Support EIP-7702 Delegations in Forge

crates/cheatcodes/spec/src/vm.rs

@@ -2002,6 +2002,14 @@ interface Vm {
     #[cheatcode(group = Scripting)]
     function broadcastRawTransaction(bytes calldata data) external;
 
+    /// Sign an EIP-7702 authorization for delegation
+    #[cheatcode(group = Scripting)]
+    function signDelegation(address implementation, uint256 privateKey) external returns (uint8 v, bytes32 r, bytes32 s);
+
+    /// Designate the next call as an EIP-7702 transaction
+    #[cheatcode(group = Scripting)]
+    function attachDelegation(address implementation, address authority, uint8 v, bytes32 r, bytes32 s) external;
+
     /// Returns addresses of available unlocked wallets in the script environment.
     #[cheatcode(group = Scripting)]
     function getWallets() external returns (address[] memory wallets);

crates/cheatcodes/src/inspector.rs

@@ -46,7 +46,10 @@ use revm::{
         EOFCreateInputs, EOFCreateKind, Gas, InstructionResult, Interpreter, InterpreterAction,
         InterpreterResult,
     },
-    primitives::{BlockEnv, CreateScheme, EVMError, EvmStorageSlot, SpecId, EOF_MAGIC_BYTES},
+    primitives::{
+        BlockEnv, CreateScheme, EVMError, EvmStorageSlot, SignedAuthorization, SpecId,
+        EOF_MAGIC_BYTES,
+    },
     EvmContext, InnerEvmContext, Inspector,
 };
 use serde_json::Value;
@@ -373,6 +376,11 @@ pub struct Cheatcodes {
     /// execution block environment.
     pub block: Option<BlockEnv>,
 
+    /// Currently active EIP-7702 delegation that will be consumed when building the next
+    /// transaction. Set by `vm.attachDelegation()` and consumed via `.take()` during
+    /// transaction construction.
+    pub active_delegation: Option<SignedAuthorization>,
+
     /// The gas price.
     ///
     /// Used in the cheatcode handler to overwrite the gas price separately from the gas price
@@ -497,6 +505,7 @@ impl Cheatcodes {
             labels: config.labels.clone(),
             config,
             block: Default::default(),
+            active_delegation: Default::default(),
             gas_price: Default::default(),
             prank: Default::default(),
             expected_revert: Default::default(),
@@ -1001,18 +1010,26 @@ where {
                     let account =
                         ecx.journaled_state.state().get_mut(&broadcast.new_origin).unwrap();
 
+                    let mut tx_req = TransactionRequest {
+                        from: Some(broadcast.new_origin),
+                        to: Some(TxKind::from(Some(call.target_address))),
+                        value: call.transfer_value(),
+                        input: TransactionInput::new(call.input.clone()),
+                        nonce: Some(account.info.nonce),
+                        chain_id: Some(ecx.env.cfg.chain_id),
+                        gas: if is_fixed_gas_limit { Some(call.gas_limit) } else { None },
+                        ..Default::default()
+                    };
+
+                    if let Some(auth_list) = self.active_delegation.take() {
+                        tx_req.authorization_list = Some(vec![auth_list]);
+                    } else {
+                        tx_req.authorization_list = None;
+                    }
+
                     self.broadcastable_transactions.push_back(BroadcastableTransaction {
                         rpc: ecx.db.active_fork_url(),
-                        transaction: TransactionRequest {
-                            from: Some(broadcast.new_origin),
-                            to: Some(TxKind::from(Some(call.target_address))),
-                            value: call.transfer_value(),
-                            input: TransactionInput::new(call.input.clone()),
-                            nonce: Some(account.info.nonce),
-                            gas: if is_fixed_gas_limit { Some(call.gas_limit) } else { None },
-                            ..Default::default()
-                        }
-                        .into(),
+                        transaction: tx_req.into(),
                     });
                     debug!(target: "cheatcodes", tx=?self.broadcastable_transactions.back().unwrap(), "broadcastable call");
 

crates/cheatcodes/src/script.rs

@@ -2,10 +2,13 @@
 
 use crate::{Cheatcode, CheatsCtxt, Result, Vm::*};
 use alloy_primitives::{Address, B256, U256};
+use alloy_rpc_types::Authorization;
+use alloy_signer::SignerSync;
 use alloy_signer_local::PrivateKeySigner;
 use alloy_sol_types::SolValue;
 use foundry_wallets::{multi_wallet::MultiWallet, WalletSigner};
 use parking_lot::Mutex;
+use revm::primitives::{Bytecode, SignedAuthorization};
 use std::sync::Arc;
 
 impl Cheatcode for broadcast_0Call {
@@ -29,6 +32,65 @@ impl Cheatcode for broadcast_2Call {
     }
 }
 
+impl Cheatcode for attachDelegationCall {
+    fn apply_stateful(&self, ccx: &mut CheatsCtxt) -> Result {
+        let Self { implementation, authority, v, r, s } = self;
+
+        let authority_acc = ccx.ecx.journaled_state.load_account(*authority, &mut ccx.ecx.db)?;
+
+        let auth = Authorization {
+            address: *implementation,
+            nonce: authority_acc.data.info.nonce,
+            chain_id: ccx.ecx.env.cfg.chain_id,
+        };
+        let signed_auth = SignedAuthorization::new_unchecked(
+            auth,
+            *v,
+            U256::from_be_bytes(r.0),
+            U256::from_be_bytes(s.0),
+        );
+
+        // verify signature is from claimed authority
+        let recovered = signed_auth.recover_authority().map_err(|e| format!("{e}"))?;
+        if recovered != *authority {
+            return Err("invalid signature".into());
+        }
+
+        authority_acc.data.info.nonce += 1;
+        let bytecode = Bytecode::new_eip7702(*implementation);
+        ccx.ecx.journaled_state.set_code(*authority, bytecode);
+
+        ccx.state.active_delegation = Some(signed_auth);
+
+        Ok(Default::default())
+    }
+}
+
+impl Cheatcode for signDelegationCall {
+    fn apply_stateful(&self, ccx: &mut CheatsCtxt) -> Result {
+        let Self { implementation, privateKey } = self;
+        let key_bytes = B256::from(*privateKey);
+        let signer: alloy_signer_local::LocalSigner<ecdsa::SigningKey<k256::Secp256k1>> =
+            PrivateKeySigner::from_bytes(&key_bytes)?;
+        let authority = signer.address();
+        let nonce =
+            ccx.ecx.journaled_state.load_account(authority, &mut ccx.ecx.db)?.data.info.nonce;
+        let auth =
+            Authorization { address: *implementation, nonce, chain_id: ccx.ecx.env.cfg.chain_id };
+        let hash = auth.signature_hash();
+        let signer = super::crypto::parse_wallet(privateKey)?;
+        let sig = signer.sign_hash_sync(&hash)?;
+        Ok(encode_delegation_sig(sig))
+    }
+}
+
+fn encode_delegation_sig(sig: alloy_primitives::Signature) -> Vec<u8> {
+    let v = U256::from(sig.v().y_parity() as u8);
+    let r = sig.r();
+    let s = sig.s();
+    (v, r, s).abi_encode()
+}
+
 impl Cheatcode for startBroadcast_0Call {
     fn apply_stateful(&self, ccx: &mut CheatsCtxt) -> Result {
         let Self {} = self;

crates/common/Cargo.toml

@@ -20,6 +20,7 @@ foundry-config.workspace = true
 
 alloy-contract.workspace = true
 alloy-dyn-abi = { workspace = true, features = ["arbitrary", "eip712"] }
+alloy-eips.workspace = true
 alloy-json-abi.workspace = true
 alloy-json-rpc.workspace = true
 alloy-primitives = { workspace = true, features = [

crates/common/src/transactions.rs

@@ -1,6 +1,7 @@
 //! Wrappers for transactions.
 
 use alloy_consensus::{Transaction, TxEnvelope};
+use alloy_eips::eip7702::SignedAuthorization;
 use alloy_primitives::{Address, TxKind, U256};
 use alloy_provider::{
     network::{AnyNetwork, ReceiptResponse, TransactionBuilder},
@@ -226,6 +227,14 @@ impl TransactionMaybeSigned {
             Self::Unsigned(tx) => tx.nonce,
         }
     }
+
+    pub fn authorization_list(&self) -> Option<Vec<SignedAuthorization>> {
+        match self {
+            Self::Signed { tx, .. } => tx.authorization_list().map(|auths| auths.to_vec()),
+            Self::Unsigned(tx) => tx.authorization_list.as_deref().map(|auths| auths.to_vec()),
+        }
+        .filter(|auths| !auths.is_empty())
+    }
 }
 
 impl From<TransactionRequest> for TransactionMaybeSigned {

crates/evm/evm/src/executors/mod.rs

@@ -31,8 +31,8 @@ use revm::{
     db::{DatabaseCommit, DatabaseRef},
     interpreter::{return_ok, InstructionResult},
     primitives::{
-        BlockEnv, Bytecode, Env, EnvWithHandlerCfg, ExecutionResult, Output, ResultAndState,
-        SpecId, TxEnv, TxKind,
+        AuthorizationList, BlockEnv, Bytecode, Env, EnvWithHandlerCfg, ExecutionResult, Output,
+        ResultAndState, SignedAuthorization, SpecId, TxEnv, TxKind,
     },
 };
 use std::borrow::Cow;
@@ -378,6 +378,21 @@ impl Executor {
         self.call_with_env(env)
     }
 
+    /// Performs a raw call to an account on the current state of the VM with an EIP-7702
+    /// authorization list.
+    pub fn call_raw_with_authorization(
+        &mut self,
+        from: Address,
+        to: Address,
+        calldata: Bytes,
+        value: U256,
+        authorization_list: Vec<SignedAuthorization>,
+    ) -> eyre::Result<RawCallResult> {
+        let mut env = self.build_test_env(from, to.into(), calldata, value);
+        env.tx.authorization_list = Some(AuthorizationList::Signed(authorization_list));
+        self.call_with_env(env)
+    }
+
     /// Performs a raw call to an account on the current state of the VM.
     pub fn transact_raw(
         &mut self,

crates/script/src/runner.rs

@@ -1,5 +1,6 @@
 use super::ScriptResult;
 use crate::build::ScriptPredeployLibraries;
+use alloy_eips::eip7702::SignedAuthorization;
 use alloy_primitives::{Address, Bytes, TxKind, U256};
 use alloy_rpc_types::TransactionRequest;
 use eyre::Result;
@@ -223,7 +224,7 @@ impl ScriptRunner {
 
     /// Executes the method that will collect all broadcastable transactions.
     pub fn script(&mut self, address: Address, calldata: Bytes) -> Result<ScriptResult> {
-        self.call(self.evm_opts.sender, address, calldata, U256::ZERO, false)
+        self.call(self.evm_opts.sender, address, calldata, U256::ZERO, None, false)
     }
 
     /// Runs a broadcastable transaction locally and persists its state.
@@ -233,9 +234,17 @@ impl ScriptRunner {
         to: Option<Address>,
         calldata: Option<Bytes>,
         value: Option<U256>,
+        authorization_list: Option<Vec<SignedAuthorization>>,
     ) -> Result<ScriptResult> {
         if let Some(to) = to {
-            self.call(from, to, calldata.unwrap_or_default(), value.unwrap_or(U256::ZERO), true)
+            self.call(
+                from,
+                to,
+                calldata.unwrap_or_default(),
+                value.unwrap_or(U256::ZERO),
+                authorization_list,
+                true,
+            )
         } else if to.is_none() {
             let res = self.executor.deploy(
                 from,
@@ -282,9 +291,20 @@ impl ScriptRunner {
         to: Address,
         calldata: Bytes,
         value: U256,
+        authorization_list: Option<Vec<SignedAuthorization>>,
         commit: bool,
     ) -> Result<ScriptResult> {
-        let mut res = self.executor.call_raw(from, to, calldata.clone(), value)?;
+        let mut res = if let Some(authorization_list) = authorization_list {
+            self.executor.call_raw_with_authorization(
+                from,
+                to,
+                calldata.clone(),
+                value,
+                authorization_list,
+            )?
+        } else {
+            self.executor.call_raw(from, to, calldata.clone(), value)?
+        };
         let mut gas_used = res.gas_used;
 
         // We should only need to calculate realistic gas costs when preparing to broadcast

crates/script/src/simulate.rs

@@ -112,10 +112,10 @@ impl PreSimulationState {
         // Executes all transactions from the different forks concurrently.
         let futs = transactions
             .into_iter()
-            .map(|transaction| async {
+            .map(|mut transaction| async {
                 let mut runner = runners.get(&transaction.rpc).expect("invalid rpc url").write();
+                let tx = transaction.tx_mut();
 
-                let tx = transaction.tx();
                 let to = if let Some(TxKind::Call(to)) = tx.to() { Some(to) } else { None };
                 let result = runner
                     .simulate(
@@ -124,6 +124,7 @@ impl PreSimulationState {
                         to,
                         tx.input().map(Bytes::copy_from_slice),
                         tx.value(),
+                        tx.authorization_list(),
                     )
                     .wrap_err("Internal EVM error during simulation")?;