ERC-6900: Modular Smart Contract Accounts and Plugins

Very happy to hear about the pivot from delegatecall to call.
Can’t wait get my hands dirty with the Plugin Storage lib!
Meanwhile, msged you on Telegram regarding contributing to the proposal.


Thanks @adamegyed for worth proposition!
This standardization of modular architecture is a very important proposition, given the variety of wallet providers that will enter the wallet market in the future.

We’re building a borrow/lend application that requests to prohibit execution transfer() and related modules, setApprovalForAll(), approve() and burn() methods to borrower’s wallet.

Those prohibit logic was implement into Safe’s guard contract so that borrower doesn’t be required to deploy each app-specific contract wallets but they are only required to apply guard to their wallet.

  • At ETHGlobal Istanbul, Pinky team also built an application which implement prohibited logic into guard contract.
  • If the each application provide own “app-specific” wallet, Users has to deploy each wallet that they want to use.

Following above, I could say that, from application developer side of view, this topic is much important for usability and account based identity contexts.

I draw a shape of composability like below (from this tweet).

The safe’s guard can be bypassed by module logic and this issue was flagged couple years ago and Safe V2 will implement “global guard” (details are unknown).

IMO, the reason why they didn’t support it at V1 that the Safe designed their architecture for organizations who is motivated to manage treasury by Multi-Sig so module would be setup by member of HQ, not setup by outside application.

So, standing to above problem, I think the global preHook also need to implement logic below:

  • With Opt-In, global preHook enables applications to prohibit transactions to wallet user.
  • User can’t disable global preHook without application permission.
    *In case of our application, if borrower will return NFT from their wallet, wallet user could disable global preHook.

When updatePlugins is called with PluginAction.REPLACE or PluginAction.REMOVE, the calls MUST be validated by preHook and postHook.

   function updatePlugins(PluginUpdate[] memory pluginUpdates, address init, bytes calldata callData) external;
   function updateGlobalPlugins(GlobalPluginUpdate[] memory globalPluginUpdates, address init, bytes calldata callData)