refactor: (C4#126) disallow setting keyManager for lsp20 extension

[YamenMerhi]

What does this PR introduce?

• Disallow setting keyManager address as extension for lsp20 function selectors

♻️ Refactor

After setting the address of the KeyManager as extension for lsp20VerifyCallResult function.

As lsp20VerifyCallResult() is called through the LSP0 account, msg.sender == _target will be true, thereby calling _nonReentrantAfter() to reset _reentrancyStatus.

Therefore, after lsp20VerifyCallResult() is added as an extension, anyone can then call this before performing a reentrant call to LSP6KeyManager to bypass reentrancy checks.

The opposite case can happen when setting the KeyManager address as extension for lsp20VerifyCall function, as in this case the reentrancy status will be set to true, and hence each call will require reentrancy permission.

PR Checklist

• Wrote Tests
• Wrote & Generated Documentation (readme/natspec/dodoc)
• Ran npm run lint && npm run lint:solidity (solhint)
• Ran npm run format (prettier)
• Ran npm run build
• Ran npm run test

[github-actions]

👋 Hello
⛽ I am the Gas Bot Reporter. I keep track of the gas costs of common interactions using Universal Profiles 🆙 !
📊 Here is a summary of the gas cost with the code introduced by this PR.

⛽📊 See Gas Benchmark report of Using UniversalProfile owned by an EOA

🔀 execute scenarios

execute scenarios - 👑 UP Owner	⛽ Gas Usage
Transfer 1 LYX to an EOA without data	37537
Transfer 1 LYX to a UP without data	36639
Transfer 1 LYX to an EOA with 256 bytes of data	42186
Transfer 1 LYX to a UP with 256 bytes of data	44750
Transfer 0.1 LYX to 3x EOA without data	70862
Transfer 0.1 LYX to 3x UP without data	75680
Transfer 0.1 LYX to 3x EOA with 256 bytes of data	84814
Transfer 0.1 LYX to 3x EOA with 256 bytes of data	100006

🗄️ setData scenarios

setData scenarios - 👑 UP Owner	⛽ Gas Usage
Set a 20 bytes long value	49971
Set a 60 bytes long value	95293
Set a 160 bytes long value	164441
Set a 300 bytes long value	279700
Set a 600 bytes long value	484124
Change the value of a data key already set	32859
Remove the value of a data key already set	27333
Set 2 data keys of 20 bytes long value	78416
Set 2 data keys of 100 bytes long value	260568
Set 3 data keys of 20 bytes long value	105145
Change the value of three data keys already set of 20 bytes long value	45445
Remove the value of three data keys already set	41339

🗄️ Tokens scenarios

Tokens scenarios - 👑 UP Owner	⛽ Gas Usage
Minting a LSP7Token to a UP (No Delegate) from an EOA	91241
Minting a LSP7Token to an EOA from an EOA	59206
Transferring an LSP7Token from a UP to another UP (No Delegate)	98689
Minting a LSP8Token to a UP (No Delegate) from an EOA	158192
Minting a LSP8Token to an EOA from an EOA	126157
Transferring an LSP8Token from a UP to another UP (No Delegate)	147236

📝 Notes

• The execute and setData scenarios are executed on a fresh UniversalProfile smart contract, deployed as standard contracts (not as proxy behind a base contract implementation).

⛽📊 See Gas Benchmark report of Using UniversalProfile owned by an LSP6KeyManager

This document contains the gas usage for common interactions and scenarios when using UniversalProfile smart contracts.

🔀 execute scenarios

👑 unrestricted controller

execute scenarios - 👑 main controller	⛽ Gas Usage
transfer LYX to an EOA	60439
transfer LYX to a UP	62041
transfer tokens (LSP7) to an EOA (no data)	107162
transfer tokens (LSP7) to a UP (no data)	242734
transfer a NFT (LSP8) to a EOA (no data)	171009
transfer a NFT (LSP8) to a UP (no data)	289909

🛃 restricted controller

execute scenarios - 🛃 restricted controller	⛽ Gas Usage
transfer some LYXes to an EOA - restricted to 1 x allowed address only (TRANSFERVALUE + 1x AllowedCalls)	72648
transfers some tokens (LSP7) to an EOA - restricted to LSP7 + 2x allowed contracts only (CALL + 2x AllowedCalls) (no data)	122941
transfers some tokens (LSP7) to an other UP - restricted to LSP7 + 2x allowed contracts only (CALL + 2x AllowedCalls) (no data)	258513
transfers a NFT (LSP8) to an EOA - restricted to LSP8 + 2x allowed contracts only (CALL + 2x AllowedCalls) (no data)	186776
transfers a NFT (LSP8) to an other UP - restricted to LSP8 + 2x allowed contracts only (CALL + 2x AllowedCalls) (no data)	305676

🗄️ setData scenarios

👑 unrestricted controller

setData scenarios - 👑 main controller	⛽ Gas Usage
updates profile details (LSP3Profile metadata)	136875
give permissions to a controller (AddressPermissions[] + AddressPermissions[index] + AddressPermissions:Permissions:)	132906
restrict a controller to some specific ERC725Y Data Keys	139282
restrict a controller to interact only with 3x specific addresses	161986
remove a controller (its permissions + its address from the AddressPermissions[] array)	67871
write 5x LSP12 Issued Assets	233253

🛃 restricted controller

setData scenarios - 🛃 restricted controller	⛽ Gas Usage
setData(bytes32,bytes) -> updates 1x data key	102626
setData(bytes32[],bytes[]) -> updates 3x data keys (first x3)	161440
setData(bytes32[],bytes[]) -> updates 3x data keys (middle x3)	145519
setData(bytes32[],bytes[]) -> updates 3x data keys (last x3)	170752
setData(bytes32[],bytes[]) -> updates 2x data keys + add 3x new controllers (including setting the array length + indexes under AddressPermissions[index])	249872

📝 Notes

• The execute and setData scenarios are executed on a fresh UniversalProfile and LSP6KeyManager smart contracts, deployed as standard contracts (not as proxy behind a base contract implementation).

[github-actions]

Changes to gas cost

Generated at commit: ec690cac89c5ee1affe84fc81b49b8e396523493, compared to commit: 9db488aad9065f88cfc3c5f43f47b1fab35fc5f0

🧾 Summary (10% most significant diffs)

Contract	Method	Avg (+/-)	%

---

Full diff report 👇

Contract	Deployment Cost (+/-)	Method	Min (+/-)	%	Avg (+/-)	%	Median (+/-)	%	Max (+/-)	%	# Calls (+/-)
LSP6ExecuteRestrictedController	2,888,707 (+34,647)
LSP6ExecuteUnrestrictedController	2,888,707 (+34,647)
LSP6SetDataRestrictedController	2,873,483 (+34,638)
LSP6SetDataUnrestrictedController	2,873,483 (+34,638)