/safe-contracts

Gnosis Safe allows secure management of blockchain assets.

Primary LanguageJavaScriptGNU Lesser General Public License v3.0LGPL-3.0

Gnosis Safe Contracts

npm version Build Status

Install

The repository requires Node 10

  • As this repository uses an old version of web3js it is required to use Node 10 else npm install will fail.

Install requirements with npm:

npm install

Run all tests (requires Node version >=7 for async/await):

npx truffle compile
npx test

npx test will start a ganache-cli with the correct configuration. If you want to run npx truffle test you need to start a ganache-cli instance. For this it is required to use the --noVMErrorsOnRPCResponse option. This option will make sure that ganache-cli behaves the same as other clients (e.g. geth and parity) when handling reverting calls to contracts. This is required as some flows parse the error message (see https://gnosis-safe.readthedocs.io/en/latest/contracts/transactions.html#safe-transaction-gas-limit-estimation).

Deploy

Some contracts require that the Solidity compile target is at least petersburg (e.g. GnosisSafeProxyFactory and MultiSend). This is default since Solidity 0.5.5.

Note: The formal verification was performed using the contract compiled with solcjs 0.5.0.

Preparation:

  • Set INFURA_TOKEN in .env
  • Set NETWORK in .env
  • Run npx truffle compile

OpenZeppelin SDK:

  • Make sure that @openzeppelin/cli is version 2.5 (npx oz --version)
  • Make sure that all dependencies use solcjs >0.5.0
  • Set correct version in package.json
  • Set MNEMONIC in .env to current oz package owner (last deployer normally)
  • Optional: if a new deployer account is used
    • Check that a gloabl versionb of truffle 5 is installed (truffle version)
    • Run truffle exec scripts/change_oz_owner.js --network=<network> --newOwner="<address>" to enable new deployer
    • Set MNEMONIC in .env to new oz package owner
  • Run npm run deploy-oz
  • Once deployed on all networks run npx oz --freeze <network> for each network

Truffle:

  • Set MNEMONIC in .env
npx truffle deploy

Verify Contracts:

  • requires installed solc (>0.5.0)
virtualenv env -p python3
. env/bin/activate
pip install solidity-flattener
mkdir build/flattened_contracts
solidity_flattener contracts/GnosisSafe.sol --output build/flattened_contracts/GnosisSafe.sol
solidity_flattener contracts/libraries/CreateAndAddModules.sol --output build/flattened_contracts/CreateAndAddModules.sol --solc-paths="/=/"
solidity_flattener contracts/libraries/CreateCall.sol --output build/flattened_contracts/CreateCall.sol --solc-paths="/=/"
solidity_flattener contracts/libraries/MultiSend.sol --output build/flattened_contracts/MultiSend.sol --solc-paths="/=/"
solidity_flattener contracts/handler/DefaultCallbackHandler.sol --output build/flattened_contracts/DefaultCallbackHandler.sol --solc-paths="/=/"
solidity_flattener contracts/modules/DailyLimitModule.sol --output build/flattened_contracts/DailyLimitModule.sol --solc-paths="/=/"
solidity_flattener contracts/modules/SocialRecoveryModule.sol --output build/flattened_contracts/SocialRecoveryModule.sol --solc-paths="/=/"
solidity_flattener contracts/modules/StateChannelModule.sol --output build/flattened_contracts/StateChannelModule.sol --solc-paths="/=/"
solidity_flattener contracts/modules/WhitelistModule.sol --output build/flattened_contracts/WhitelistModule.sol --solc-paths="/=/"
solidity_flattener contracts/proxies/GnosisSafeProxyFactory.sol --output build/flattened_contracts/GnosisSafeProxyFactory.sol
find build/flattened_contracts -name '*.sol' -exec sed -i '' 's/pragma solidity ^0.4.13;/pragma solidity >=0.5.0 <0.7.0;/g' {} \;

Using with OpenZeppelin SDK

You can create a gnosis safe upgradeable instance using OpenZeppelin SDK by linking to the provided EVM package. This will use the master copy already deployed to mainnet, kovan, or rinkeby, reducing gas deployment costs.

To create an instance using OpenZeppelin SDK:

$ npm install -g @openzeppelin/sdk
$ oz init YourProject
$ oz link @gnosis.pm/safe-contracts
$ oz push --network rinkeby
> Connecting to dependency @gnosis.pm/safe-contracts 1.0.0
$ oz create @gnosis.pm//GnosisSafe --init setup --args "[$ADDRESS1,$ADDRESS2,$ADDRESS3],2,0x0000000000000000000000000000000000000000,\"\"" --network rinkeby --from $SENDER
> Instance created at SAFE_ADDRESS

It is suggested to use a non-default address as $SENDER.

Note: When using the contracts via ZeppelinOS make sure to choose an appropriate Proxy admin. An upgradable proxy enables the user to update the master copy (aka implementation). The default upgradable proxy is managed by an admin address. This admin address is independent from the owners of the Safe. Therefore it would be possible for the admin to change the master copy without the approval of any owner, thus allowing him to gain full access to the Safe.

Documentation

Audits/ Formal Verification

Security and Liability

All contracts are WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

License

All smart contracts are released under LGPL v.3.

Contributors