Description
Add ExecutionBoundEnforcer, a CaveatEnforcer that binds execution to an EIP-712 signed commitment at redemption.
Existing caveats enforce policy constraints, but not exact execution. Requires exact equality between execution and a pre-signed ExecutionIntent.
Technical Details
- Inherits
CaveatEnforcer
terms: unused (0x)args: abi.encode(ExecutionIntent intent, address signer, bytes signature)ExecutionIntent: (account, target, value, dataHash, nonce, deadline)dataHash = keccak256(execution.callData)- Nonce scoped by
(delegationManager, account, nonce)
- Nonce is consumed before signature verification (CEI)
- Supports EOA + ERC-1271 signatures via
SignatureChecker
- Restricted to single-call + default execution mode
- EIP-712 domain anchored to enforcer contract address
Acceptance Criteria
- exact execution passes
- mutated calldata reverts (
DataHashMismatch)
- replay reverts (
NonceAlreadyUsed)
- unsupported call type reverts (
CaveatEnforcer:invalid-call-type)
- signer distinct from delegator passes with valid signature
- wrong signer reverts (
InvalidSignature)
- wrong account reverts (
AccountMismatch)
- expired deadline reverts (
IntentExpired)
References
Description
Add
ExecutionBoundEnforcer, aCaveatEnforcerthat binds execution to an EIP-712 signed commitment at redemption.Existing caveats enforce policy constraints, but not exact execution. Requires exact equality between execution and a pre-signed
ExecutionIntent.Technical Details
CaveatEnforcerterms: unused (0x)args:abi.encode(ExecutionIntent intent, address signer, bytes signature)ExecutionIntent:(account, target, value, dataHash, nonce, deadline)dataHash = keccak256(execution.callData)(delegationManager, account, nonce)SignatureCheckerAcceptance Criteria
DataHashMismatch)NonceAlreadyUsed)CaveatEnforcer:invalid-call-type)InvalidSignature)AccountMismatch)IntentExpired)References