From e609bf009296cd77e1374821bce257cb1309eea0 Mon Sep 17 00:00:00 2001 From: Leopold Joy Date: Mon, 3 Nov 2025 02:41:17 +0000 Subject: [PATCH 1/7] implement incident multisig signers update task template and also use it to replace the outdated safe-management template --- Makefile | 12 +- README.md | 15 +- .../template-incident-multisig-signers/.env | 12 ++ .../Makefile | 32 ++++ .../OwnerDiff.json | 8 + .../README.md | 50 ++++++ .../foundry.toml | 6 +- .../script/UpdateSigners.s.sol | 166 ++++++++++++++++++ setup-templates/template-safe-management/.env | 7 - .../template-safe-management/Makefile | 23 --- .../template-safe-management/README.md | 149 ---------------- .../template-safe-management/VALIDATION.md | 78 -------- .../script/SwapOwner.s.sol | 67 ------- 13 files changed, 285 insertions(+), 340 deletions(-) create mode 100644 setup-templates/template-incident-multisig-signers/.env create mode 100644 setup-templates/template-incident-multisig-signers/Makefile create mode 100644 setup-templates/template-incident-multisig-signers/OwnerDiff.json create mode 100644 setup-templates/template-incident-multisig-signers/README.md rename setup-templates/{template-safe-management => template-incident-multisig-signers}/foundry.toml (83%) create mode 100644 setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol delete mode 100644 setup-templates/template-safe-management/.env delete mode 100644 setup-templates/template-safe-management/Makefile delete mode 100644 setup-templates/template-safe-management/README.md delete mode 100644 setup-templates/template-safe-management/VALIDATION.md delete mode 100644 setup-templates/template-safe-management/script/SwapOwner.s.sol diff --git a/Makefile b/Makefile index daf4637d..c2fe361d 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ FOUNDRY_COMMIT ?= 3b1129b5bc43ba22a9bcf4e4323c5a9df0023140 PROJECT_DIR = $(network)/$(shell date +'%Y-%m-%d')-$(task) GAS_INCREASE_DIR = $(network)/$(shell date +'%Y-%m-%d')-increase-gas-limit FAULT_PROOF_UPGRADE_DIR = $(network)/$(shell date +'%Y-%m-%d')-upgrade-fault-proofs -SAFE_MANAGEMENT_DIR = $(network)/$(shell date +'%Y-%m-%d')-safe-swap-owner +INCIDENT_MULTISIG_SIGNERS_DIR = $(network)/$(shell date +'%Y-%m-%d')-incident-multisig-signers FUNDING_DIR = $(network)/$(shell date +'%Y-%m-%d')-funding SET_BASE_BRIDGE_PARTNER_THRESHOLD_DIR = $(network)/$(shell date +'%Y-%m-%d')-pause-bridge-base PAUSE_BRIDGE_BASE_DIR = $(network)/$(shell date +'%Y-%m-%d')-pause-bridge-base @@ -11,7 +11,7 @@ PAUSE_BRIDGE_BASE_DIR = $(network)/$(shell date +'%Y-%m-%d')-pause-bridge-base TEMPLATE_GENERIC = setup-templates/template-generic TEMPLATE_GAS_INCREASE = setup-templates/template-gas-increase TEMPLATE_UPGRADE_FAULT_PROOFS = setup-templates/template-upgrade-fault-proofs -TEMPLATE_SAFE_MANAGEMENT = setup-templates/template-safe-management +TEMPLATE_INCIDENT_MULTISIG_SIGNERS = setup-templates/template-incident-multisig-signers TEMPLATE_FUNDING = setup-templates/template-funding TEMPLATE_SET_BASE_BRIDGE_PARTNER_THRESHOLD = setup-templates/template-set-bridge-partner-threshold TEMPLATE_PAUSE_BRIDGE_BASE = setup-templates/template-pause-bridge-base @@ -43,10 +43,10 @@ setup-gas-increase: setup-upgrade-fault-proofs: cp -r $(TEMPLATE_UPGRADE_FAULT_PROOFS) $(FAULT_PROOF_UPGRADE_DIR) -# Run `make setup-safe-management network=` -setup-safe-management: - rm -rf $(TEMPLATE_SAFE_MANAGEMENT)/cache $(TEMPLATE_SAFE_MANAGEMENT)/lib $(TEMPLATE_SAFE_MANAGEMENT)/out - cp -r $(TEMPLATE_SAFE_MANAGEMENT) $(SAFE_MANAGEMENT_DIR) +# Run `make setup-incident-multisig-signers network=` +setup-incident-multisig-signers: + rm -rf $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS)/cache $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS)/lib $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS)/out + cp -r $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS) $(INCIDENT_MULTISIG_SIGNERS_DIR) # Run `make setup-funding network=` setup-funding: diff --git a/README.md b/README.md index 5b6a76f2..8d457161 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ To execute a new task, run one of the following commands (depending on the type - For gas increase tasks: `make setup-gas-increase network=` - For funding: `make setup-funding network=` - For fault proof upgrade: `make setup-upgrade-fault-proofs network=` -- For safe management tasks: `make setup-safe-management network=` +- For changing incident multisig signers tasks: `make setup-incident-multisig-signers network=` - For funding tasks: `make setup-funding network=` - For updating the partner threshold in Base Bridge: `make setup-bridge-partner-threshold network=` - For pausing / un-pausing Base Bridge: `make setup-bridge-pause network=` @@ -114,15 +114,16 @@ This template is used to upgrade the fault proof contracts. This is commonly don ## Using the swap owner template -This template is used to perform ownership management on a Gnosis Safe multisig, specifically it can swap owners on the multisig. +This template is used to perform ownership management on the (Gnosis Safe) incident multisig, specifically it can change the owners of the multisig. -1. Ensure you have followed the instructions above in `setup`. -1. Run `make setup-safe-management network=` and go to the folder that was created by this command. +1. Ensure you have followed the instructions above in `setup`, including running `make setup-incident-multisig-signers network=` and go to the folder that was created by this command. 1. Specify the commit of [Optimism code](https://github.com/ethereum-optimism/optimism) and [Base contracts code](https://github.com/base-org/contracts) you intend to use in the `.env` file. -1. Run `make deps`. -1. Specify the `OWNER_SAFE`, which is the safe multisig where an owner will be replaced, the `OLD_SIGNER` (current owner) to remove, and the `NEW_SIGNER` (new owner) to be added in the `.env` file. +1. Enter the directory that was generated for the task (in the first step) and then run `make deps`. +1. Specify the `OWNER_SAFE`, which is the safe multisig where an owner will be replaced and the `SENDER` which should be the address of a current signer of the multisig. +1. Fill in the `OwnerDiff.json` inside the task's directory with the addresses to add to, and remove from, the multisig in their respective fields. 1. Build the contracts with `forge build`. -1. Simulate the task with `make sign` and update the generic validations in `VALIDATION.md` with the real values. +1. Generate the validation file for signers with `make gen-validation`. +1. Appropriately fill in both of the generated validation files 6 empty fields at the top of the generated validations file at `validations/base-signer.json` (e.g. "taskName", "scriptName", etc.). Ensure, in particular, that the `sender` field in the validations file matches the `SENDER` env var defined in the `.env` file. 1. Check in the task when it's ready to sign and request the facilitators to collect signatures from signers. 1. Once executed, check in the records files and mark the task `EXECUTED` in the README. diff --git a/setup-templates/template-incident-multisig-signers/.env b/setup-templates/template-incident-multisig-signers/.env new file mode 100644 index 00000000..4e3a2299 --- /dev/null +++ b/setup-templates/template-incident-multisig-signers/.env @@ -0,0 +1,12 @@ +OP_COMMIT=TODO # Recommend using the version of https://github.com/ethereum-optimism/optimism that the current SystemConfig contract is on +BASE_CONTRACTS_COMMIT=TODO # Recommend using the latest version of https://github.com/base-org/contracts + +# TODO: ensure `OWNER_SAFE` is correct on the given network +OWNER_SAFE=TODO + +# TODO: ensure `SENDER` is a signer for `OWNER_SAFE` on the given network and is ALSO the same sender defined in the validations/base-signer.json file +SENDER=TODO + +RECORD_STATE_DIFF=true + +EXISTING_OWNERS_LENGTH=TODO diff --git a/setup-templates/template-incident-multisig-signers/Makefile b/setup-templates/template-incident-multisig-signers/Makefile new file mode 100644 index 00000000..23383fc5 --- /dev/null +++ b/setup-templates/template-incident-multisig-signers/Makefile @@ -0,0 +1,32 @@ +include ../../Makefile +include ../../Multisig.mk +include ../.env +include .env + +SCRIPT = UpdateSigners + +ifndef LEDGER_ACCOUNT +override LEDGER_ACCOUNT = 1 +endif + +.PHONY: deps +deps: new-forge-deps + +.PHONY: new-forge-deps +new-forge-deps: + forge install --no-git safe-global/safe-smart-account@186a21a74b327f17fc41217a927dea7064f74604 + +.PHONY: gen-validation +gen-validation: checkout-signer-tool run-script + +.PHONY: run-script +run-script: + cd $(SIGNER_TOOL_PATH); \ + npm ci; \ + bun run scripts/genValidationFile.ts --rpc-url $(L1_RPC_URL) \ + --workdir .. --forge-cmd 'forge script --rpc-url $(L1_RPC_URL) \ + $(SCRIPT) --sig "sign(address[])" [] --sender $(SENDER)' --out ../validations/base-signer.json; + +.PHONY: execute +execute: + $(call MULTISIG_EXECUTE,$(SIGNATURES)) diff --git a/setup-templates/template-incident-multisig-signers/OwnerDiff.json b/setup-templates/template-incident-multisig-signers/OwnerDiff.json new file mode 100644 index 00000000..f2321928 --- /dev/null +++ b/setup-templates/template-incident-multisig-signers/OwnerDiff.json @@ -0,0 +1,8 @@ +{ + "OwnersToAdd": [ + "0x0000000000000000000000000000000000000000" + ], + "OwnersToRemove": [ + "0x0000000000000000000000000000000000000001" + ] +} diff --git a/setup-templates/template-incident-multisig-signers/README.md b/setup-templates/template-incident-multisig-signers/README.md new file mode 100644 index 00000000..9da9d915 --- /dev/null +++ b/setup-templates/template-incident-multisig-signers/README.md @@ -0,0 +1,50 @@ +# Update Sepolia Incident Multisig Signers + +Status: TODO[READY TO SIGN|DONE] + +## Description + +We wish to update the owners of our Incident Multisig to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. + +## Install dependencies + +### 1. Update foundry + +```bash +foundryup +``` + +### 2. Install Node.js if needed + +First, check if you have node installed + +```bash +node --version +``` + +If you see a version output from the above command, you can move on. Otherwise, install node + +```bash +brew install node +``` + +## Approving Signers Update + +### 1. Update repo: + +```bash +cd contract-deployments +git pull +``` + +### 2. Run the signing tool (NOTE: do not enter the task directory. Run this command from the project's root). + +```bash +make sign-task +``` + +### 3. Open the UI at [http://localhost:3000](http://localhost:3000) + +Be sure to select the correct task from the list of available tasks to sign. + +### 4. Send signature to facilitator diff --git a/setup-templates/template-safe-management/foundry.toml b/setup-templates/template-incident-multisig-signers/foundry.toml similarity index 83% rename from setup-templates/template-safe-management/foundry.toml rename to setup-templates/template-incident-multisig-signers/foundry.toml index 1f932186..14499ab0 100644 --- a/setup-templates/template-safe-management/foundry.toml +++ b/setup-templates/template-incident-multisig-signers/foundry.toml @@ -3,7 +3,7 @@ src = 'src' out = 'out' libs = ['lib'] broadcast = 'records' -fs_permissions = [ {access = "read-write", path = "./"} ] +fs_permissions = [{ access = "read-write", path = "./" }] optimizer = true optimizer_runs = 999999 solc_version = "0.8.15" @@ -14,7 +14,7 @@ remappings = [ '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts', '@rari-capital/solmate/=lib/solmate/', '@base-contracts/=lib/base-contracts', - '@solady/=lib/solady/src/' + 'solady/=lib/solady/src/', ] -# See more config options https://github.com/foundry-rs/foundry/tree/master/config \ No newline at end of file +# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol new file mode 100644 index 00000000..1cdf65ce --- /dev/null +++ b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol @@ -0,0 +1,166 @@ +// SPDX-License-Identifier: MIT +pragma solidity 0.8.15; + +import {Vm} from "forge-std/Vm.sol"; +import {stdJson} from "forge-std/StdJson.sol"; +import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; +import {IMulticall3} from "forge-std/interfaces/IMulticall3.sol"; + +import {MultisigScript} from "@base-contracts/script/universal/MultisigScript.sol"; +import {GnosisSafe} from "safe-smart-account/GnosisSafe.sol"; +import {OwnerManager} from "safe-smart-account/base/OwnerManager.sol"; + +contract UpdateSigners is MultisigScript { + using stdJson for string; + + address public constant SENTINEL_OWNERS = address(0x1); + + address public immutable OWNER_SAFE; + uint256 public immutable EXISTING_OWNERS_LENGTH; + uint256 public immutable THRESHOLD; + address[] public EXISTING_OWNERS; + + address[] public OWNERS_TO_ADD; + address[] public OWNERS_TO_REMOVE; + + mapping(address => address) public ownerToPrevOwner; + mapping(address => address) public ownerToNextOwner; + mapping(address => bool) public expectedOwner; + + constructor() { + OWNER_SAFE = vm.envAddress("OWNER_SAFE"); + EXISTING_OWNERS_LENGTH = vm.envUint("EXISTING_OWNERS_LENGTH"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + THRESHOLD = ownerSafe.getThreshold(); + EXISTING_OWNERS = ownerSafe.getOwners(); + + string memory rootPath = vm.projectRoot(); + string memory path = string.concat(rootPath, "/OwnerDiff.json"); + string memory jsonData = vm.readFile(path); + + OWNERS_TO_ADD = abi.decode(jsonData.parseRaw(".OwnersToAdd"), (address[])); + OWNERS_TO_REMOVE = abi.decode(jsonData.parseRaw(".OwnersToRemove"), (address[])); + } + + function setUp() external { + require(OWNERS_TO_ADD.length > 0, "Precheck 00"); + require(OWNERS_TO_REMOVE.length > 0, "Precheck 01"); + require(EXISTING_OWNERS.length == EXISTING_OWNERS_LENGTH, "Precheck 02"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address prevOwner = SENTINEL_OWNERS; + + // Build the linked list from the current on-chain owners first. + for (uint256 i; i < EXISTING_OWNERS.length; i++) { + ownerToPrevOwner[EXISTING_OWNERS[i]] = prevOwner; + ownerToNextOwner[prevOwner] = EXISTING_OWNERS[i]; + prevOwner = EXISTING_OWNERS[i]; + expectedOwner[EXISTING_OWNERS[i]] = true; + } + + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + // Make sure owners to remove are owners + require(ownerSafe.isOwner(OWNERS_TO_REMOVE[i]), "Precheck 05"); + // Prevent duplicates + require(expectedOwner[OWNERS_TO_REMOVE[i]], "Precheck 06"); + expectedOwner[OWNERS_TO_REMOVE[i]] = false; + } + + // Validate owners to add are not already owners and mark as expected post-state owners. + for (uint256 i; i < OWNERS_TO_ADD.length; i++) { + // Make sure owners to add are not already owners + require(!ownerSafe.isOwner(OWNERS_TO_ADD[i]), "Precheck 03"); + // Prevent duplicates across the adds list + require(!expectedOwner[OWNERS_TO_ADD[i]], "Precheck 04"); + expectedOwner[OWNERS_TO_ADD[i]] = true; + } + } + + function _postCheck(Vm.AccountAccess[] memory, Simulation.Payload memory) internal view override { + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address[] memory postCheckOwners = ownerSafe.getOwners(); + uint256 postCheckThreshold = ownerSafe.getThreshold(); + + uint256 expectedLength = EXISTING_OWNERS.length + OWNERS_TO_ADD.length - OWNERS_TO_REMOVE.length; + + require(postCheckThreshold == THRESHOLD, "Postcheck 00"); + require(postCheckOwners.length == expectedLength, "Postcheck 01"); + + for (uint256 i; i < postCheckOwners.length; i++) { + require(expectedOwner[postCheckOwners[i]], "Postcheck 02"); + } + } + + function _buildCalls() internal view override returns (IMulticall3.Call3Value[] memory) { + IMulticall3.Call3Value[] memory calls = + new IMulticall3.Call3Value[](OWNERS_TO_ADD.length + OWNERS_TO_REMOVE.length); + + // Create a working copy of the current owners. We'll mutate this in-memory as we plan removals + address[] memory workingOwners = new address[](EXISTING_OWNERS.length); + for (uint256 i; i < EXISTING_OWNERS.length; i++) { + workingOwners[i] = EXISTING_OWNERS[i]; + } + + // 1) Build removal calls sequentially, deriving prev from the current working list each time + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + address owner = OWNERS_TO_REMOVE[i]; + (bool found, uint256 idx) = _findIndex(workingOwners, owner); + require(found, "owner to remove not in working set"); + + address prev = SENTINEL_OWNERS; + if (idx > 0) { + uint256 j = idx; + while (j > 0) { + j--; + if (workingOwners[j] != address(0)) { + prev = workingOwners[j]; + break; + } + } + } + + calls[i] = IMulticall3.Call3Value({ + target: OWNER_SAFE, + allowFailure: false, + callData: abi.encodeCall(OwnerManager.removeOwner, (prev, owner, THRESHOLD)), + value: 0 + }); + + // Mark the owner as removed for subsequent predecessor computations + workingOwners[idx] = address(0); + } + + // 2) Then add the new owners, keeping the threshold unchanged. + for (uint256 i; i < OWNERS_TO_ADD.length; i++) { + calls[OWNERS_TO_REMOVE.length + i] = IMulticall3.Call3Value({ + target: OWNER_SAFE, + allowFailure: false, + callData: abi.encodeCall(OwnerManager.addOwnerWithThreshold, (OWNERS_TO_ADD[i], THRESHOLD)), + value: 0 + }); + } + + return calls; + } + + function _findIndex(address[] memory arr, address needle) internal pure returns (bool, uint256) { + for (uint256 i; i < arr.length; i++) { + if (arr[i] == needle) return (true, i); + } + return (false, 0); + } + + function _prevInList(address[] memory list, address owner) internal pure returns (address) { + for (uint256 i; i < list.length; i++) { + if (list[i] == owner) { + return i == 0 ? SENTINEL_OWNERS : list[i - 1]; + } + } + return SENTINEL_OWNERS; + } + + function _ownerSafe() internal view override returns (address) { + return OWNER_SAFE; + } +} diff --git a/setup-templates/template-safe-management/.env b/setup-templates/template-safe-management/.env deleted file mode 100644 index 1d054d17..00000000 --- a/setup-templates/template-safe-management/.env +++ /dev/null @@ -1,7 +0,0 @@ -OP_COMMIT= -BASE_CONTRACTS_COMMIT= - -OWNER_SAFE= - -OLD_SIGNER= -NEW_SIGNER= diff --git a/setup-templates/template-safe-management/Makefile b/setup-templates/template-safe-management/Makefile deleted file mode 100644 index a459b8af..00000000 --- a/setup-templates/template-safe-management/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -include ../../Makefile -include ../../Multisig.mk - -include ../.env -include .env - -ifndef LEDGER_ACCOUNT -override LEDGER_ACCOUNT = 0 -endif - -# OWNER_SAFE/ -# └── Signers - -RPC_URL = $(L1_RPC_URL) -SCRIPT_NAME = SwapOwner - -.PHONY: sign -sign: - $(call MULTISIG_SIGN,) - -.PHONY: execute -execute: - $(call MULTISIG_EXECUTE,$(SIGNATURES)) diff --git a/setup-templates/template-safe-management/README.md b/setup-templates/template-safe-management/README.md deleted file mode 100644 index c94ef3f4..00000000 --- a/setup-templates/template-safe-management/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Swap Owner on Gnosis Safe - -Status: PENDING - -## Description - -This task contains a single script that can be used to swap an owner in a Gnosis Safe. - -## Procedure - -### 1. Update repo: - -```bash -cd contract-deployments -git pull -make setup-safe-management network= -cd /safe-swap-owner -make deps -``` - -### 2. Setup Ledger - -Your Ledger needs to be connected and unlocked. The Ethereum -application needs to be opened on Ledger with the message "Application -is ready". - -### 3. Simulate, Validate, and Sign - -#### 3.1. Simulate and validate the transaction - -Make sure your ledger is still unlocked and run the following. - -```bash -make sign -``` - -You will see a "Simulation link" from the output. - -Paste this URL in your browser. A prompt may ask you to choose a -project, any project will do. You can create one if necessary. - -Click "Simulate Transaction". - -We will be performing 3 validations and extract the domain hash and -message hash to approve on your Ledger: - -1. Validate integrity of the simulation. -2. Validate correctness of the state diff. -3. Validate and extract domain hash and message hash to approve. - -##### 3.1.1. Validate integrity of the simulation. - -Make sure you are on the "Summary" tab of the tenderly simulation, to -validate integrity of the simulation, we need to check the following: - -1. "Network": Check the network is ``. -2. "Timestamp": Check the simulation is performed on a block with a - recent timestamp (i.e. close to when you run the script). -3. "Sender": Check the address shown is your signer account. - -##### 3.1.2. Validate correctness of the state diff. - -Now click on the "State" tab, and refer to the [State Validations](./VALIDATION.md) instructions for the transaction you are signing. -Once complete return to this document to complete the signing. - -### 4. Extract the domain hash and the message hash to approve. - -Now that we have verified the transaction performs the right -operation, we need to extract the domain hash and the message hash to -approve. - -Go back to the "Summary" tab, and find the -`Safe.checkSignatures` call. This call's `data` parameter -contains both the domain hash and the message hash that will show up -in your Ledger. - -It will be a concatenation of `0x1901`, the domain hash, and the -message hash: `0x1901[domain hash][message hash]`. - -Note down this value. You will need to compare it with the ones -displayed on the Ledger screen at signing. - -Once the validations are done, it's time to actually sign the -transaction. - -> [!WARNING] -> This is the most security critical part of the playbook: make sure the -> domain hash and message hash in the following three places match: -> -> 1. On your Ledger screen. -> 2. In the terminal output. -> 3. In the Tenderly simulation. You should use the same Tenderly -> simulation as the one you used to verify the state diffs, instead -> of opening the new one printed in the console. -> - -After verification, sign the transaction. You will see the `Data`, -`Signer` and `Signature` printed in the console. Format should be -something like this: - -```shell -Data: -Signer:
-Signature: -``` - -Double check the signer address is the right one. - -#### 4.1. Send the output to Facilitator(s) - -Nothing has occurred onchain - these are offchain signatures which -will be collected by Facilitators for execution. Execution can occur -by anyone once a threshold of signatures are collected, so a -Facilitator will do the final execution for convenience. - -Share the `Data`, `Signer` and `Signature` with the Facilitator, and -congrats, you are done! - -### [For Facilitator ONLY] How to execute - -#### Execute the transaction - -1. Collect outputs from all participating signers. -1. Concatenate all signatures and export it as the `SIGNATURES` - environment variable, i.e. `export -SIGNATURES="[SIGNATURE1][SIGNATURE2]..."`. -1. Run the `make execute` command as described below to execute the transaction. - -For example, if the quorum is 2 and you get the following outputs: - -```shell -Data: 0xDEADBEEF -Signer: 0xC0FFEE01 -Signature: AAAA -``` - -```shell -Data: 0xDEADBEEF -Signer: 0xC0FFEE02 -Signature: BBBB -``` - -Then you should run: - -Coinbase facilitator: - -```bash -SIGNATURES=AAAABBBB make execute -``` diff --git a/setup-templates/template-safe-management/VALIDATION.md b/setup-templates/template-safe-management/VALIDATION.md deleted file mode 100644 index 3c649fcb..00000000 --- a/setup-templates/template-safe-management/VALIDATION.md +++ /dev/null @@ -1,78 +0,0 @@ -# Validation - -This document can be used to validate the state diff resulting from the execution of the swap owner transaction. - -For each contract listed in the state diff, please verify that no contracts or state changes shown in the Tenderly diff are missing from this document. Additionally, please verify that for each contract: - -- The following state changes (and no others) are made to that contract. This validates that no unexpected state changes occur. -- All addresses (in section headers and storage values) match the provided name, using the Etherscan links provided. This validates the bytecode deployed at the addresses contains the correct logic. -- All key values match the semantic meaning provided, which can be validated using the storage layout links provided. - -## State Changes - -### `` (Base `GnosisSafeProxy`) - -- **Key**: `owners[newOwner]`
- **Before**: `0x0000000000000000000000000000000000000000000000000000000000000000`
- **After**: `Next address in the list returned by getOwners()`
- **Meaning**: Sets the address value at the mapping key `owners[newOwner]` to the next address in the list returned by `getOwners()`. This is the first step required to replace the `oldOwner` address in the linked list data structure of owners.
- **Verify**: You can verify the key derivation by running `cast index address 2` in your terminal. See the following section for an explanation of the storage and value calculations. -- **Key**: `owners[prevOwner]`
- **Before**: `oldOwner address`
- **After**: `newOwner address`
- **Meaning**: Points the address value at mapping key `owners[prevOwner]` to the `newOwner` address. This is the second step required to replace the `oldOwner` address in the linked list data structure of owners.
- **Verify**: You can verify the key derivation by running `cast index address 2` in your terminal. See the following section for an explanation of the storage and value calculations. -- **Key**: `owners[oldOwner]`
- **Before**: `Next address in the list returned by getOwners()`
- **After**: `0x0000000000000000000000000000000000000000000000000000000000000000`
- **Meaning**: Clears the address value at the mapping key `owners[oldOwner]`. This removes the final reference to the `oldOwner` from the `owners` linked list.
- **Verify**: You can verify the key derivation by running `cast index address 2` in your terminal. See the following section for an explanation of the storage and value calculations. -- **Key**: `0x0000000000000000000000000000000000000000000000000000000000000005`
- **Before**: `Current nonce value (in hexadecimal)`
- **After**: `Current nonce value + 1 (in hexadecimal)`
- **Meaning**: Increments the `nonce` value of the Gnosis Safe.
- **Verify**: You can verify the value by running `cast storage 5 -r ` in your terminal. This value represents the _current_ nonce value. - -### `SwapOwner` Storage Calculations - -The [`swapOwner`](https://github.com/safe-global/safe-smart-account/blob/8823fa3e44936e2aecf23bb97662eb0ffeff2f93/contracts/base/OwnerManager.sol#L94) function in the Gnosis Safe implementation will perform [three storage changes](https://github.com/safe-global/safe-smart-account/blob/8823fa3e44936e2aecf23bb97662eb0ffeff2f93/contracts/base/OwnerManager.sol#L106-L108): - -- Point the `newOwner` address to the owner address that was previously pointed to by the `oldOwner` that is being removed. -- Point the `prevOwner` address to the `newOwner` address. -- Remove the pointer value stored at the mapping of the `oldOwner` address. - -These changes are needed on account of the data structure that holds the owners in the Gnosis Safe implementation being a singly-linked list. To calculate the expected storage locations of these mapping values, we can perform the following: - -#### Calculating `prevOwner` - -The `prevOwner` is identified by the script, but can be manually checked by running the cast command: - -```sh -cast call "getOwners()(address[])" -r - -[0x6CD3850756b7894774Ab715D136F9dD02837De50, 0x3cd692eCE8b6573A2220ae00d0dEb98f0DfFA9a1, 0x5FbEFA105bbd53b43bf537Cbc5cD30804Dd0c993, 0x3Dad2200849925Bb46d9bF05aFa5f7F213F4c18E, 0xB011a32ED8b4F70D9943A2199F539bbeCd7b62F7, 0xf9e320f3dA12E68af219d9E2A490Dd649f6B177c] -``` - -The order that the owner addresses are returned in indicates who the `prevOwner` and next owner values of the address to remove is. If the owner to remove is the 0th value, its `prevOwner` would be the special sentinel node value [`SENTINEL_OWNERS`](https://github.com/safe-global/safe-smart-account/blob/f9cc387f72640eb2c1d6ae8abe9d6ff25ca1ed3b/contracts/base/OwnerManager.sol#L17). Otherwise, if the owner to remove is the last value in the array, its next owner address would be the special sentinel node value [`SENTINEL_OWNERS`](https://github.com/safe-global/safe-smart-account/blob/f9cc387f72640eb2c1d6ae8abe9d6ff25ca1ed3b/contracts/base/OwnerManager.sol#L17). - -#### Calculating storage locations and values - -With the order of the owners identified, we can calculate the expected storage mapping locations and their values. For the first change, the expected storage slot and value will be the following: - -**Storage Slot**: `cast index address 2` - -**Value**: The address immediately following `oldOwner` in the `getOwners` list, or the `SENTINEL_OWNERS` special value if the address is the last in the array. - -For the second change, it will be: - -**Storage Slot**: `cast index address 2` - -**Value**: `newOwner` address - -For the final storage change, it will be: - -**Storage Slot**: `cast index address 2` - -**Value**: `address(0)` - -Note that for all the above storage calculations, we used storage slot 2 as that is the location of the `owners` mapping in the Gnosis Safe storage layout. This can be confirmed with the following command: `cast storage -r -e `. Also note that while the storage changes may not appear in the same order in the Tenderly simulation, there should still be 3 storage changes related to the `owner` linked list and one change for the `nonce` value on the `GnosisSafeProxy`. There should be no additional changes to the proxy besides these ones! diff --git a/setup-templates/template-safe-management/script/SwapOwner.s.sol b/setup-templates/template-safe-management/script/SwapOwner.s.sol deleted file mode 100644 index 0dbbb6ee..00000000 --- a/setup-templates/template-safe-management/script/SwapOwner.s.sol +++ /dev/null @@ -1,67 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity 0.8.15; - -import {Vm} from "forge-std/Vm.sol"; -import {IMulticall3} from "forge-std/interfaces/IMulticall3.sol"; - -import {IGnosisSafe} from "@base-contracts/script/universal/IGnosisSafe.sol"; -import {MultisigScript} from "@base-contracts/script/universal/MultisigScript.sol"; -import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; - -contract SwapOwner is MultisigScript { - address internal OWNER_SAFE = vm.envAddress("OWNER_SAFE"); - address internal OLD_SIGNER = vm.envAddress("OLD_SIGNER"); - address internal NEW_SIGNER = vm.envAddress("NEW_SIGNER"); - - address internal constant SENTINEL_OWNERS = address(0x1); - - address[] internal safeOwners; // The list of all owners of the safe - address internal prevOwnerLinked; // The previous owner in Safe's linked list of owners - - function setUp() public { - safeOwners = IGnosisSafe(OWNER_SAFE).getOwners(); - _precheck(); - - // We need to locate the previous owner in the linked list of owners to properly swap out the target signer - for (uint256 i = 0; i < safeOwners.length; i++) { - if (safeOwners[i] == OLD_SIGNER) { - // There is a sentinel node as the head of the linked list, so we need to handle the first owner separately - if (i == 0) { - prevOwnerLinked = SENTINEL_OWNERS; - } else { - prevOwnerLinked = safeOwners[i - 1]; - } - break; - } - } - } - - function _precheck() internal view { - // Sanity checks on the current owner state of the safe - require(IGnosisSafe(OWNER_SAFE).isOwner(OLD_SIGNER), "Signer to swap is not an owner"); - require(!IGnosisSafe(OWNER_SAFE).isOwner(NEW_SIGNER), "New signer is already an owner"); - } - - function _buildCalls() internal view override returns (IMulticall3.Call3Value[] memory) { - IMulticall3.Call3Value[] memory calls = new IMulticall3.Call3Value[](1); - - // While more roundabout then simply calling execTransaction with a swapOwner call, this still works and lets us use our existing tooling - calls[0] = IMulticall3.Call3Value({ - target: OWNER_SAFE, - allowFailure: false, - callData: abi.encodeCall(IGnosisSafe.swapOwner, (prevOwnerLinked, OLD_SIGNER, NEW_SIGNER)), - value: 0 - }); - - return calls; - } - - function _postCheck(Vm.AccountAccess[] memory, Simulation.Payload memory) internal view override { - require(IGnosisSafe(OWNER_SAFE).isOwner(NEW_SIGNER), "New signer was not added as an owner"); - require(!IGnosisSafe(OWNER_SAFE).isOwner(OLD_SIGNER), "Old signer was not removed as an owner"); - } - - function _ownerSafe() internal view override returns (address) { - return OWNER_SAFE; - } -} From caa1586ece0bda2f5b80326e5426d700a58fdea7 Mon Sep 17 00:00:00 2001 From: Leopold Joy Date: Mon, 3 Nov 2025 02:43:34 +0000 Subject: [PATCH 2/7] add a TODO comment in the .env file of the task clearly defining what the EXISTING_OWNERS_LENGTH env var should contain --- setup-templates/template-incident-multisig-signers/.env | 1 + 1 file changed, 1 insertion(+) diff --git a/setup-templates/template-incident-multisig-signers/.env b/setup-templates/template-incident-multisig-signers/.env index 4e3a2299..b316eed6 100644 --- a/setup-templates/template-incident-multisig-signers/.env +++ b/setup-templates/template-incident-multisig-signers/.env @@ -9,4 +9,5 @@ SENDER=TODO RECORD_STATE_DIFF=true +# TODO: define the current (existing) number of members of the incident multisig EXISTING_OWNERS_LENGTH=TODO From a7011c377e2030d8e6f097c54f43b1cf6b771152 Mon Sep 17 00:00:00 2001 From: Leopold Joy Date: Mon, 3 Nov 2025 14:29:22 +0000 Subject: [PATCH 3/7] make fixes from review --- .../README.md | 2 +- .../script/UpdateSigners.s.sol | 22 +++++-------------- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/setup-templates/template-incident-multisig-signers/README.md b/setup-templates/template-incident-multisig-signers/README.md index 9da9d915..e0517510 100644 --- a/setup-templates/template-incident-multisig-signers/README.md +++ b/setup-templates/template-incident-multisig-signers/README.md @@ -1,6 +1,6 @@ # Update Sepolia Incident Multisig Signers -Status: TODO[READY TO SIGN|DONE] +Status: TODO[READY TO SIGN|EXECUTED] ## Description diff --git a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol index 1cdf65ce..bf050ed5 100644 --- a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol +++ b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol @@ -108,17 +108,7 @@ contract UpdateSigners is MultisigScript { (bool found, uint256 idx) = _findIndex(workingOwners, owner); require(found, "owner to remove not in working set"); - address prev = SENTINEL_OWNERS; - if (idx > 0) { - uint256 j = idx; - while (j > 0) { - j--; - if (workingOwners[j] != address(0)) { - prev = workingOwners[j]; - break; - } - } - } + address prev = _prevInList(workingOwners, idx); calls[i] = IMulticall3.Call3Value({ target: OWNER_SAFE, @@ -151,11 +141,11 @@ contract UpdateSigners is MultisigScript { return (false, 0); } - function _prevInList(address[] memory list, address owner) internal pure returns (address) { - for (uint256 i; i < list.length; i++) { - if (list[i] == owner) { - return i == 0 ? SENTINEL_OWNERS : list[i - 1]; - } + function _prevInList(address[] memory workingOwners, uint256 idx) internal pure returns (address) { + if (idx == 0) return SENTINEL_OWNERS; + for (uint256 j = idx; j > 0; j--) { + address candidate = workingOwners[j - 1]; + if (candidate != address(0)) return candidate; } return SENTINEL_OWNERS; } From a3271e6aa5b9bc7b3693072959682bc81746e06f Mon Sep 17 00:00:00 2001 From: Leopold Joy Date: Mon, 3 Nov 2025 14:42:04 +0000 Subject: [PATCH 4/7] update the UpdateSigners script to be in-line with the most recently deployed script first --- .../script/UpdateSigners.s.sol | 75 +++++++------------ 1 file changed, 27 insertions(+), 48 deletions(-) diff --git a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol index bf050ed5..35a8cb54 100644 --- a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol +++ b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol @@ -51,7 +51,19 @@ contract UpdateSigners is MultisigScript { GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); address prevOwner = SENTINEL_OWNERS; - // Build the linked list from the current on-chain owners first. + for (uint256 i = OWNERS_TO_ADD.length; i > 0; i--) { + uint256 index = i - 1; + // Make sure owners to add are not already owners + require(!ownerSafe.isOwner(OWNERS_TO_ADD[index]), "Precheck 03"); + // Prevent duplicates + require(!expectedOwner[OWNERS_TO_ADD[index]], "Precheck 04"); + + ownerToPrevOwner[OWNERS_TO_ADD[index]] = prevOwner; + ownerToNextOwner[prevOwner] = OWNERS_TO_ADD[index]; + prevOwner = OWNERS_TO_ADD[index]; + expectedOwner[OWNERS_TO_ADD[index]] = true; + } + for (uint256 i; i < EXISTING_OWNERS.length; i++) { ownerToPrevOwner[EXISTING_OWNERS[i]] = prevOwner; ownerToNextOwner[prevOwner] = EXISTING_OWNERS[i]; @@ -65,15 +77,13 @@ contract UpdateSigners is MultisigScript { // Prevent duplicates require(expectedOwner[OWNERS_TO_REMOVE[i]], "Precheck 06"); expectedOwner[OWNERS_TO_REMOVE[i]] = false; - } - // Validate owners to add are not already owners and mark as expected post-state owners. - for (uint256 i; i < OWNERS_TO_ADD.length; i++) { - // Make sure owners to add are not already owners - require(!ownerSafe.isOwner(OWNERS_TO_ADD[i]), "Precheck 03"); - // Prevent duplicates across the adds list - require(!expectedOwner[OWNERS_TO_ADD[i]], "Precheck 04"); - expectedOwner[OWNERS_TO_ADD[i]] = true; + // Remove from linked list to keep ownerToPrevOwner up to date + // Note: This works as long as the order of OWNERS_TO_REMOVE does not change during `_buildCalls()` + address nextOwner = ownerToNextOwner[OWNERS_TO_REMOVE[i]]; + address prevPtr = ownerToPrevOwner[OWNERS_TO_REMOVE[i]]; + ownerToPrevOwner[nextOwner] = prevPtr; + ownerToNextOwner[prevPtr] = nextOwner; } } @@ -96,37 +106,22 @@ contract UpdateSigners is MultisigScript { IMulticall3.Call3Value[] memory calls = new IMulticall3.Call3Value[](OWNERS_TO_ADD.length + OWNERS_TO_REMOVE.length); - // Create a working copy of the current owners. We'll mutate this in-memory as we plan removals - address[] memory workingOwners = new address[](EXISTING_OWNERS.length); - for (uint256 i; i < EXISTING_OWNERS.length; i++) { - workingOwners[i] = EXISTING_OWNERS[i]; - } - - // 1) Build removal calls sequentially, deriving prev from the current working list each time - for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { - address owner = OWNERS_TO_REMOVE[i]; - (bool found, uint256 idx) = _findIndex(workingOwners, owner); - require(found, "owner to remove not in working set"); - - address prev = _prevInList(workingOwners, idx); - + for (uint256 i; i < OWNERS_TO_ADD.length; i++) { calls[i] = IMulticall3.Call3Value({ target: OWNER_SAFE, allowFailure: false, - callData: abi.encodeCall(OwnerManager.removeOwner, (prev, owner, THRESHOLD)), + callData: abi.encodeCall(OwnerManager.addOwnerWithThreshold, (OWNERS_TO_ADD[i], THRESHOLD)), value: 0 }); - - // Mark the owner as removed for subsequent predecessor computations - workingOwners[idx] = address(0); } - // 2) Then add the new owners, keeping the threshold unchanged. - for (uint256 i; i < OWNERS_TO_ADD.length; i++) { - calls[OWNERS_TO_REMOVE.length + i] = IMulticall3.Call3Value({ + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + calls[OWNERS_TO_ADD.length + i] = IMulticall3.Call3Value({ target: OWNER_SAFE, allowFailure: false, - callData: abi.encodeCall(OwnerManager.addOwnerWithThreshold, (OWNERS_TO_ADD[i], THRESHOLD)), + callData: abi.encodeCall( + OwnerManager.removeOwner, (ownerToPrevOwner[OWNERS_TO_REMOVE[i]], OWNERS_TO_REMOVE[i], THRESHOLD) + ), value: 0 }); } @@ -134,23 +129,7 @@ contract UpdateSigners is MultisigScript { return calls; } - function _findIndex(address[] memory arr, address needle) internal pure returns (bool, uint256) { - for (uint256 i; i < arr.length; i++) { - if (arr[i] == needle) return (true, i); - } - return (false, 0); - } - - function _prevInList(address[] memory workingOwners, uint256 idx) internal pure returns (address) { - if (idx == 0) return SENTINEL_OWNERS; - for (uint256 j = idx; j > 0; j--) { - address candidate = workingOwners[j - 1]; - if (candidate != address(0)) return candidate; - } - return SENTINEL_OWNERS; - } - function _ownerSafe() internal view override returns (address) { return OWNER_SAFE; } -} +} \ No newline at end of file From ab4da4e3126424f8a8c0430e8be323c77a7f7197 Mon Sep 17 00:00:00 2001 From: Leopold Joy Date: Thu, 6 Nov 2025 22:36:22 +0000 Subject: [PATCH 5/7] make adjustments / improvements to the template setup based on the feedback provided on PR #492 --- Makefile | 2 +- README.md | 3 ++- setup-templates/template-incident-multisig-signers/.env | 3 --- setup-templates/template-incident-multisig-signers/Makefile | 1 + setup-templates/template-incident-multisig-signers/README.md | 2 ++ .../script/UpdateSigners.s.sol | 5 +++-- 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index c2fe361d..d0e3198f 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,7 @@ checkout-base-contracts-commit: ## # Task Signer Tool ## -SIGNER_TOOL_COMMIT=92a4b600252cd7ffe255a876a880c2540802b99c +SIGNER_TOOL_COMMIT=0f8a61c6812b29fe0e7b02d0490ff4fa7b18b593 SIGNER_TOOL_PATH=signer-tool .PHONY: checkout-signer-tool diff --git a/README.md b/README.md index 8d457161..c53947f1 100644 --- a/README.md +++ b/README.md @@ -121,9 +121,10 @@ This template is used to perform ownership management on the (Gnosis Safe) incid 1. Enter the directory that was generated for the task (in the first step) and then run `make deps`. 1. Specify the `OWNER_SAFE`, which is the safe multisig where an owner will be replaced and the `SENDER` which should be the address of a current signer of the multisig. 1. Fill in the `OwnerDiff.json` inside the task's directory with the addresses to add to, and remove from, the multisig in their respective fields. +1. Ensure that the `EXISTING_OWNERS_LENGTH` constant value inside the `script/UpdateSigners.s.sol` script is set appropriately, in particular that it equals the exact number of current members of the Incident Multisig Safe (prior to running the task). 1. Build the contracts with `forge build`. 1. Generate the validation file for signers with `make gen-validation`. -1. Appropriately fill in both of the generated validation files 6 empty fields at the top of the generated validations file at `validations/base-signer.json` (e.g. "taskName", "scriptName", etc.). Ensure, in particular, that the `sender` field in the validations file matches the `SENDER` env var defined in the `.env` file. +1. Double check the `cmd` field at the top of the generated validation file at `validations/base-signer.json` and ensure that the value passed to the `--sender` flag matches the `SENDER` env var already defined in the `.env` file. 1. Check in the task when it's ready to sign and request the facilitators to collect signatures from signers. 1. Once executed, check in the records files and mark the task `EXECUTED` in the README. diff --git a/setup-templates/template-incident-multisig-signers/.env b/setup-templates/template-incident-multisig-signers/.env index b316eed6..cc384517 100644 --- a/setup-templates/template-incident-multisig-signers/.env +++ b/setup-templates/template-incident-multisig-signers/.env @@ -8,6 +8,3 @@ OWNER_SAFE=TODO SENDER=TODO RECORD_STATE_DIFF=true - -# TODO: define the current (existing) number of members of the incident multisig -EXISTING_OWNERS_LENGTH=TODO diff --git a/setup-templates/template-incident-multisig-signers/Makefile b/setup-templates/template-incident-multisig-signers/Makefile index 23383fc5..12b464f7 100644 --- a/setup-templates/template-incident-multisig-signers/Makefile +++ b/setup-templates/template-incident-multisig-signers/Makefile @@ -3,6 +3,7 @@ include ../../Multisig.mk include ../.env include .env +RPC_URL = $(L1_RPC_URL) SCRIPT = UpdateSigners ifndef LEDGER_ACCOUNT diff --git a/setup-templates/template-incident-multisig-signers/README.md b/setup-templates/template-incident-multisig-signers/README.md index e0517510..2b643aaf 100644 --- a/setup-templates/template-incident-multisig-signers/README.md +++ b/setup-templates/template-incident-multisig-signers/README.md @@ -48,3 +48,5 @@ make sign-task Be sure to select the correct task from the list of available tasks to sign. ### 4. Send signature to facilitator + +You may now kill the Signer Tool process in your terminal window by running `Ctrl + C`. diff --git a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol index 35a8cb54..4bb1481c 100644 --- a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol +++ b/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol @@ -15,8 +15,10 @@ contract UpdateSigners is MultisigScript { address public constant SENTINEL_OWNERS = address(0x1); + // TODO: replace with the current number of members of the incident multisig + uint256 public constant EXISTING_OWNERS_LENGTH = TODO; + address public immutable OWNER_SAFE; - uint256 public immutable EXISTING_OWNERS_LENGTH; uint256 public immutable THRESHOLD; address[] public EXISTING_OWNERS; @@ -29,7 +31,6 @@ contract UpdateSigners is MultisigScript { constructor() { OWNER_SAFE = vm.envAddress("OWNER_SAFE"); - EXISTING_OWNERS_LENGTH = vm.envUint("EXISTING_OWNERS_LENGTH"); GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); THRESHOLD = ownerSafe.getThreshold(); From 4c11031ad97ace92a80937fd664878172ee09633 Mon Sep 17 00:00:00 2001 From: Leopold Joy Date: Fri, 7 Nov 2025 16:41:31 +0000 Subject: [PATCH 6/7] add validation directory creation command to Makefile --- setup-templates/template-incident-multisig-signers/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/setup-templates/template-incident-multisig-signers/Makefile b/setup-templates/template-incident-multisig-signers/Makefile index 12b464f7..679d3644 100644 --- a/setup-templates/template-incident-multisig-signers/Makefile +++ b/setup-templates/template-incident-multisig-signers/Makefile @@ -22,6 +22,7 @@ gen-validation: checkout-signer-tool run-script .PHONY: run-script run-script: + mkdir validations; \ cd $(SIGNER_TOOL_PATH); \ npm ci; \ bun run scripts/genValidationFile.ts --rpc-url $(L1_RPC_URL) \ From f6268461ddf2b3563116f690abb23222783af5aa Mon Sep 17 00:00:00 2001 From: Leopold Joy Date: Wed, 19 Nov 2025 01:56:54 +0000 Subject: [PATCH 7/7] switch back to safe-management naming based on review feedback --- Makefile | 12 ++++++------ README.md | 8 ++++---- .../.env | 0 .../Makefile | 0 .../OwnerDiff.json | 0 .../README.md | 0 .../foundry.toml | 0 .../script/UpdateSigners.s.sol | 0 8 files changed, 10 insertions(+), 10 deletions(-) rename setup-templates/{template-incident-multisig-signers => template-safe-management}/.env (100%) rename setup-templates/{template-incident-multisig-signers => template-safe-management}/Makefile (100%) rename setup-templates/{template-incident-multisig-signers => template-safe-management}/OwnerDiff.json (100%) rename setup-templates/{template-incident-multisig-signers => template-safe-management}/README.md (100%) rename setup-templates/{template-incident-multisig-signers => template-safe-management}/foundry.toml (100%) rename setup-templates/{template-incident-multisig-signers => template-safe-management}/script/UpdateSigners.s.sol (100%) diff --git a/Makefile b/Makefile index d0e3198f..71e26644 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ FOUNDRY_COMMIT ?= 3b1129b5bc43ba22a9bcf4e4323c5a9df0023140 PROJECT_DIR = $(network)/$(shell date +'%Y-%m-%d')-$(task) GAS_INCREASE_DIR = $(network)/$(shell date +'%Y-%m-%d')-increase-gas-limit FAULT_PROOF_UPGRADE_DIR = $(network)/$(shell date +'%Y-%m-%d')-upgrade-fault-proofs -INCIDENT_MULTISIG_SIGNERS_DIR = $(network)/$(shell date +'%Y-%m-%d')-incident-multisig-signers +SAFE_MANAGEMENT_DIR = $(network)/$(shell date +'%Y-%m-%d')-safe-management FUNDING_DIR = $(network)/$(shell date +'%Y-%m-%d')-funding SET_BASE_BRIDGE_PARTNER_THRESHOLD_DIR = $(network)/$(shell date +'%Y-%m-%d')-pause-bridge-base PAUSE_BRIDGE_BASE_DIR = $(network)/$(shell date +'%Y-%m-%d')-pause-bridge-base @@ -11,7 +11,7 @@ PAUSE_BRIDGE_BASE_DIR = $(network)/$(shell date +'%Y-%m-%d')-pause-bridge-base TEMPLATE_GENERIC = setup-templates/template-generic TEMPLATE_GAS_INCREASE = setup-templates/template-gas-increase TEMPLATE_UPGRADE_FAULT_PROOFS = setup-templates/template-upgrade-fault-proofs -TEMPLATE_INCIDENT_MULTISIG_SIGNERS = setup-templates/template-incident-multisig-signers +TEMPLATE_SAFE_MANAGEMENT = setup-templates/template-safe-management TEMPLATE_FUNDING = setup-templates/template-funding TEMPLATE_SET_BASE_BRIDGE_PARTNER_THRESHOLD = setup-templates/template-set-bridge-partner-threshold TEMPLATE_PAUSE_BRIDGE_BASE = setup-templates/template-pause-bridge-base @@ -43,10 +43,10 @@ setup-gas-increase: setup-upgrade-fault-proofs: cp -r $(TEMPLATE_UPGRADE_FAULT_PROOFS) $(FAULT_PROOF_UPGRADE_DIR) -# Run `make setup-incident-multisig-signers network=` -setup-incident-multisig-signers: - rm -rf $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS)/cache $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS)/lib $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS)/out - cp -r $(TEMPLATE_INCIDENT_MULTISIG_SIGNERS) $(INCIDENT_MULTISIG_SIGNERS_DIR) +# Run `make setup-safe-management network=` +setup-safe-management: + rm -rf $(TEMPLATE_SAFE_MANAGEMENT)/cache $(TEMPLATE_SAFE_MANAGEMENT)/lib $(TEMPLATE_SAFE_MANAGEMENT)/out + cp -r $(TEMPLATE_SAFE_MANAGEMENT) $(SAFE_MANAGEMENT_DIR) # Run `make setup-funding network=` setup-funding: diff --git a/README.md b/README.md index c53947f1..2069b5a2 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ To execute a new task, run one of the following commands (depending on the type - For gas increase tasks: `make setup-gas-increase network=` - For funding: `make setup-funding network=` - For fault proof upgrade: `make setup-upgrade-fault-proofs network=` -- For changing incident multisig signers tasks: `make setup-incident-multisig-signers network=` +- For safe mangement tasks: `make setup-safe-management network=` - For funding tasks: `make setup-funding network=` - For updating the partner threshold in Base Bridge: `make setup-bridge-partner-threshold network=` - For pausing / un-pausing Base Bridge: `make setup-bridge-pause network=` @@ -112,11 +112,11 @@ This template is used to upgrade the fault proof contracts. This is commonly don 1. Check in the task when it's ready to sign and collect signatures from signers 1. Once executed, check in the records files and mark the task `EXECUTED` in the README. -## Using the swap owner template +## Using the safe management template -This template is used to perform ownership management on the (Gnosis Safe) incident multisig, specifically it can change the owners of the multisig. +This template is used to perform ownership management on a Gnosis Safe, like the incident multisig, specifically it can be used to change the owners of the multisig. -1. Ensure you have followed the instructions above in `setup`, including running `make setup-incident-multisig-signers network=` and go to the folder that was created by this command. +1. Ensure you have followed the instructions above in `setup`, including running `make setup-safe-management network=` and go to the folder that was created by this command. 1. Specify the commit of [Optimism code](https://github.com/ethereum-optimism/optimism) and [Base contracts code](https://github.com/base-org/contracts) you intend to use in the `.env` file. 1. Enter the directory that was generated for the task (in the first step) and then run `make deps`. 1. Specify the `OWNER_SAFE`, which is the safe multisig where an owner will be replaced and the `SENDER` which should be the address of a current signer of the multisig. diff --git a/setup-templates/template-incident-multisig-signers/.env b/setup-templates/template-safe-management/.env similarity index 100% rename from setup-templates/template-incident-multisig-signers/.env rename to setup-templates/template-safe-management/.env diff --git a/setup-templates/template-incident-multisig-signers/Makefile b/setup-templates/template-safe-management/Makefile similarity index 100% rename from setup-templates/template-incident-multisig-signers/Makefile rename to setup-templates/template-safe-management/Makefile diff --git a/setup-templates/template-incident-multisig-signers/OwnerDiff.json b/setup-templates/template-safe-management/OwnerDiff.json similarity index 100% rename from setup-templates/template-incident-multisig-signers/OwnerDiff.json rename to setup-templates/template-safe-management/OwnerDiff.json diff --git a/setup-templates/template-incident-multisig-signers/README.md b/setup-templates/template-safe-management/README.md similarity index 100% rename from setup-templates/template-incident-multisig-signers/README.md rename to setup-templates/template-safe-management/README.md diff --git a/setup-templates/template-incident-multisig-signers/foundry.toml b/setup-templates/template-safe-management/foundry.toml similarity index 100% rename from setup-templates/template-incident-multisig-signers/foundry.toml rename to setup-templates/template-safe-management/foundry.toml diff --git a/setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol b/setup-templates/template-safe-management/script/UpdateSigners.s.sol similarity index 100% rename from setup-templates/template-incident-multisig-signers/script/UpdateSigners.s.sol rename to setup-templates/template-safe-management/script/UpdateSigners.s.sol