Validation modules
Overview
Validation modules in the Veive protocol play a crucial role in ensuring the integrity and security of operations. Inspired by the ERC-7579 standard, these modules validate whether an operation complies with specific rules before it is executed. They are essential for enforcing permissions, ensuring data integrity, and confirming compliance with user-defined policies. This modular approach allows for flexible updates and additions to the validation logic without modifying the core account code.
Flow
Validation modules are triggered at the very beginning of the operation process, both for user-initiated and internal "external" operations. In Veive, operations are defined by an operation_type which is now the only mandatory field in the scope validator. The operation_type defines the category of the operation and can be one of the following:
contract_callcontract_uploadtransaction_application
For example, if you set the scope to only contract_call, the corresponding validator will be executed for all contract call operations. Optionally, additional details can be specified for further refinement, but note that entry_point, contract_id, and args are available only for operations of type contract_call.
In systems like the Koinos blockchain, the authorize method ensures that every operation—including those triggered internally by other contracts—is properly validated. This comprehensive check prevents unauthorized transactions and enhances the overall security of the account.
Scope
The scope in validation modules determines which operations a module will validate. With the updated structure, the mandatory field is operation_type, which serves as the primary filter:
contract_call: Validates operations that involve calling smart contracts.
contract_upload: Validates operations that involve uploading new contract code.
transaction_application: Validates operations related to applying transactions like freemana contract to accept the consumption of mana, and payee to accept the update in the nonce
While operation_type is required, further granularity can be achieved by optionally specifying additional details. However, entry_point, contract_id, and args can only be provided when operation_type is set to contract_call:
Entry Point + Contract ID: The most specific scope, applying only to a specific method (entry point) in a specific contract.
Entry Point: Applies to all operations invoking a particular entry point, regardless of the contract.
Additional Arguments (args): Used for more detailed validation based on the operation’s parameters.
Veive checks the most specific scope first (Entry Point + Contract ID) and then moves to the more general scopes (Entry Point and finally any operation with the specified operation_type). By default, the mod-validator-signature, which verifies the signature, is installed across all three operation_type scopes.
Examples
Signature Validation Module: Ensures that the operation is signed by the authorized user, verifying that the user has authorized the operation.
Multi-Signature Validation Module: Checks that an operation is authorized by multiple users (guardians) according to a predefined threshold. This is particularly useful for joint accounts or account recovery scenarios.
Allowance Validation Module: Validates operations based on pre-authorizations or allowances set by the user, ensuring that only permitted actions are executed. For instance, if a user pre-authorizes a token transfer, the module checks that the actual transfer matches the pre-authorization.
These examples illustrate the flexibility of validation modules in enforcing various rules and permissions within the Veive protocol.
Last updated