This repository contains smart contracts for Safe Guard implementation, which provides delegate call restrictions for Safe multisig wallets.
The SafeGuard contract is a guard implementation for the Safe (formerly Gnosis Safe) smart contract wallet. It restricts delegate calls to only allowed target addresses, providing an additional layer of security.
The SafeTxPool contract serves as both a transaction pool for Safe transactions and can also function as a Guard that automatically marks transactions as executed after they are processed by the Safe.
This project uses Foundry for development and testing.
forge installforge testforge coverageFirst, create a .env file from the example:
cp .env.example .envEdit .env with your values:
PRIVATE_KEY=your_private_key_without_0x
RPC_URL=your_rpc_url
Source the environment variables and run the deployment script:
source .env && forge script script/DeploySafeGuard.s.sol:DeploySafeGuard --rpc-url $RPC_URL --broadcast -vvvvFor deploying the SafeTxPool:
source .env && forge script script/DeploySafeTxPool.s.sol:DeploySafeTxPool --rpc-url $RPC_URL --broadcast -vvvv--verify: Verify contract on Etherscan--chain-id <id>: Specify network chain ID--gas-price <price>: Set specific gas price--legacy: For networks not supporting EIP-1559
source .env && forge script script/DeploySafeGuard.s.sol:DeploySafeGuard --rpc-url $RPC_URL --broadcast --chain-id 11155111 -vvvvAfter deployment, the SafeGuard can be:
- Set as a guard on a Safe wallet
- Configured with allowed target addresses for delegate calls
- Managed by the owner to add/remove allowed targets
The SafeTxPool contract has dual functionality:
-
Transaction Pool:
- Propose transactions for Safe wallets
- Collect signatures from owners
- Track pending transactions
- Mark transactions as executed
-
Guard for Automatic Execution Tracking:
- Implements the Guard interface
- Can be set as a Guard on Safe wallets
- Automatically marks transactions as executed in the pool when they are executed by the Safe
- Directly uses the same transaction hash as the Safe itself (no mapping required)
To use the SafeTxPool as a Guard:
- Deploy the SafeTxPool contract
- Set it as a Guard on your Safe wallet using
setGuard - When a transaction is executed by the Safe, the guard's
checkAfterExecutionwill automatically mark it as executed in the pool
This project is licensed under the MIT License - see the LICENSE file for details.