How to Deploy when the Owner is Safe Wallet

[Al-Qa-qa]

Firstly, we need to understand how openzeppelin-foundry-upgrades upgrade the contract UUPS.

1. It deploys the new implementation
2. calls upgradeToAndCall(newImpl, data)

And here is how Safe Wallet execute Transactions.

    function execTransaction(
        address to, 
        uint256 value, // Zero
        bytes calldata data, // Thi
        Enum.Operation operation,
        uint256 safeTxGas,
        uint256 baseGas,
        uint256 gasPrice,
        address gasToken,
        address payable refundReceiver,
        bytes memory signatures // Safe Owners Signatures to execute this transaction
    ) public payable virtual override returns (bool success) {

So what we should do is:

• deploy Implementation contract, first
• Let SafeWallet Signers Sign message to upgradeToAndCall(newImpl, data) on the new implementation.
• call execTransaction with the signature or SafeOwners

This can be done manually (without using openzeppelin-foundry-upgrades), but this lib bootstrap the process in just one thing, and perform some checks which is safer.

---

I do not know if this library has a relation do OZ::defender or not. But I found that the defender has deploy module that supports SafeWallets. https://docs.openzeppelin.com/defender/v2/tutorial/deploy

Since the Owner is SafeWallet (MultiSig), when I searched in the Docs, I found that this lib can integrats with OpenZepplin Defender, and Defender supports Safe Wallets and supports deploying using CLI too, but it is a paid service.

IDK, if this lib supports MultiSig or not but in I think it did not.

---

In brief, If the team already has a Defender plan, then I think it is better to follow Defender guide. But if not, we have two solutions.

• The first one if to do upgrading process manually, ruther than using Lib to handle everything we will do it ourselves. This is not that hard they are only 3 steps. and we will run a fork in the beginning before running on mainnet to make sure all is correct.

• The second solution, which I do not prefer actually, is to change the owner of the contract to an EOA wallet, make the deployment, change the owner, again to Multisig.

[shafu0x]

Yeah lets go with step 1

[Al-Qa-qa]

Great! You can deploy the VaultManagerV3 contract. There is no problem who deployed it.

It will be the same as simple contract deploying process.

[shafu0x]

just to double confirm. This is the correct data 0x8129fc1c

Its just abi.encodeCall(VaultManagerV3.initialize, ())

[Al-Qa-qa]

Yea. then you will encode upgradeToAndCall(address newImplementation, bytes memory data).

newImplementation: VaultManagerV3 implementation data: 0x8129fc1c

[shafu0x]

why do I need to encode that? I should just call it directly through the multi sig right?

[Al-Qa-qa]

Yea, you can call it from mutliSig Directly (using UI). I though you want to run it in script.