base · xenoliss · May 6, 2025 · May 1, 2025 · May 2, 2025 · May 5, 2025
diff --git a/Makefile b/Makefile
@@ -4,12 +4,15 @@ INCIDENT_DIR = $(network)/$(shell date +'%Y-%m-%d')-$(incident)
 GAS_INCREASE_DIR = $(network)/$(shell date +'%Y-%m-%d')-increase-gas-limit
 FAULT_PROOF_UPGRADE_DIR = $(network)/$(shell date +'%Y-%m-%d')-upgrade-fault-proofs
 SAFE_MANAGEMENT_DIR = $(network)/$(shell date +'%Y-%m-%d')-safe-swap-owner
+FUNDING_DIR = $(network)/$(shell date +'%Y-%m-%d')-funding
+
 TEMPLATE_GENERIC = setup-templates/template-generic
 TEMPLATE_DEPLOY = setup-templates/template-deploy
 TEMPLATE_INCIDENT = setup-templates/template-incident
 TEMPLATE_GAS_INCREASE = setup-templates/template-gas-increase
 TEMPLATE_UPGRADE_FAULT_PROOFS = setup-templates/template-upgrade-fault-proofs
 TEMPLATE_SAFE_MANAGEMENT = setup-templates/template-safe-management
+TEMPLATE_FUNDING = setup-templates/template-funding
 
 ifndef $(GOPATH)
     GOPATH=$(shell go env GOPATH)
@@ -53,6 +56,11 @@ setup-safe-management:
 	rm -rf $(TEMPLATE_SAFE_MANAGEMENT)/cache $(TEMPLATE_SAFE_MANAGEMENT)/lib $(TEMPLATE_SAFE_MANAGEMENT)/out
 	cp -r $(TEMPLATE_SAFE_MANAGEMENT) $(SAFE_MANAGEMENT_DIR)
 
+# Run `make setup-funding network=<network>`
+setup-funding:
+	rm -rf $(TEMPLATE_FUNDING)/cache $(TEMPLATE_FUNDING)/lib $(TEMPLATE_FUNDING)/out
+	cp -r $(TEMPLATE_FUNDING) $(FUNDING_DIR)
+
 ##
 # Solidity Setup
 ##

diff --git a/README.md b/README.md
@@ -125,6 +125,21 @@ This template is used to perform ownership management on a Gnosis Safe multisig,
 1. Check in the task when it's ready to sign and request the facilitators to collect signatures from signers.
 1. Once executed, check in the records files and mark the task `DONE` in the README.
 
+## Using the funding template
+
+This template is used to fund addresses from a Gnosis Safe.
+
+1. Ensure you have followed the instructions above in `setup`.
+1. Run `make setup-funding network=<network>` and go to the folder that was created by this command.
+1. Specify the commit of [Optimism code](https://github.com/ethereum-optimism/optimism) and [Base contracts code](https://github.com/base/contracts) you intend to use in the `.env` file.
+1. Run `make deps`.
+1. Specify the `SAFE`, which is the safe that will fund the addresses in the `.env` file.
+1. Specify the `recipients` and `funds` arrays (in 1e18 units) in the `funding.json` file.
+1. Build the contracts with `forge build`.
+1. Simulate the task with `make sign` and update the generic validations in `VALIDATION.md` with the real values.
+1. Check in the task when it's ready to sign and request the facilitators to collect signatures from signers.
+1. Once executed, check in the records files and mark the task `DONE` in the README.
+
 ## Using the generic template
 
 This template can be used to do contract calls, upgrades, or one-off deployments.

diff --git a/setup-templates/template-funding/.env b/setup-templates/template-funding/.env
@@ -0,0 +1,4 @@
+OP_COMMIT=
+BASE_CONTRACTS_COMMIT=
+
+SAFE=
diff --git a/setup-templates/template-funding/Makefile b/setup-templates/template-funding/Makefile
@@ -0,0 +1,18 @@
+include ../../Makefile
+include ../.env
+include .env
+
+ifndef LEDGER_ACCOUNT
+override LEDGER_ACCOUNT = 0
+endif
+
+.PHONY: sign
+sign:
+	$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
+	forge script --rpc-url $(L1_RPC_URL) FundScript \
+	--sig "sign(address[])" "[]"
+
+.PHONY: execute
+execute:
+	forge script --rpc-url $(L1_RPC_URL) FundScript \
+	--sig "run(bytes)" $(SIGNATURES) --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv
diff --git a/setup-templates/template-funding/README.md b/setup-templates/template-funding/README.md
@@ -0,0 +1,148 @@
+# Funding
+
+Status: PENDING
+
+## Description
+
+This task contains a single script that can be used to fund addresses from a Gnosis Safe.
+
+## Procedure
+
+### 1. Update repo:
+
+```bash
+cd contract-deployments
+git pull
+cd <network>/<date>safe-swap-owner
+make deps
+```
+
+### 2. Setup Ledger
+
+Your Ledger needs to be connected and unlocked. The Ethereum
+application needs to be opened on Ledger with the message "Application
+is ready".
+
+### 3. Simulate, Validate, and Sign
+
+#### 3.1. Simulate and validate the transaction
+
+Make sure your ledger is still unlocked and run the following.
+
+```bash
+make sign
+```
+
+You will see a "Simulation link" from the output.
+
+Paste this URL in your browser. A prompt may ask you to choose a
+project, any project will do. You can create one if necessary.
+
+Click "Simulate Transaction".
+
+We will be performing 3 validations and extract the domain hash and
+message hash to approve on your Ledger:
+
+1. Validate integrity of the simulation.
+2. Validate correctness of the state diff.
+3. Validate and extract domain hash and message hash to approve.
+
+##### 3.1.1. Validate integrity of the simulation.
+
+Make sure you are on the "Overview" tab of the tenderly simulation, to
+validate integrity of the simulation, we need to check the following:
+
+1. "Network": Check the network is `<network>`.
+2. "Timestamp": Check the simulation is performed on a block with a<
EDBE
/span>
+   recent timestamp (i.e. close to when you run the script).
+3. "Sender": Check the address shown is your signer account.
+
+##### 3.1.2. Validate correctness of the state diff.
+
+Now click on the "State" tab, and refer to the [State Validations](./VALIDATION.md) instructions for the transaction you are signing.
+Once complete return to this document to complete the signing.
+
+### 4. Extract the domain hash and the message hash to approve.
+
+Now that we have verified the transaction performs the right
+operation, we need to extract the domain hash and the message hash to
+approve.
+
+Go back to the "Overview" tab, and find the
+`GnosisSafe.checkSignatures` call. This call's `data` parameter
+contains both the domain hash and the message hash that will show up
+in your Ledger.
+
+It will be a concatenation of `0x1901`, the domain hash, and the
+message hash: `0x1901[domain hash][message hash]`.
+
+Note down this value. You will need to compare it with the ones
+displayed on the Ledger screen at signing.
+
+Once the validations are done, it's time to actually sign the
+transaction.
+
+> [!WARNING]
+> This is the most security critical part of the playbook: make sure the
+> domain hash and message hash in the following three places match:
+>
+> 1. On your Ledger screen.
+> 2. In the terminal output.
+> 3. In the Tenderly simulation. You should use the same Tenderly
+>    simulation as the one you used to verify the state diffs, instead
+>    of opening the new one printed in the console.
+>
+
+After verification, sign the transaction. You will see the `Data`,
+`Signer` and `Signature` printed in the console. Format should be
+something like this:
+
+```shell
+Data:  <DATA>
+Signer: <ADDRESS>
+Signature: <SIGNATURE>
+```
+
+Double check the signer address is the right one.
+
+#### 4.1. Send the output to Facilitator(s)
+
+Nothing has occurred onchain - these are offchain signatures which
+will be collected by Facilitators for execution. Execution can occur
+by anyone once a threshold of signatures are collected, so a
+Facilitator will do the final execution for convenience.
+
+Share the `Data`, `Signer` and `Signature` with the Facilitator, and
+congrats, you are done!
+
+### [For Facilitator ONLY] How to execute
+
+#### Execute the transaction
+
+1. Collect outputs from all participating signers.
+1. Concatenate all signatures and export it as the `SIGNATURES`
+   environment variable, i.e. `export
+SIGNATURES="[SIGNATURE1][SIGNATURE2]..."`.
+1. Run the `make execute` command as described below to execute the transaction.
+
+For example, if the quorum is 2 and you get the following outputs:
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE01
+Signature: AAAA
+```
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE02
+Signature: BBBB
+```
+
+Then you should run:
+
+Coinbase facilitator:
+
+```bash
+SIGNATURES=AAAABBBB make execute
+```
diff --git a/setup-templates/template-funding/foundry.toml b/setup-templates/template-funding/foundry.toml
@@ -0,0 +1,20 @@
+[profile.default]
+src = 'src'
+out = 'out'
+libs = ['lib']
+broadcast = 'records'
+fs_permissions = [{ access = "read-write", path = "./" }]
+optimizer = true
+optimizer_runs = 999999
+solc_version = "0.8.15"
+via-ir = false
+remappings = [
+    '@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/',
+    '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts',
+    '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts',
+    '@rari-capital/solmate/=lib/solmate/',
+    '@base-contracts/=lib/base-contracts',
+    '@solady/=lib/solady/src/',
+]
+
+# See more config options https://github.com/foundry-rs/foundry/tree/master/config
diff --git a/setup-templates/template-funding/funding.json b/setup-templates/template-funding/funding.json
@@ -0,0 +1,10 @@
+{
+    "recipients": [
+        "0x0000000000000000000000000000000000000042",
+        "0x0000000000000000000000000000000000000043"
+    ],
+    "funds": [
+        100000000000000000,
+        50000000000000000
+    ]
+}
diff --git a/setup-templates/template-funding/script/Fund.s.sol b/setup-templates/template-funding/script/Fund.s.sol
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.15;
+
+import {Vm} from "forge-std/Vm.sol";
+import {IMulticall3} from "forge-std/interfaces/IMulticall3.sol";
+
+import {MultisigScript} from "@base-contracts/script/universal/MultisigScript.sol";
+import {Simulation} from "@base-contracts/script/universal/Simulation.sol";
+
+contract FundScript is MultisigScript {
+    address internal immutable SAFE;
+
+    uint256 internal immutable SAFE_BALANCE_BEFORE;
+    uint256 internal immutable TOTAL_FUNDS;
+
+    address[] internal RECIPIENTS;
+    uint256[] internal FUNDS;
+    uint256[] internal RECIPIENT_BALANCES_BEFORE;
+
+    constructor() {
+        SAFE = vm.envAddress("SAFE");
+
+        string memory funding = vm.readFile("./funding.json");
+        RECIPIENTS = vm.parseJsonAddressArray(funding, ".recipients");
+        FUNDS = vm.parseJsonUintArray(funding, ".funds");
+
+        uint256 totalFunds = 0;
+        RECIPIENT_BALANCES_BEFORE = new uint256[](RECIPIENTS.length + 1);
+        for (uint256 i; i < RECIPIENTS.length; i++) {
+            RECIPIENT_BALANCES_BEFORE[i] = RECIPIENTS[i].balance;
+            totalFunds += FUNDS[i];
+        }
+
+        SAFE_BALANCE_BEFORE = SAFE.balance;
+        TOTAL_FUNDS = totalFunds;
+    }
+
+    function setUp() public view {
+        _precheck();
+    }
+
+    function _precheck() internal view {
+        require(RECIPIENTS.length == FUNDS.length, "RECIPIENTS and FUNDS not same length");
+        require(RECIPIENTS.length > 0, "RECIPIENTS and FUNDS empty");
+            require(SAFE.balance >= TOTAL_FUNDS, "SAFE not enough balance");
+    }
+
+    function _buildCalls() internal view override returns (IMulticall3.Call3Value[] memory) {
+        IMulticall3.Call3Value[] memory calls = new IMulticall3.Call3Value[](RECIPIENTS.length);
+
+        for (uint256 i; i < RECIPIENTS.length; i++) {
+            calls[i] =
+                IMulticall3.Call3Value({target: RECIPIENTS[i], allowFailure: false, callData: "", value: FUNDS[i]});
+        }
+
+        return calls;
+    }
+
+    function _postCheck(Vm.AccountAccess[] memory, Simulation.Payload memory) internal view override {
+        for (uint256 i; i < RECIPIENTS.length; i++) {
+            vm.assertEq(
+                RECIPIENTS[i].balance, RECIPIENT_BALANCES_BEFORE[i] + FUNDS[i], "Recipient balance is not correct"
+            );
+        }
+
+        vm.assertEq(SAFE.balance, SAFE_BALANCE_BEFORE - TOTAL_FUNDS, "Owner safe balance is not correct");
+    }
+
+    function _ownerSafe() internal view override returns (address) {
+        return SAFE;
+    }
+}