Validation modules

Overview

Validation modules in the Veive protocol play a crucial role in ensuring the integrity and security of operations. Inspired by the ERC-7579 standard, these modules validate whether an operation complies with specific rules before it is executed. They are essential for enforcing permissions, ensuring data integrity, and confirming compliance with user-defined policies. This modular approach allows for flexible updates and additions to the validation logic without modifying the core account code.

Flow

Validation modules are triggered at the very beginning of the operation process, both for user-initiated and internal "external" operations. In Veive, operations are composed of a contract_id, entry_point, and args, representing a specific action on a smart contract. When an operation is proposed, the corresponding validation modules are invoked to check its legitimacy. This includes verifying signatures, permissions, and any custom rules defined for the operation.

For example, in the Koinos blockchain, the authorize method plays a significant role in this process. The authorize method ensures that every operation, including those triggered internally by other contracts (external operations), is validated. This comprehensive validation helps prevent unauthorized transactions and enhances the overall security of the account.

Scope

The scope in validation modules determines which operations a module will validate. This scope is defined at three levels:

1. Entry Point + Contract ID: The most specific scope, applying only to a specific method (entry point) in a specific contract. For example, validating transfers only for a particular token contract.

2. Entry Point: This scope applies to all operations calling a specific entry point, regardless of the contract. It is useful for actions that need to be validated across multiple contracts, like ensuring all transfer operations meet certain criteria.

3. Any: The broadest scope, where the module validates any operation. This is often used for general checks like verifying user authentication or checking for sufficient balance.

In the validation process, Veive starts by looking for a validation module in the most specific scope (Entry Point + Contract ID) and proceeds to the more general scopes (Entry Point and Any) if no specific module is found. This hierarchical check ensures that the most relevant and specific validation rules are applied first.

Examples

1. Signature Validation Module: Ensures that the operation is signed by the authorized user, typically used to verify that the user has authorized the operation.

2. Multi-Signature Validation Module: Checks that an operation is authorized by multiple users (guardians) according to a predefined threshold. This is particularly useful in scenarios like joint accounts or account recovery.

3. Allowance Validation Module: Validates operations based on pre-authorizations or allowances set by the user, ensuring that only permitted actions are taken. For instance, a user might pre-authorize a token transfer, and the module checks that the actual transfer matches the pre-authorization.

These examples illustrate the flexibility of validation modules in enforcing various rules and permissions within the Veive protocol.