.chainId.toString()).toString(16)}` as PrefixedHexString,
+        chainId: `0x${parseInt(it.chainId.toString()).toString(16)}`.replace(/0x0*/, '0x'),
         address: it.address as PrefixedHexString,
         nonce: toRlpHex(it.nonce as PrefixedHexString),
         yParity: toRlpHex(it.yParity as PrefixedHexString),

packages/validation-manager/src/ValidationManager.ts

@@ -237,7 +237,18 @@ export class ValidationManager implements IValidationManager {
       addresses: [],
       hash: ''
     }
-    const stateOverrideForEip7702 = await this.getAuthorizationsStateOverride(getAuthorizationList(userOp))
+    const authorizationList = getAuthorizationList(userOp)
+    if (authorizationList.length > 0) {
+      // relevant only for RIP-7562...
+      requireCond(authorizationList.length === 1, 'Only one authorization is supported', ValidationErrors.InvalidFields)
+
+      const currentChainId = BigNumber.from((this.entryPoint.provider as any)._network.chainId)
+      const authChainId = BigNumber.from(authorizationList[0].chainId)
+      requireCond(authChainId.eq(BigNumber.from(0)) ||
+        authChainId.eq(currentChainId), `Invalid chainId in authorization`, ValidationErrors.InvalidFields)
+      requireCond(getEip7702AuthorizationSigner(authorizationList[0]).toLowerCase() === userOp.sender.toLowerCase(), 'Authorization signer is not sender', ValidationErrors.InvalidFields)
+    }
+    const stateOverrideForEip7702 = await this.getAuthorizationsStateOverride(authorizationList)
     let storageMap: StorageMap = {}
     if (!this.unsafe) {
       let tracerResult: BundlerTracerResult