Skip to content

Add MultiCallSendOnly support to Safe{Wallet} guard #427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
duncancmt wants to merge 161 commits into
base: master
Choose a base branch
from
Open

Add MultiCallSendOnly support to Safe{Wallet} guard #427

Show file tree
Hide file tree
Changes from 160 commits
Commits
Show all changes
161 commits
Select commit Hold shift + click to select a range
c08130c
WIP: add a Safe Guard that implements a timelock for the upgrade Safe
duncancmt Oct 18, 2024
307bb0a
Cleanup
duncancmt Oct 18, 2024
ed151b6
Fix CI
duncancmt Oct 15, 2024
4b376f0
Cleanup
duncancmt Oct 18, 2024
747bbfa
Bug! Wrong direction on timelock checking; add check that transaction…
duncancmt Oct 18, 2024
89a5495
Add `cancel` function to Timelock/Guard
duncancmt Oct 18, 2024
3d7730e
Revert "Cleanup"
duncancmt Oct 18, 2024
d7ec5fd
Add lockdown mode to Safe Guard (requires unanimous signatures to unl…
duncancmt Oct 18, 2024
c7fa949
Comment
duncancmt Oct 18, 2024
0751f8c
Comments
duncancmt Oct 18, 2024
963b396
Simplify guard design by storing only a single `txHash` and expiry in…
duncancmt Oct 19, 2024
58ef97b
Typo
duncancmt Oct 19, 2024
bb5288d
Comment
duncancmt Oct 19, 2024
844a064
Make initial `delay` a constructor argument
duncancmt Oct 19, 2024
b7f9224
Bug! Prevent smuggling calls to `unlock` through `enqueue` => multica…
duncancmt Oct 19, 2024
df0160c
Remove assumption about the relationship between `encodeTransactionDa…
duncancmt Oct 19, 2024
9d9e021
Resolve TODO
duncancmt Oct 19, 2024
228571b
Comment
duncancmt Oct 19, 2024
0769fa8
Rework Safe guard so that it only requires 1 multisig transaction; th…
duncancmt Oct 19, 2024
d2e5027
Remove unused
duncancmt Oct 21, 2024
68deecf
Add some extra safety checks; realistically they should never trigger…
duncancmt Oct 21, 2024
1fa4378
Attempt to guard against as many footguns and bizarre scenarios as po…
duncancmt Oct 21, 2024
76ae824
Golf
duncancmt Oct 21, 2024
acf46bc
Add some indexed fields to `SafeTransactionEnqueued` event
duncancmt Oct 21, 2024
f726ab0
Explain provenance of copied code
duncancmt Oct 21, 2024
99514b3
Golf
duncancmt Oct 21, 2024
103584f
Explain comment a little better (less ambiguous)
duncancmt Oct 21, 2024
2955ee4
Pedantry
duncancmt Oct 21, 2024
84910a9
Remove redundant check
duncancmt Oct 21, 2024
cbee10c
Resolve TODO
duncancmt Oct 21, 2024
fd73329
Add happy-path unit test for Safe Guard
duncancmt Oct 21, 2024
021b3c2
Add timelock sad path test case for Guard
duncancmt Oct 22, 2024
2902d4b
Bug! Require that a call to `cancel` be accompanied by approving the …
duncancmt Oct 22, 2024
56dab72
Fix CI
duncancmt Oct 22, 2024
e633657
Prevent calling the specified Guard functions outside of the Guard co…
duncancmt Oct 22, 2024
f8a0043
Fix Safe owner reverse order
duncancmt Oct 22, 2024
8bb0aa5
Check that the Safe call is actually going through
duncancmt Oct 22, 2024
c2013cb
I give up; completely remove the ability to `DELEGATECALL` from the Safe
duncancmt Oct 22, 2024
7a3c713
Remove unnecessary duplicate locked down checks
duncancmt Oct 22, 2024
70366ca
Cleanup
duncancmt Oct 22, 2024
d013975
Update copied interface in test
duncancmt Oct 22, 2024
4f6392e
Bug! Prevent re-queueing transaction (possibly clearing cancelation)
duncancmt Oct 22, 2024
6b5e3a8
Fail early if attempting an `Operation.DelegateCall`
duncancmt Oct 22, 2024
262f537
Check event
duncancmt Oct 22, 2024
f2d2709
Add canceller address to event
duncancmt Oct 23, 2024
556b15e
Test for `DELEGATECALL` prevention
duncancmt Oct 23, 2024
f12cb22
Test for `cancel`
duncancmt Oct 23, 2024
7d8f671
Add some sad-path tests for `cancel`
duncancmt Oct 23, 2024
8338e86
Add test for `lockDown`
duncancmt Oct 23, 2024
d9519f0
Add test for `unlock`
duncancmt Oct 23, 2024
ab25287
Cleanup
duncancmt Oct 23, 2024
e93ec09
Add test for non-unanimous `unlock`
duncancmt Oct 23, 2024
baf42ce
Replace `notRemoved` and `notLockedDown` modifiers witih `normalOpera…
duncancmt Oct 23, 2024
e0a9f21
Comment
duncancmt Oct 23, 2024
dbc5a70
Check for emitted success event by Safe
duncancmt Oct 23, 2024
1180afe
Remove noisy debug logging
duncancmt Oct 23, 2024
d4b761d
Cleanup
duncancmt Oct 24, 2024
570534d
Merge branch 'master' into dcmt/upgrade-timelock
duncancmt Feb 14, 2025
7e8fe01
Merge branch 'master' into dcmt/upgrade-timelock
duncancmt Feb 21, 2025
0d5a970
Try to speed up CI
duncancmt Feb 21, 2025
6eb73a6
Add Dedaub audit report for `SafeGuard.sol`
duncancmt Mar 14, 2025
83d0959
Add *DRAFT* Bailsec audit report for `SafeGuard.sol`
duncancmt Mar 17, 2025
a397c62
Address Bailsec audit findings
duncancmt Mar 17, 2025
1d921f9
`forge fmt`
duncancmt Mar 17, 2025
2ab40b7
Add graffiti event to show the resignation `txHash`
duncancmt Mar 18, 2025
f0b528b
Fix unit tests
duncancmt Mar 18, 2025
3f81cf0
Add some new test cases
duncancmt Mar 18, 2025
6a7c180
Add another new test case
duncancmt Mar 18, 2025
9f23096
`forge fmt`
duncancmt Mar 18, 2025
3872df5
Add unit test for the `resignTxHash` flow
duncancmt Mar 18, 2025
a6232a3
DRY
duncancmt Mar 19, 2025
bc3c51d
Add final Bailsec audit report for `SafeGuard.sol`
duncancmt Mar 20, 2025
61625d9
Reorder checks for clarity
duncancmt Mar 20, 2025
a3a8acb
Make `safe` a constructor argument in `SafeGuard`
duncancmt Mar 23, 2025
b4ec987
`forge fmt`
duncancmt Mar 23, 2025
2b9dccd
Support both Arachnid deployer and Safe singleton factory rooted Safe…
duncancmt Mar 23, 2025
f394f9b
Comment
duncancmt Mar 23, 2025
405cb27
Add more unit test
duncancmt Mar 23, 2025
2b53b0a
Merge branch 'master' into dcmt/upgrade-timelock
duncancmt Jul 9, 2025
e481714
Merge branch 'master' into dcmt/upgrade-timelock
duncancmt Aug 19, 2025
95f9499
Golf
duncancmt Aug 19, 2025
768269b
Revert "Golf"
duncancmt Aug 19, 2025
9fa9f7f
Fix CI
duncancmt Aug 19, 2025
e58f3cb
Fix CI
duncancmt Aug 19, 2025
662b788
Style
duncancmt Aug 19, 2025
10c99c4
Add a variation of the Safe{Wallet} Guard timelock for Safe{Wallet} v…
duncancmt Aug 20, 2025
ce30100
Add some `vm.expectCall`
duncancmt Aug 20, 2025
a919bb4
Avoid opaque constants in test files
duncancmt Aug 20, 2025
5a2193b
Avoid opaque constants in test files
duncancmt Aug 20, 2025
099466f
Add references to canonical Safe{Wallet} 1.4.1 deployment addresses
duncancmt Aug 20, 2025
40b9b4e
Check Safe{Wallet} proxy code hash on deployment
duncancmt Aug 20, 2025
b9cfcb7
Add reference to Safe{Wallet} 1.1.1 factory, because that is also sup…
duncancmt Aug 20, 2025
5f5ae6b
Give names to constants
duncancmt Aug 20, 2025
3a1e1d5
`abstract`
duncancmt Aug 20, 2025
30036d9
Typo
duncancmt Aug 20, 2025
4684b0a
Typo
duncancmt Aug 20, 2025
7dabb59
Allow calls to `MultiCallSendOnly`, but use deep inspection to forbid…
duncancmt Nov 20, 2025
90d72cc
Also check the value of the fallback handler after each transaction
duncancmt Nov 20, 2025
73caf5d
`forge fmt`
duncancmt Nov 20, 2025
8578fa3
Compilation errors
duncancmt Nov 20, 2025
4245fff
Add comment in response to Immunefi Magnus PR review
duncancmt Nov 20, 2025
3edb146
Be explicit about differences in our decoding of multicall and `Multi…
duncancmt Nov 20, 2025
1b150d1
Cleanup
duncancmt Nov 20, 2025
59c93ab
Golf
duncancmt Nov 20, 2025
35abfb5
Bug! Reversed `if` condition
duncancmt Nov 20, 2025
df3ca19
Cleanup
duncancmt Nov 25, 2025
d3ba88d
Bug! You have to check the selector when blacklisting a specific sele…
duncancmt Nov 25, 2025
ff90ec4
`forge fmt`
duncancmt Nov 25, 2025
64e71a6
Check Safe{Wallet} Guard invariants in between user-defined multicall…
duncancmt Mar 9, 2026
d729b7f
Merge branch 'master' into dcmt/upgrade-timelock-1.4.0-multicall
duncancmt Mar 9, 2026
30a74d5
`forge fmt`
duncancmt Mar 9, 2026
29fb1d6
Forbid calls to the Safe{Wallet} Guard's `checkAfterExecution` in the…
duncancmt Mar 9, 2026
1542aeb
Correctly handle resignations on a Safe{Wallet} configured to be unan…
duncancmt Mar 9, 2026
a800384
Compilation errors
duncancmt Mar 9, 2026
576f7d3
Variable naming consistency
duncancmt Mar 9, 2026
b598345
`forge fmt`
duncancmt Mar 9, 2026
cdbabf7
Add event
duncancmt Mar 9, 2026
88501dc
WIP: Fixing tests
duncancmt Mar 9, 2026
7bfaefe
`forge fmt`
duncancmt Mar 9, 2026
7560152
Fix tests
duncancmt Mar 9, 2026
601c7e3
`unchecked`
duncancmt Mar 9, 2026
748bb47
Forbid `checkTransaction` inside multicall
duncancmt Mar 9, 2026
3a194e3
`unchecked`
duncancmt Mar 9, 2026
f896e8a
Golf
duncancmt Mar 9, 2026
bc53abb
Comment
duncancmt Mar 9, 2026
6e5e234
Golf
duncancmt Mar 9, 2026
6f5db05
DRY
duncancmt Mar 9, 2026
069fc33
Compilation errors
duncancmt Mar 9, 2026
5e316d0
Symmetry; golf
duncancmt Mar 9, 2026
d6fce3f
Simplify
duncancmt Mar 9, 2026
1e8b180
Add support for ERC-7955 toehold
duncancmt Mar 9, 2026
de9c592
Add explanation/enumeration of Safe{Wallet} Guard failure cases
duncancmt Mar 11, 2026
a4d205f
Improve explanation of Safe{Wallet} Guard failure cases
duncancmt Mar 11, 2026
20317ce
Improve explanation of Safe{Wallet} Guard failure cases
duncancmt Mar 11, 2026
c9ad6e4
Improve explanation of Safe{Wallet} Guard failure cases
duncancmt Mar 11, 2026
8743907
Rename error
duncancmt Mar 11, 2026
1b4ebe2
Reconfigure minimum owner/threshold checks
duncancmt Mar 11, 2026
c0d27a7
Disallow canceling one's own resignation
duncancmt Mar 11, 2026
4467f6d
Merge branch 'master' into dcmt/upgrade-timelock-1.4.0-multicall
duncancmt Mar 27, 2026
63804b3
Compilation error
duncancmt Mar 27, 2026
afea418
Fixing tests
duncancmt Mar 27, 2026
15f87ea
Fixing tests
duncancmt Mar 27, 2026
919bc23
Pedantry
duncancmt Apr 10, 2026
423b1c0
Merge branch 'master' into dcmt/upgrade-timelock-1.4.0-multicall
duncancmt Apr 10, 2026
4090c7b
Add zkSync support to SafeGuard
duncancmt Apr 16, 2026
ea327b0
Clean up slop
duncancmt Apr 16, 2026
a4ff78f
`forge fmt`
duncancmt Apr 16, 2026
3e25617
Fix SafeGuard EraVM harness and tests
duncancmt Apr 16, 2026
7300422
Clean up slop
duncancmt Apr 16, 2026
7120bea
Refine SafeGuard EraVM tests
duncancmt Apr 16, 2026
ecf1b65
WIP: debugging EraVm
duncancmt Apr 16, 2026
5ae361d
Fix SafeGuard EraVM dummy hash and zk test config
duncancmt Apr 16, 2026
4a50090
Clean up slop
duncancmt Apr 16, 2026
2ea8b8d
Fix SafeGuard EraVM dummy hash and zk test config
duncancmt Apr 16, 2026
58c35b3
Fix foundry-zksync install path in CI
duncancmt Apr 16, 2026
4dc995e
Pin foundry-zksync version in CI
duncancmt Apr 16, 2026
70e4284
Merge branch 'master' into dcmt/upgrade-timelock-1.4.0-multicall
duncancmt Apr 16, 2026
752b9e0
Clean up slop
duncancmt Apr 16, 2026
07002b6
Fix merge artifact
duncancmt Apr 17, 2026
32cb0cc
Omit appended CBOR metadata in ZK mode too
duncancmt Apr 17, 2026
440478f
Add support for EIP-7997 factory
duncancmt Apr 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions .github/workflows/safeguard-zksync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: SafeGuard ZKsync

on:
push:
branches:
- master
pull_request:

permissions:
contents: read

jobs:
safeguard-zksync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Install Foundry-ZKsync
run: |
curl -L https://raw.githubusercontent.com/matter-labs/foundry-zksync/main/foundryup-zksync/install -o install-foundry-zksync
chmod +x ./install-foundry-zksync
./install-foundry-zksync
FOUNDRY_ZKSYNC_BIN_DIR="${XDG_CONFIG_HOME:-$HOME}/.foundry/bin"
echo "$FOUNDRY_ZKSYNC_BIN_DIR" >> "$GITHUB_PATH"
"$FOUNDRY_ZKSYNC_BIN_DIR/foundryup-zksync" --install 0.1.9

- name: Install dependencies
run: git submodule update --recursive --init

- name: Build zkSync SafeGuard artifacts
run: forge build --zksync --zk-compile -o zkout --cache-path zkcache src/deployer/SafeGuard.sol zksrc/SafeGuardWrappers.sol
env:
FOUNDRY_EVM_VERSION: london
FOUNDRY_OPTIMIZER_RUNS: 200

- name: Run zkSync SafeGuard tests
run: forge test --zksync -C zktest --root "$GITHUB_WORKSPACE" --lib-paths "$GITHUB_WORKSPACE/lib" --match-contract TestSafeGuardZkSyncArtifacts
2 changes: 1 addition & 1 deletion .github/workflows/size.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,4 @@ jobs:
run: npm install

- name: Check chain-specific Settler contract sizes
run: forge build --sizes --skip MultiCall.sol --skip CrossChainReceiverFactory.sol --skip AllowanceHolder.sol --skip Deployer.sol --skip 'test/*' -- src/chains/
run: forge build --sizes --skip MultiCall.sol --skip CrossChainReceiverFactory.sol --skip SafeGuard.sol --skip AllowanceHolder.sol --skip Deployer.sol --skip 'test/*' -- src/chains/
14 changes: 13 additions & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,23 @@ jobs:
- name: Install dependencies
run: git submodule update --recursive --init

- name: Build Safe Guard
run: forge build src/deployer/SafeGuard.sol
env:
FOUNDRY_EVM_VERSION: london
FOUNDRY_OPTIMIZER_RUNS: 200

- name: Run SafeGuard tests
run: forge test --skip 'src/*' --skip 'test/unit/*' --skip 'test/integration/*' --skip 'test/0.8.28/*' --mp test/0.8.25/SafeGuard.t.sol
env:
MAINNET_RPC_URL: ${{ secrets.MAINNET_RPC_URL }}
BNB_MAINNET_RPC_URL: ${{ secrets.BNB_MAINNET_RPC_URL }}

- name: Run EulerSwap math tests
run: forge test --skip 'src/*' --skip 'script/*' --skip 'test/unit/*' --skip 'test/integration/*' --skip 'test/0.8.25/*' --mp test/0.8.28/EulerSwapBUSL.t.sol

- name: Build contracts
run: forge build --skip MultiCall.sol --skip CrossChainReceiverFactory.sol --skip AllowanceHolder.sol --skip Deployer.sol --skip 'test/*' --skip 'script/*'
run: forge build --skip MultiCall.sol --skip CrossChainReceiverFactory.sol --skip SafeGuard.sol --skip AllowanceHolder.sol --skip Deployer.sol --skip 'test/*' --skip 'script/*'

- name: Build AllowanceHolder and Deployer
run: forge build -- src/allowanceholder/AllowanceHolder.sol src/deployer/Deployer.sol
Expand Down
Binary file added audits/Bailsec - 0x - SafeGuard - 2nd Report.pdf
View file
Open in desktop
Binary file not shown.
Binary file added audits/Ox Timelock Gnosis Guard - March 13, 2025 - Dedaub.pdf
View file
Open in desktop
Binary file not shown.
11 changes: 10 additions & 1 deletion foundry.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,23 @@ block_gas_limit = 16_777_216
no_match_path = "test/integration/*"
# needed for marktoda/forge-gas-snapshot
ffi = true
fs_permissions = [{ access = "read-write", path = ".forge-snapshots/" }, { access = "read", path = "out" }, { access = "read", path = "script/" }]
fs_permissions = [
{ access = "read-write", path = ".forge-snapshots/" },
{ access = "read", path = "out" },
{ access = "read", path = "zkout" },
{ access = "read", path = "script/" },
]
gas_snapshot_emit = true

# https://github.com/foundry-rs/foundry/issues/6780#issuecomment-1962319449
[profile.default.optimizer_details]
constantOptimizer = true
yul = true

[profile.default.zksync]
bytecode_hash = "none"
cbor_metadata = false

[profile.integration]
no_match_path = "test/unit/*"
match_path = "test/integration/*"
Expand Down
Loading
Loading