A Delegation Manager is responsible for validating delegations and triggering the action to be taken on behalf of the delegator.
- A Delegation Manager MUST implement
redeemDelegation
interface as specifiedfunction redeemDelegation(bytes[] calldata _permissionContexts, ModeCode[] _modes, bytes[] calldata _executionCallDatas) external;
.
Users can allow other contracts or EOAs to invoke an action directly from their DeleGator Smart Account through a delegation. Creating a delegation requires specifying a delegate and some optional data such caveats (more detail below) and an authority. Delegations are stored offchain and helper utilities that assist with the delegation lifecycle are provided in the SDK.
NOTE: Delegations are validated at execution time, so the signature may become invalid if the conditions of a valid signature change.
Example: Alice delegates to Bob the ability to spend her USDC with a 1 of 1 MultiSig DeleGator Account. She then updates her DeleGator Account to a 2 of 3 MultiSig. When Bob redeems the delegation from Alice, it will fail since the signed delegation is no longer valid.
Users can create a Delegation
and provide it to a delegate in the form of an offchain delegation.
Offchain Delegations are done through signing a Delegation
and adding it to the signature
field. Delegates can then redeem Delegations by providing this struct. To get this signature we use EIP-712.
Open delegations are delegations that don't have a strict delegate
. By setting the delegate
to the special value address(0xa11)
the enforcement of the delegate
address is bypassed allowing users to create a single delegation that can be valid for a whole group of users rather than just one. Open delegations remove the restriction of needing to know the delegate's address at the time of delegation creation and rely entirely on Caveat Enforcers to restrict access to the delegation.
redeemDelegation
method that can be used by delegation redeemers to execute some Execution
which will be verified by the DelegationManager
before ultimately calling executeAsExecutor
on the root delegator.
Our DelegationManager
implementation:
redeemDelegation
consumes an array of bytes with the encoded delegation chains (Delegation[]
) for executing each of theExecution
.NOTE: Delegations are ordered from leaf to root. The last delegation in the array must have the root authority.
- Validates the
msg.sender
callingredeemDelegation
is allowed to do so - Validates the signatures of offchain delegations.
- Checks if any of the delegations being redeemed are disabled
- Ensures each delegation has sufficient authority to execute, given by the previous delegation or by being a root delegation
- Calls
beforeHook
for all delegations (from leaf to root delegation) - Executes the
Execution
provided - Calls
afterHook
for all delegations (from root to leaf delegation)
NOTE: Ensure to double check that the delegation is valid before submitting a UserOp. A delegation can be revoked or a signature can be invalidated at any time. Validate a delegation redemption by either simulating the transaction or by reading the storage on our implementation
disabledDelegations(delegationHash)
.
Example: Alice delegates to Bob the ability to transfer USDC, giving Bob the ability to act on her behalf. Bob then "re-delegates" the ability to act on his behalf to Carol and includes the authority
, a hash of the delegation, given to him from Alice. This enables Carol to act on behalf of Alice.
CaveatEnforcer
contracts are used to place restrictions on Delegations. This allows dapps to craft very granular delegations that only allow actions to take place under specific circumstances.
NOTE: each
CaveatEnforcer
is called by theDelegationManager
contract. This is important when storing data in theCaveatEnforcer
, asmsg.sender
will always be the address of theDelegationManager
.
NOTE: there is no guarantee that the action is executed. Keep this in mind when designing Caveat Enforcers. If you are relying on the action then be sure to use the
afterHook
method to validate any expected state updates.