test: [QS ALC-9] add more tests for insufficient return data and clarifying comments

[adamegyed]

Motivation

Addresses QS ALC-9.

This is not an issue, because yul expressions evaluate right-to-left: https://docs.soliditylang.org/en/v0.8.27/yul.html#function-calls

For built-in functions of the EVM, functional expressions can be directly translated to a stream of opcodes: You just read the expression from right to left to obtain the opcodes.

Solution

Add additional tests that verify this behavior. There was one unit test that already checked this behavior in test_uoCallBuffer_shortReturnData, which only tested for short return data coming from a pre-validation hook, so this PR adds tests for user op validation and for signature validation.

Also adds clarifying comments in ExecutionLib.

[octane-security-app]

Summary by Octane

New Contracts

No new contracts were added in this PR.

Updated Contracts

• ExecutionLib.sol: Yul execution order clarified; evaluates returndatasize after call/staticcall.

---

🔗 Commit Hash: efa10fd

[github-actions]

Contract sizes:

| Contract                      | Runtime Size (B) | Initcode Size (B) | Runtime Margin (B) | Initcode Margin (B) |
|-------------------------------|------------------|-------------------|--------------------|---------------------|
| AccountFactory                |            4,814 |             5,239 |             19,762 |              43,913 |
| AllowlistModule               |            9,903 |             9,930 |             14,673 |              39,222 |
| ExecutionInstallDelegate      |            5,714 |             5,760 |             18,862 |              43,392 |
| ModularAccount                |           21,973 |            28,676 |              2,603 |              20,476 |
| NativeFunctionDelegate        |              434 |               461 |             24,142 |              48,691 |
| NativeTokenLimitModule        |            4,449 |             4,476 |             20,127 |              44,676 |
| PaymasterGuardModule          |            1,845 |             1,872 |             22,731 |              47,280 |
| SemiModularAccountBytecode    |           23,275 |            29,978 |              1,301 |              19,174 |
| SemiModularAccountStorageOnly |           23,769 |            30,472 |                807 |              18,680 |
| SingleSignerValidationModule  |            3,646 |             3,673 |             20,930 |              45,479 |
| TimeRangeModule               |            2,000 |             2,027 |             22,576 |              47,125 |
| WebAuthnValidationModule      |            7,854 |             7,881 |             16,722 |              41,271 |

Code coverage:

File	% Lines	% Statements	% Branches	% Funcs
src/account/AccountBase.sol	100.00% (8/8)	100.00% (7/7)	100.00% (2/2)	100.00% (4/4)
src/account/AccountStorageInitializable.sol	100.00% (19/19)	100.00% (26/26)	100.00% (5/5)	100.00% (2/2)
src/account/ModularAccount.sol	100.00% (2/2)	100.00% (2/2)	100.00% (0/0)	100.00% (2/2)
src/account/ModularAccountBase.sol	98.99% (294/297)	96.29% (363/377)	77.59% (45/58)	97.30% (36/37)
src/account/ModularAccountView.sol	100.00% (24/24)	100.00% (28/28)	100.00% (2/2)	100.00% (4/4)
src/account/ModuleManagerInternals.sol	95.08% (58/61)	96.20% (76/79)	62.50% (5/8)	100.00% (3/3)
src/account/SemiModularAccountBase.sol	88.71% (55/62)	92.13% (82/89)	66.67% (10/15)	100.00% (15/15)
src/account/SemiModularAccountBytecode.sol	100.00% (6/6)	100.00% (7/7)	100.00% (1/1)	100.00% (2/2)
src/account/SemiModularAccountStorageOnly.sol	80.00% (4/5)	83.33% (5/6)	100.00% (0/0)	50.00% (1/2)
src/account/TokenReceiver.sol	33.33% (1/3)	33.33% (1/3)	100.00% (0/0)	33.33% (1/3)
src/factory/AccountFactory.sol	70.59% (24/34)	76.09% (35/46)	40.00% (2/5)	58.33% (7/12)
src/helpers/ExecutionInstallDelegate.sol	92.59% (50/54)	92.96% (66/71)	40.00% (2/5)	100.00% (7/7)
src/helpers/NativeFunctionDelegate.sol	100.00% (16/16)	100.00% (30/30)	100.00% (0/0)	100.00% (1/1)
src/libraries/ExecutionLib.sol	99.64% (276/277)	98.89% (268/271)	90.91% (30/33)	100.00% (24/24)
src/libraries/KnownSelectorsLib.sol	100.00% (16/16)	100.00% (34/34)	100.00% (0/0)	100.00% (2/2)
src/libraries/LinkedListSetLib.sol	94.00% (47/50)	96.25% (77/80)	66.67% (4/6)	100.00% (8/8)
src/libraries/MemManagementLib.sol	100.00% (54/54)	100.00% (70/70)	100.00% (0/0)	100.00% (12/12)
src/libraries/ModuleInstallCommonsLib.sol	57.14% (8/14)	42.11% (8/19)	75.00% (3/4)	100.00% (3/3)
src/modules/ModuleBase.sol	100.00% (13/13)	94.12% (16/17)	100.00% (2/2)	100.00% (3/3)
src/modules/permissions/AllowlistModule.sol	86.05% (74/86)	85.71% (96/112)	78.26% (18/23)	50.00% (9/18)
src/modules/permissions/NativeTokenLimitModule.sol	90.91% (40/44)	93.22% (55/59)	100.00% (13/13)	66.67% (8/12)
src/modules/permissions/PaymasterGuardModule.sol	83.33% (10/12)	82.35% (14/17)	66.67% (2/3)	71.43% (5/7)
src/modules/permissions/TimeRangeModule.sol	83.33% (10/12)	80.00% (16/20)	100.00% (1/1)	75.00% (6/8)
src/modules/validation/SingleSignerValidationModule.sol	92.00% (23/25)	81.58% (31/38)	62.50% (5/8)	90.00% (9/10)
src/modules/validation/WebAuthnValidationModule.sol	61.11% (11/18)	66.67% (18/27)	100.00% (3/3)	60.00% (6/10)
Total	94.31% (1143/1212)	93.22% (1431/1535)	78.68% (155/197)	85.31% (180/211)

[octane-security-app]

Overview

Octane AI analysis has finished. No vulnerabilities were found. Cheers! 🎉🎉🎉

---

🔗 Commit Hash: efa10fd