Deploying & Upgrading smart contract using multi-sig [Without using defender]

[namanB8]

Integrate safe.global sdk to allow upgradeable smart contracts deployment & upgrades using multi-sig wallet.

Configurable Options:

/**
 * Option to enable or disable SafeGlobal deployments.
 */
export type SafeGlobalDeploy = {
  useSafeGlobalDeploy?: boolean;
};

/**
 * Options for functions that support SafeGlobal deployments.
 */
export type SafeGlobalDeployOptions = SafeGlobalDeploy & {
  txServiceUrl?: string;
  salt?: string;
  safeAddress?: string;
  safeSingletonAddress?: string;
  safeProxyFactoryAddress?: string;
  multiSendAddress?: string;
  multiSendCallOnlyAddress?: string;
  fallbackHandlerAddress?: string;
  signMessageLibAddress?: string;
  createCallAddress?: string;
  simulateTxAccessorAddress?: string;
};

Example usage:

Deploy upgradeable contract

import { ethers, upgrades } from 'hardhat';

async function main () {
  const safeAddress = '0x';
  const Socks = await ethers.getContractFactory('Socks');
  console.log('Deploying Socks...');
  const socks = await upgrades.deployProxy(Socks, [42], { 
    initializer: 'initialize', 
    initialOwner: safeAddress,

    useSafeGlobalDeploy: true,
    salt: process.env.CREATE2_SALT,
    safeAddress,
  });
  await socks.waitForDeployment();
  console.log('Socks deployed to:', socks.target);
}

main();

Upgrade:

// scripts/deploy_upgradeable_box.js
import { ethers, upgrades } from 'hardhat';

async function main () {
  const safeAddress = '0x';
  const proxyAddress = '0x';
  const SocksV2 = await ethers.getContractFactory('SocksV2');
  console.log('Upgrading Socks...');
  await upgrades.upgradeProxy(proxyAddress, SocksV2, {
    useSafeGlobalDeploy: true,
    salt: process.env.CREATE2_SALT,
    safeAddress,
  });
  console.log('Socks upgraded');
}

main();

[ericglau]

Hi @namanB8, thanks for opening this PR. Can you please share more details on what is your use case for this feature, why you view it as needed, and what does this feature enable that is otherwise not available through Defender?

[namanB8]

Hi @ericglau thanks for responding.

• An L1 blockchain solution called Redbelly Network relies on core governance smart contracts at the launch. Redbelly mainnet is currently not public and hence we can't register Redbelly as one of the supported networks on https://safe.global/ So we have currently deployed our custom version of safe.global.
• While Defender supports adding an unregistered network as a private network with a recently built feature that allows passing our custom safe.global tx service URL. While experimenting with it, we ran into multiple issues, which were reported to defender support they have acknowledged the encountered issues on which their team is still working and there is no ETA on the completion & deployment of the fixes.
• This PR enables users who are just looking for multi-sig enabled smart contract deployment & upgrades while still using the OpenZeppelin smart contract upgrades management solution.

The PR intercepts the impl & proxy creation, impl upgrades in proxy, proxy admin or admin ownership transfer transactions and relay them via a multi-sig wallet.

[ericglau]

@namanB8 Thank you for providing these details. We are working on resolving the issues that you've reported in Defender and will get back to you as soon as possible. Please let us know if those will address the requirements for your scenario when they are resolved.

[namanB8]

@ericglau It would be really great if we can get an ETA on the fixes that are being performed by the defender team. We have a launch deadline by the end of September. Since the estimated time for the fixes to be ready for production is not known, we ended up creating this fallback solution for our use case till the time the upgrades on the private network can be enabled by defender.

And yes if the issues are fixed by defender it will address our requirements.