fix: eip7702 cheatcodes multiple auth (#10623)

* fix: eip7702 cheatcodes multiple auth

* fix: eip7702 cheatcodes nonce

* Fmt and nonce fix

* Active delegations as vec

* Fix nonce for non senders and add test

* Fix tests

* Update crates/cheatcodes/src/inspector.rs

Co-authored-by: Arsenii Kulikov <klkvrr@gmail.com>

* Nit: do not unwrap when looking for last delegation

---------

Co-authored-by: grandizzy <38490174+grandizzy@users.noreply.github.com>
Co-authored-by: grandizzy <grandizzy.the.egg@gmail.com>
Co-authored-by: Arsenii Kulikov <klkvrr@gmail.com>

Author: 3 people

crates/cheatcodes/src/inspector.rs

@@ -371,10 +371,10 @@ pub struct Cheatcodes {
     /// execution block environment.
     pub block: Option<BlockEnv>,
 
-    /// Currently active EIP-7702 delegation that will be consumed when building the next
+    /// Currently active EIP-7702 delegations that will be consumed when building the next
     /// transaction. Set by `vm.attachDelegation()` and consumed via `.take()` during
     /// transaction construction.
-    pub active_delegation: Option<SignedAuthorization>,
+    pub active_delegations: Vec<SignedAuthorization>,
 
     /// The active EIP-4844 blob that will be attached to the next call.
     pub active_blob_sidecar: Option<BlobTransactionSidecar>,
@@ -517,7 +517,7 @@ impl Cheatcodes {
             labels: config.labels.clone(),
             config,
             block: Default::default(),
-            active_delegation: Default::default(),
+            active_delegations: Default::default(),
             active_blob_sidecar: Default::default(),
             gas_price: Default::default(),
             pranks: Default::default(),
@@ -573,6 +573,11 @@ impl Cheatcodes {
         self.wallets = Some(wallets);
     }
 
+    /// Adds a delegation to the active delegations list.
+    pub fn add_delegation(&mut self, authorization: SignedAuthorization) {
+        self.active_delegations.push(authorization);
+    }
+
     /// Decodes the input data and applies the cheatcode.
     fn apply_cheatcode(
         &mut self,
@@ -1136,8 +1141,11 @@ impl Cheatcodes {
                         ..Default::default()
                     };
 
-                    match (self.active_delegation.take(), self.active_blob_sidecar.take()) {
-                        (Some(_), Some(_)) => {
+                    let active_delegations = std::mem::take(&mut self.active_delegations);
+                    // Set active blob sidecar, if any.
+                    if let Some(blob_sidecar) = self.active_blob_sidecar.take() {
+                        // Ensure blob and delegation are not set for the same tx.
+                        if !active_delegations.is_empty() {
                             let msg = "both delegation and blob are active; `attachBlob` and `attachDelegation` are not compatible";
                             return Some(CallOutcome {
                                 result: InterpreterResult {
@@ -1148,21 +1156,22 @@ impl Cheatcodes {
                                 memory_offset: call.return_memory_offset.clone(),
                             });
                         }
-                        (Some(auth_list), None) => {
-                            tx_req.authorization_list = Some(vec![auth_list]);
-                            tx_req.sidecar = None;
+                        tx_req.set_blob_sidecar(blob_sidecar);
+                    }
 
-                            // Increment nonce to reflect the signed authorization.
-                            account.info.nonce += 1;
-                        }
-                        (None, Some(blob_sidecar)) => {
-                            tx_req.set_blob_sidecar(blob_sidecar);
-                            tx_req.authorization_list = None;
-                        }
-                        (None, None) => {
-                            tx_req.sidecar = None;
-                            tx_req.authorization_list = None;
+                    // Apply active EIP-7702 delegations, if any.
+                    if !active_delegations.is_empty() {
+                        for auth in &active_delegations {
+                            let Ok(authority) = auth.recover_authority() else {
+                                continue;
+                            };
+                            if authority == broadcast.new_origin {
+                                // Increment nonce of broadcasting account to reflect signed
+                                // authorization.
+                                account.info.nonce += 1;
+                            }
                         }
+                        tx_req.authorization_list = Some(active_delegations);
                     }
 
                     self.broadcastable_transactions.push_back(BroadcastableTransaction {

crates/cheatcodes/src/script.rs

@@ -113,7 +113,7 @@ fn attach_delegation(
         U256::from_be_bytes(s.0),
     );
     write_delegation(ccx, signed_auth.clone())?;
-    ccx.state.active_delegation = Some(signed_auth);
+    ccx.state.add_delegation(signed_auth);
     Ok(Default::default())
 }
 
@@ -132,8 +132,13 @@ fn sign_delegation(
         nonce
     } else {
         let authority_acc = ccx.ecx.journaled_state.load_account(signer.address())?;
-        // If we don't have a nonce then use next auth account nonce.
-        authority_acc.data.info.nonce + 1
+        // Calculate next nonce considering existing active delegations
+        next_delegation_nonce(
+            &ccx.state.active_delegations,
+            signer.address(),
+            &ccx.state.broadcast,
+            authority_acc.data.info.nonce,
+        )
     };
     let chain_id = if cross_chain { U256::from(0) } else { U256::from(ccx.ecx.cfg.chain_id) };
 
@@ -143,7 +148,7 @@ fn sign_delegation(
     if attach {
         let signed_auth = SignedAuthorization::new_unchecked(auth, sig.v() as u8, sig.r(), sig.s());
         write_delegation(ccx, signed_auth.clone())?;
-        ccx.state.active_delegation = Some(signed_auth);
+        ccx.state.add_delegation(signed_auth);
     }
     Ok(SignedDelegation {
         v: sig.v() as u8,
@@ -155,11 +160,52 @@ fn sign_delegation(
     .abi_encode())
 }
 
+/// Returns the next valid nonce for a delegation, considering existing active delegations.
+fn next_delegation_nonce(
+    active_delegations: &[SignedAuthorization],
+    authority: Address,
+    broadcast: &Option<Broadcast>,
+    account_nonce: u64,
+) -> u64 {
+    match active_delegations
+        .iter()
+        .rfind(|auth| auth.recover_authority().is_ok_and(|recovered| recovered == authority))
+    {
+        Some(auth) => {
+            // Increment nonce of last recorded delegation.
+            auth.nonce + 1
+        }
+        None => {
+            // First time a delegation is added for this authority.
+            if let Some(broadcast) = broadcast {
+                // Increment nonce if authority is the sender of transaction.
+                if broadcast.new_origin == authority {
+                    return account_nonce + 1
+                }
+            }
+            // Return current nonce if authority is not the sender of transaction.
+            account_nonce
+        }
+    }
+}
+
 fn write_delegation(ccx: &mut CheatsCtxt, auth: SignedAuthorization) -> Result<()> {
     let authority = auth.recover_authority().map_err(|e| format!("{e}"))?;
     let authority_acc = ccx.ecx.journaled_state.load_account(authority)?;
-    if authority_acc.data.info.nonce + 1 != auth.nonce {
-        return Err("invalid nonce".into());
+
+    let expected_nonce = next_delegation_nonce(
+        &ccx.state.active_delegations,
+        authority,
+        &ccx.state.broadcast,
+        authority_acc.data.info.nonce,
+    );
+
+    if expected_nonce != auth.nonce {
+        return Err(format!(
+            "invalid nonce for {authority:?}: expected {expected_nonce}, got {}",
+            auth.nonce
+        )
+        .into());
     }
 
     if auth.address.is_zero() {

crates/forge/tests/cli/script.rs

@@ -2858,3 +2858,156 @@ ONCHAIN EXECUTION COMPLETE & SUCCESSFUL.
 
 "#]]);
 });
+
+// Tests EIP-7702 with multiple auth <https://github.com/foundry-rs/foundry/issues/10551>
+// Alice sends 5 ETH from Bob to Receiver1 and 1 ETH to Receiver2
+forgetest_async!(can_broadcast_txes_with_multiple_auth, |prj, cmd| {
+    foundry_test_utils::util::initialize(prj.root());
+    prj.add_source(
+        "BatchCallDelegation.sol",
+        r#"
+contract BatchCallDelegation {
+    event CallExecuted(address indexed to, uint256 indexed value, bytes data, bool success);
+
+    struct Call {
+        bytes data;
+        address to;
+        uint256 value;
+    }
+
+    function execute(Call[] calldata calls) external payable {
+        for (uint256 i = 0; i < calls.length; i++) {
+            Call memory call = calls[i];
+            (bool success,) = call.to.call{value: call.value}(call.data);
+            require(success, "call reverted");
+            emit CallExecuted(call.to, call.value, call.data, success);
+        }
+    }
+}
+   "#,
+    )
+    .unwrap();
+
+    prj.add_script(
+            "BatchCallDelegationScript.s.sol",
+            r#"
+import {Script, console} from "forge-std/Script.sol";
+import {Vm} from "forge-std/Vm.sol";
+import {BatchCallDelegation} from "../src/BatchCallDelegation.sol";
+
+contract BatchCallDelegationScript is Script {
+    // Alice's address and private key (EOA with no initial contract code).
+    address payable ALICE_ADDRESS = payable(0x70997970C51812dc3A010C7d01b50e0d17dc79C8);
+    uint256 constant ALICE_PK = 0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d;
+
+    // Bob's address and private key (Bob will execute transactions on Alice's behalf).
+    address constant BOB_ADDRESS = 0x3C44CdDdB6a900fa2b585dd299e03d12FA4293BC;
+    uint256 constant BOB_PK = 0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a;
+
+    address constant RECEIVER_1 = 0x14dC79964da2C08b23698B3D3cc7Ca32193d9955;
+    address constant RECEIVER_2 = 0x9965507D1a55bcC2695C58ba16FB37d819B0A4dc;
+
+    uint256 constant DEPLOYER_PK = 0x2a871d0798f97d79848a013d4936a73bf4cc922c825d33c1cf7073dff6d409c6;
+
+    function run() public {
+        BatchCallDelegation.Call[] memory aliceCalls = new BatchCallDelegation.Call[](1);
+        aliceCalls[0] = BatchCallDelegation.Call({to: RECEIVER_1, value: 5 ether, data: ""});
+
+        BatchCallDelegation.Call[] memory bobCalls = new BatchCallDelegation.Call[](2);
+        bobCalls[0] = BatchCallDelegation.Call({to: RECEIVER_1, value: 5 ether, data: ""});
+        bobCalls[1] = BatchCallDelegation.Call({to: RECEIVER_2, value: 1 ether, data: ""});
+
+        vm.startBroadcast(DEPLOYER_PK);
+        BatchCallDelegation batcher = new BatchCallDelegation();
+        vm.stopBroadcast();
+
+        vm.startBroadcast(ALICE_PK);
+        vm.signAndAttachDelegation(address(batcher), ALICE_PK);
+        vm.signAndAttachDelegation(address(batcher), BOB_PK);
+        vm.signAndAttachDelegation(address(batcher), BOB_PK);
+
+        BatchCallDelegation(BOB_ADDRESS).execute(bobCalls);
+
+        vm.stopBroadcast();
+    }
+}
+   "#,
+        )
+        .unwrap();
+
+    let node_config = NodeConfig::test().with_hardfork(Some(EthereumHardfork::Prague.into()));
+    let (api, handle) = spawn(node_config).await;
+
+    cmd.args([
+        "script",
+        "script/BatchCallDelegationScript.s.sol",
+        "--rpc-url",
+        &handle.http_endpoint(),
+        "--non-interactive",
+        "--slow",
+        "--broadcast",
+        "--evm-version",
+        "prague",
+    ])
+    .assert_success()
+    .stdout_eq(str![[r#"
+[COMPILING_FILES] with [SOLC_VERSION]
+[SOLC_VERSION] [ELAPSED]
+Compiler run successful!
+Script ran successfully.
+
+## Setting up 1 EVM.
+
+==========================
+
+Chain 31337
+
+[ESTIMATED_GAS_PRICE]
+
+[ESTIMATED_TOTAL_GAS_USED]
+
+[ESTIMATED_AMOUNT_REQUIRED]
+
+==========================
+
+
+==========================
+
+ONCHAIN EXECUTION COMPLETE & SUCCESSFUL.
+
+[SAVED_TRANSACTIONS]
+
+[SAVED_SENSITIVE_VALUES]
+
+
+"#]]);
+
+    // Alice nonce should be 2 (tx sender and one auth)
+    let alice_acc = api
+        .get_account(address!("0x70997970C51812dc3A010C7d01b50e0d17dc79C8"), None)
+        .await
+        .unwrap();
+    assert_eq!(alice_acc.nonce, 2);
+
+    // Bob nonce should be 2 (two auths) and balance reduced by 6 ETH.
+    let bob_acc = api
+        .get_account(address!("0x3C44CdDdB6a900fa2b585dd299e03d12FA4293BC"), None)
+        .await
+        .unwrap();
+    assert_eq!(bob_acc.nonce, 2);
+    assert_eq!(bob_acc.balance.to_string(), "94000000000000000000");
+
+    // Receiver balances should be updated with 5 ETH and 1 ETH.
+    let receiver1 = api
+        .get_account(address!("0x14dC79964da2C08b23698B3D3cc7Ca32193d9955"), None)
+        .await
+        .unwrap();
+    assert_eq!(receiver1.nonce, 0);
+    assert_eq!(receiver1.balance.to_string(), "105000000000000000000");
+    let receiver2 = api
+        .get_account(address!("0x9965507D1a55bcC2695C58ba16FB37d819B0A4dc"), None)
+        .await
+        .unwrap();
+    assert_eq!(receiver2.nonce, 0);
+    assert_eq!(receiver2.balance.to_string(), "101000000000000000000");
+});

crates/forge/tests/cli/test_cmd.rs

@@ -3306,9 +3306,9 @@ Traces:
     ├─ [0] VM::label(alice: [0x328809Bc894f92807417D2dAD6b7C998c1aFdac6], "alice")
     │   └─ ← [Return]
     ├─ [0] VM::signDelegation(0x0000000000000000000000000000000000000000, "<pk>")
-    │   └─ ← [Return] (0, 0x38db2a0ada75402af7cd5bdb8248a1a5b4fec65fdafea4f935084f00dc2ff3c5, 0x29ce7b1c82f9ceaec21f12d690ba8fe6ecba65869caf6ab2d85d79890dc42df2, 1, 0x0000000000000000000000000000000000000000)
+    │   └─ ← [Return] (0, 0x3d6ad67cc3dc94101a049f85f96937513a05485ae0f8b27545d25c4f71b12cf9, 0x3c0f2d62834f59d6ef0209e8a935f80a891a236eb18ac0e3700dd8f7ac8ae279, 0, 0x0000000000000000000000000000000000000000)
     ├─ [0] VM::signAndAttachDelegation(0x0000000000000000000000000000000000000000, "<pk>")
-    │   └─ ← [Return] (0, 0x38db2a0ada75402af7cd5bdb8248a1a5b4fec65fdafea4f935084f00dc2ff3c5, 0x29ce7b1c82f9ceaec21f12d690ba8fe6ecba65869caf6ab2d85d79890dc42df2, 1, 0x0000000000000000000000000000000000000000)
+    │   └─ ← [Return] (0, 0x3d6ad67cc3dc94101a049f85f96937513a05485ae0f8b27545d25c4f71b12cf9, 0x3c0f2d62834f59d6ef0209e8a935f80a891a236eb18ac0e3700dd8f7ac8ae279, 0, 0x0000000000000000000000000000000000000000)
     └─ ← [Stop]
 ...
 

testdata/default/cheats/AttachDelegation.t.sol

@@ -62,7 +62,7 @@ contract AttachDelegationTest is DSTest {
         vm._expectCheatcodeRevert("vm.attachDelegation: invalid nonce");
         vm.attachDelegation(signedDelegation);
 
-        signedDelegation = vm.signDelegation(address(implementation), alice_pk, 1);
+        signedDelegation = vm.signDelegation(address(implementation), alice_pk, 0);
         vm.attachDelegation(signedDelegation);
     }
 
@@ -192,7 +192,30 @@ contract AttachDelegationTest is DSTest {
         vm._expectCheatcodeRevert("vm.signAndAttachDelegation: invalid nonce");
         vm.signAndAttachDelegation(address(implementation), alice_pk, 11);
 
+        vm.signAndAttachDelegation(address(implementation), alice_pk, 0);
+    }
+
+    function testMultipleDelegationsOnTransaction() public {
+        vm.signAndAttachDelegation(address(implementation), alice_pk);
+        vm.signAndAttachDelegation(address(implementation2), bob_pk);
+        SimpleDelegateContract.Call[] memory calls = new SimpleDelegateContract.Call[](2);
+        calls[0] = SimpleDelegateContract.Call({
+            to: address(token),
+            data: abi.encodeCall(ERC20.mint, (50, address(this))),
+            value: 0
+        });
+        calls[1] =
+            SimpleDelegateContract.Call({to: address(token), data: abi.encodeCall(ERC20.mint, (50, alice)), value: 0});
+        vm.broadcast(bob_pk);
+        SimpleDelegateContract(alice).execute(calls);
+
+        assertEq(token.balanceOf(address(this)), 50);
+        assertEq(token.balanceOf(alice), 50);
+
+        vm._expectCheatcodeRevert("vm.signAndAttachDelegation: invalid nonce");
         vm.signAndAttachDelegation(address(implementation), alice_pk, 1);
+        vm.signAndAttachDelegation(address(implementation), alice_pk, 0);
+        vm.signAndAttachDelegation(address(implementation2), bob_pk, 2);
     }
 }