Update Contract

.env.sample

@@ -4,5 +4,20 @@ INFURA_KEY=""
 # Used for custom network
 NODE_URL=""
 ETHERSCAN_API_KEY=""
-# Use the Safe singleton factory for singleton deployment. This is required if EIP-155 is enforce on a chain.
-# CUSTOM_DETERMINISTIC_DEPLOYMENT="true"
+# (Optional) Used to run ERC-4337 compatibility test. MNEMONIC is also required.
+ERC4337_TEST_BUNDLER_URL=
+ERC4337_TEST_NODE_URL=
+ERC4337_TEST_SINGLETON_ADDRESS=
+ERC4337_TEST_SAFE_FACTORY_ADDRESS=
+# (Optional) Tells the test runner which Safe Singleton Contract to use for testing: Safe or SafeL2. Defaults to Safe.
+SAFE_CONTRACT_UNDER_TEST="Safe"
+# Used for compiling with different solidity testing
+SOLIDITY_VERSION= # Example: '0.8.19'
+# For running coverage tests, `details` section of solidity settings are required, else could be removed.
+SOLIDITY_SETTINGS= # Example: '{"viaIR":true,"optimizer":{"enabled":true, "details": {"yul": true, "yulDetails": { "optimizerSteps": ""}}}}'
+# Set to 1 to run hardhat in zksync mode. This will enable the ZK compiler and run the hardhat node in zksync mode.
+HARDHAT_ENABLE_ZKSYNC=0
+# Sets hardhat chain id. In general, you don't need this, it's only used for testing the SafeToL2Setup contract.
+HARDHAT_CHAIN_ID=31337
+# (Optional) Hardhat-deploy only supports zksync deployment if the private key for the account is provided. Specify the private key here.
+ZKSYNC_DEPLOYER_PK="0x7726827caac94a7f9e1b160f7ea819f172f7b6f9d2a97f992c38edeab82d4110"

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,7 +7,7 @@ about: Bug report about the Safe smart contracts
 ## Prerequisites
 
 - First, many thanks for taking part in the community and helping us improve. We appreciate that a lot.
-- Support questions are better asked in our Gitter chat: https://gitter.im/gnosis/Safe
+- Support questions are better asked in our Discord: https://chat.safe.global
 - Please ensure the issue isn't already reported.
 
 *Please delete the above section and the instructions in the sections below before submitting*

.github/ISSUE_TEMPLATE/feature_request.md

@@ -7,7 +7,7 @@ about: Suggest an idea or feature request for the Safe smart contracts project
 ## Prerequisites
 
 - First, many thanks for taking part in the community and helping us improve. We appreciate that a lot.
-- Support questions are better asked in our Gitter chat: https://gitter.im/gnosis/Safe
+- Support questions are better asked in our Discord: https://chat.safe.global
 - Please ensure the issue isn't already reported.
 
 *Please delete the above section and the instructions in the sections below before submitting*

.github/workflows/certora.yml

@@ -0,0 +1,45 @@
+name: certora
+
+on:
+ push:
+ branches:
+ - main
+ pull_request:
+ branches:
+ - main
+
+ workflow_dispatch:
+
+jobs:
+ verify:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ rule: ["owner", "safe", "module", "nativeTokenRefund", "signatures", "safeMigration", "safeToL2Migration", "safeToL2Setup"]
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Install python
+ uses: actions/setup-python@v4
+ with: { python-version: 3.11 }
+
+ - name: Install certora cli
+ run: pip install -r certora/requirements.txt
+
+ - name: Install solc
+ run: |
+ wget https://github.com/ethereum/solidity/releases/download/v0.7.6/solc-static-linux
+ chmod +x solc-static-linux
+ sudo mv solc-static-linux /usr/local/bin/solc7.6
+
+ - name: Verify rule ${{ matrix.rule }}
+ run: |
+ cd certora
+ touch applyHarness.patch
+ make munged
+ cd ..
+ echo "key length" ${#CERTORAKEY}
+ certoraRun certora/conf/${{ matrix.rule }}.conf --wait_for_results=all
+ env:
+ CERTORAKEY: ${{ secrets.CERTORA_KEY }}

.github/workflows/ci.yml

@@ -1,81 +1,97 @@
-name: safe-contracts
-on: [ push, pull_request ]
+name: safe-smart-account
+on: [push, pull_request]
+env:
+ NODE_VERSION: 20.16.0
 
 jobs:
- tests:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - uses: actions/setup-node@v2
- with:
- node-version: 16.7.0
- - uses: actions/cache@v2
- with:
- path: "**/node_modules"
- key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- - run: yarn --frozen-lockfile
- - run: yarn build
- - run: yarn coverage
- - name: Coveralls
- uses: coverallsapp/github-action@master
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- lint:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - uses: actions/setup-node@v2
- with:
- node-version: 16.7.0
- - uses: actions/cache@v2
- with:
- path: "**/node_modules"
- key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- - run: yarn --frozen-lockfile
- - run: yarn lint:sol
- tests-other:
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- contract-name: ["GnosisSafeL2"]
- env:
- SAFE_CONTRACT_UNDER_TEST: ${{ matrix.contract-name }}
- steps:
- - uses: actions/checkout@v2
- - uses: actions/setup-node@v2
- with:
- node-version: 16.7.0
- - uses: actions/cache@v2
- with:
- path: "**/node_modules"
- key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- - run: yarn --frozen-lockfile
- - run: yarn build
- - run: yarn coverage
- - name: Coveralls
- uses: coverallsapp/github-action@master
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- benchmarks:
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- solidity: ["0.7.6", "0.8.2"]
- include:
- - solidity: "0.8.2"
- settings: '{"viaIR":true,"optimizer":{"enabled":true,"runs":10000}}'
- env:
- SOLIDITY_VERSION: ${{ matrix.solidity }}
- SOLIDITY_SETTINGS: ${{ matrix.settings }}
- steps:
- - uses: actions/checkout@v2
- - uses: actions/setup-node@v2
- with:
- node-version: 16.7.0
- - uses: actions/cache@v2
- with:
- path: "**/node_modules"
- key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- - run: (yarn --frozen-lockfile && yarn build && yarn hardhat codesize --contractname GnosisSafe && yarn benchmark) || echo "Benchmark failed"
+ lint-solidity:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
+ with:
+ node-version: ${{ env.NODE_VERSION }}
+ cache: "npm"
+ - run: npm ci
+ - run: npm run lint:sol:prettier
+ - run: npm run lint:sol
+
+ lint-typescript:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
+ with:
+ node-version: ${{ env.NODE_VERSION }}
+ cache: "npm"
+ - run: npm ci
+ - run: npm run lint:ts:prettier
+ - run: npm run build:ts:dev # runs typecheck
+ - run: npm run lint:ts
+
+ tests:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
+ with:
+ node-version: ${{ env.NODE_VERSION }}
+ cache: "npm"
+ - run: npm ci
+ - run: npm run build
+ - run: npm run test
+
+ coverage:
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ contract-name: ["Safe", "SafeL2"]
+ env:
+ SAFE_CONTRACT_UNDER_TEST: ${{ matrix.contract-name }}
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
+ with:
+ node-version: ${{ env.NODE_VERSION }}
+ cache: "npm"
+ - run: npm ci
+ - run: npm run build
+ - run: npm run coverage
+ - name: Send coverage to Coveralls (parallel)
+ uses: coverallsapp/github-action@v2
+ with:
+ parallel: true
+ flag-name: run-$
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+
+ finish:
+ runs-on: ubuntu-latest
+ needs: tests
+ if: ${{ always() }}
+ steps:
+ - name: Coveralls Finished
+ uses: coverallsapp/github-action@v2
+ with:
+ parallel-finished: true
+ carryforward: "run-Safe,run-SafeL2"
+
+ benchmarks:
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ solidity: ["0.7.6", "0.8.24"]
+ include:
+ - solidity: "0.8.24"
+ settings: '{"viaIR":false,"optimizer":{"enabled":true,"runs":1000000}}'
+ env:
+ SOLIDITY_VERSION: ${{ matrix.solidity }}
+ SOLIDITY_SETTINGS: ${{ matrix.settings }}
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
+ with:
+ node-version: ${{ env.NODE_VERSION }}
+ cache: "npm"
+ - run: npm ci && npm run build && npx hardhat codesize --contractname Safe && npm run benchmark

.github/workflows/cla.yml

@@ -5,21 +5,27 @@ on:
  pull_request_target:
  types: [ opened, closed, synchronize ]
 
+permissions:
+ actions: write
+ contents: write
+ pull-requests: write
+ statuses: write
+
 jobs:
  CLAssistant:
  runs-on: ubuntu-latest
  steps:
  - name: "CLA Assistant"
  if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
  # Beta Release
- uses: cla-assistant/github-action@v2.1.3-beta
+ uses: cla-assistant/github-action@v2.3.0
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  # the below token should have repo scope and must be manually added by you in the repository's secret
  PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
  with:
  path-to-signatures: 'signatures/version1/cla.json'
- path-to-document: 'https://safe.global/cla/'
+ path-to-document: 'https://safe.global/cla'
  # branch should not be protected
  branch: 'cla-signatures'
  allowlist: rmeissner,Uxio0,*bot # may need to update this expression if we add new bots
@@ -33,4 +39,4 @@ jobs:
  #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
  #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
  #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
- #use-dco-flag: true - If you are using DCO instead of CLA
+ #use-dco-flag: true - If you are using DCO instead of CLA

.gitignore

@@ -1,3 +1,4 @@
+.idea/
 build/
 node_modules/
 .DS_Store
@@ -11,4 +12,14 @@ bin/
 solc
 coverage/
 coverage.json
-yarn-error.log
+yarn-error.log
+typechain-types
+.vscode
+
+# Certora Formal Verification related files
+.certora_internal
+.certora_recent_jobs.json
+.zip-output-url.txt
+
+# zksync era node log
+era_test_node.log

.husky/pre-commit

@@ -1,21 +1,18 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
+npm run lint:sol:prettier
+npm run lint:ts:prettier
+npm run lint:sol
+npm run lint:ts
 
-# Redirect output to stderr.
-exec 1>&2
-
-# prevent it.only or describe.only commited
+# Prevent `it.only` or `describe.only` tests commited
 if [ "$allowonlytests" != "true" ] &&
  test $(git diff --cached | grep -E "\b(it|describe).only\(" | wc -l) != 0
 then
  cat <<\EOF
 Error: Attempt to add it.only or describe.only - which may disable all other tests
- 
+
 If you know what you are doing you can disable this check using:
- 
+
  git config hooks.allowonlytests true
 EOF
  exit 1
 fi
-
-exit 0

.nvmrc

@@ -1 +1 @@
-v16.7.0
+v18.17.1

.prettierrc

@@ -1,15 +1,21 @@
 {
+ "plugins": ["prettier-plugin-solidity"],
  "overrides": [
- {
- "files": "*.sol",
- "options": {
- "printWidth": 140,
- "tabWidth": 4,
- "useTabs": false,
- "singleQuote": false,
- "bracketSpacing": false,
- "explicitTypes": "always"
+ {
+ "files": "*.sol",
+ "options": {
+ "parser": "solidity-parse",
+ "printWidth": 140,
+ "tabWidth": 4,
+ "useTabs": false,
+ "singleQuote": false,
+ "bracketSpacing": false
+ }
  }
- }
- ]
- }
+ ],
+ "tabWidth": 4,
+ "printWidth": 140,
+ "trailingComma": "all",
+ "singleQuote": false,
+ "semi": true
+}