Content pfp
Content
@
0 reply
0 recast
0 reaction
Den pfp
Den
@onchainden
Over $100B is stored in @safe This rivals all of DeFi TVL combined But how does Safe actually keep you safe? 👇
1 reply
1 recast
4 reactions
Den pfp
Den
@onchainden
Safe is a smart account that only executes transactions with enough signatures To execute a Safe transaction you need to: - Define the action you'd like to take - Collect enough signatures from the other signers - Execute the transaction
1 reply
0 recast
0 reaction
Den pfp
Den
@onchainden
Executing the transaction is where the magic happens Once there are enough signatures, any wallet can call the `execTransaction` function Typically, this is the last signer who also pays gas. However, modern implementation use gas abstraction so the Safe itself covers gas https://warpcast.com/onchainden/0x61a651b1
1 reply
0 recast
0 reaction
Den pfp
Den
@onchainden
Let's dig into what happens in `execTransaction` There are 3 sets of parameters - Transaction definition - to, value, data, operation - Gas parameters - safeTxGas, baseGas, gasPrice, gasToken, refundReceiver - Signatures to verify the above - signatures
1 reply
0 recast
0 reaction
Den pfp
Den
@onchainden
First, the transaction definition and gas parameters are encoded into bytes This bytes format is what all the individual signers actually signed It's unique based on: - the input details of the transaction - the "nonce"
1 reply
0 recast
0 reaction
Den pfp
Den
@onchainden
The nonce is a unique ID for each transaction Any transaction could be replayed over and over again without it For example, without a nonce if you paid someone once they could just resubmit the signatures over and over again until your Safe is empty
1 reply
0 recast
0 reaction
Den pfp
Den
@onchainden
Next, this bytes data is compared against the signatures produced by the signers The Safe contract checks that - Enough signatures have been collected - Each signature came from a registered signer on the Safe - Each signature is legitimate and has not been forged
1 reply
0 recast
0 reaction
Den pfp
Den
@onchainden
Verifying the signature is a complicated process, with a few different mechanism depending on if a contract or EOA signed the transaction
1 reply
0 recast
0 reaction