-
Notifications
You must be signed in to change notification settings - Fork 946
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a way to identify whether a contract is a SAFE. #714
Comments
IM honestly trying so hard to keep up with how fast the development moves alongm with this project.. |
I'm going to close this for now as a "won't fix". We could add something like a In fact, we used to have a https://github.com/safe-global/safe-smart-account/blob/v1.1.1/contracts/GnosisSafe.sol#L20 Additionally, the
However, if you want to reliably determine an account is actually a Safe onchain, I don't think there is a solution that does not envolve validating the |
Here's the example of Argent wallet contract doing exactly this: https://github.com/argentlabs/argent-contracts/blob/develop/contracts/infrastructure/ArgentWalletDetector.sol |
I don't believe that this issue should be closed for the reasons you have listed. The feature you are describing in your closing message is not the feature I am requesting here. I am not looking for a way to tell with certainty that a contract is a SAFE. I'm looking for a way to ask the contract if it claims to be a SAFE. This is for integration with tooling so the tooling can know what calls it can reasonably make to the contract. The solution does not need to be robust against people spoofing being a SAFE anymore than a website needs to be resilient to people spoofing their browser. When a tool asks a contract whether or not it is a SAFE, the contract can lie and it just means that the tool will present interaction options that don't actually work. This is very similar to things like EIP-165 where a contract can, if it wanted, lie about what methods are available but all that does is makes it so users may call non-existent methods on the contract. In our specific use case, we want a way to tell users whether the address they have selected is an EOA, a contract wallet, or an app contract. It gives the user useful information and hints how we present the address in our UI. It also lets us know which list to put it in and what UI to present to the user when they are interacting with the address.
EIP-165 would be an ideal solution as I mentioned, and I would like to see that implemented in future versions of SAFE. |
It is (as in, it hasn't changed in Safe versions), but the domain separator is specific to each Safe.
Makes sense. This requires a bit of special handling, however, in order to interact correctly with fallback handlers. One thing that we can do for now, is to change the existing safe-smart-account/contracts/handler/TokenCallbackHandler.sol Lines 57 to 62 in 3bd2d4b
|
In version 1.1.1, the domain separator didn't include the chain id. Starting from 1.3.0, it should be the same. |
Of course, this strategy stops working if you ever need to remove or change a function from the interface. How stable do you expect SAFE's to be over time? One solution is to create very small interfaces that are unlikely to change, but even the execute function (the core of a SAFE arguably) may be subject to changes in the future. Thanks for reopening! |
Context / issue
When building applications that interact with SAFEs, it is necessary to first validate that a given address (e.g., user supplied or on-chain scanned) is actually a SAFE (or at least claims to be). Currently, the only way to do this is to either hard-code all versions of Gnosis SAFE proxy and master contracts and check to see if the contract is a proxy and if it points to a known master copy. Unfortunately, this doesn't scale in a censorship resistant way because as new SAFEs are developed, existing immutable applications now need to be updated with new SAFE proxies/masters. This solution also doesn't work if someone uses a non-standard proxy or if they deploy their own master directly.
Proposed solution
A. Add a getter on the SAFE master that just returns a constant string like
Gnosis SAFE
, along with perhaps a method that returns theVERSION
constant. This would allow applications to simply call that function and see what it returns.B. A more ecosystem friendly solution would be to define ERC-165 interfaces for all of the different components of a SAFE so users can query to see if a particular interface is supported. For example, the various module add/get/remove functions could be part of one interface, and the owners/threshold could be another interface, and the execution functions could be a third interface. This would allow an application to check to see if the set of methods it needs are supported by any contract (SAFE or not) and then interact with the contract regardless of whether it is a Gnosis SAFE or something else.
The text was updated successfully, but these errors were encountered: