Keystore Validator Module

Table of Contents

The Keystore Validator (KV) is a validation module for both ERC-6900 and ERC-7579 smart accounts which authenticates userOps against data from the keystore.

User Smart Accounts

For smart accounts, the module supports both ERC-6900 and ERC-7579 validateUserOp(..) interfaces which call the same underlying logic.

/// ERC-6900
function validateUserOp(uint32, PackedUserOperation calldata userOp, bytes32 userOpHash) external;

/// ERC-7579
function validateUserOp(PackedUserOperation calldata userOp, bytes32 userOpHash) external;

Other forms of validation (such as ERC-6900's validateRuntime(..)) are not supported.

Key Data Consumers

Key data consumers are separate smart contracts that serve as external components of the KV, responsible for defining how keyData is processed and validated against. The keyData includes metadata that informs the KV which consumer contract to invoke for validation. Within the validation flow, once the KV has verified the authenticity of the keyData, it will forward the keyData to the consumer contract for further external use. The KV expects that keyData has the following format:

keyData[0] - domain separator (should be 0x00)
keyData[1..33] - key data consumer codehash
keyData[33..] - arbitrary key data

The codehash uniquely identifies the logic embedded within the consumer contract and effectively allows a certain keystoreAddress to signal how its keyData should be validated.

All key data consumer contracts must implement the following interface:

function consumeKeyData(bytes calldata keyData, bytes calldata authData, bytes32 userOpHash)
        external;

As an example, a key data consumer could implement signature verification logic. In this scenario:

  • keyData would be an encoding of a threshold and a list of valid signers
  • authData would be a list of signatures
  • userOpHash would be the digest signed by the signatures

Architecturally, separating the verification of some key data's presence on the keystore from its actual use allows the former to be immutable while allowing for new forms of the latter to be introduced permissionlessly via external consumer contracts.