Gnosis Safe Contracts

Install

Install requirements with yarn:

yarn

Run all tests (requires Node version >=7 for async/await):

yarn truffle compile
yarn test

yarn test will start a ganache-cli with the correct configuration. If you want to run yarn truffle test you need to start a ganache-cli instance. For this it is required to use the --noVMErrorsOnRPCResponse option. This option will make sure that ganache-cli behaves the same as other clients (e.g. geth and parity) when handling reverting calls to contracts. This is required as some flows parse the error message (see https://gnosis-safe.readthedocs.io/en/latest/contracts/transactions.html#safe-transaction-gas-limit-estimation).

Deploy

Some contracts require that the Solidity compile target is at least petersburg (e.g. GnosisSafeProxyFactory and MultiSend). This is default since Solidity 0.5.5.

Note: The formal verification was performed using the contract compiled with solcjs 0.5.0.

Preparation:

• Set INFURA_TOKEN in .env
• Set NETWORK in .env
• Run yarn truffle compile

Truffle:

• Set MNEMONIC in .env

yarn truffle deploy

Verify contract

Note: To completely replicate the bytecode that has been deployed it is required that the project path is /gnosis-safe this can be archived using sudo mkdir /gnosis-safe && sudo mount -B <your_repo_path> /gnosis-safe. Make sure the run yarn again if the path has been changed after the inital yarn install. If you use a different path you will only get partial matches.

You can locally verify contract using the scripts generate_meta.js and verify_deployment.js.

With node scripts/generate_meta.js a meta folder is created in the build folder that contains all files required to verify the source code on https://verification.komputing.org/ and https://etherscan.io/

For Etherscan only the GnosisSafeEtherscan.json file is required. For sourcify the GnosisSafeMeta.json and all the .sol files are required.

Once the meta data has been generated you can verify that your local compiled code corresponds to the version deployed by Gnosis with yarn do <network> scripts/verify_deployment.js.

Documentation

• Safe developer portal
• Coding guidelines

Audits/ Formal Verification

• for Version 1.2.0 by G0 Group
• for Version 1.1.1 by G0 Group
• for Version 1.0.0 by Runtime Verification
• for Version 0.0.1 by Alexey Akhunov

Security and Liability

All contracts are WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

License

All smart contracts are released under LGPL v.3.

Contributors

• Stefan George (Georgi87)
• Richard Meissner (rmeissner)
• Christian Lundkvist (christianlundkvist)
• Nick Dodson (SilentCicero)
• Gonçalo Sá (GNSPS)