Use a Gnosis Safe as a deployer

[rmeissner]

I really love the Ledger integration and I was thinking that it would be awesome to have the possibility to deploy a contract via a Safe (with the Safe web interface).

I wrote a (hacky) PoC plugin: https://github.com/rmeissner/hardhat-safe-deployer with an example.

I was wondering if it would be possible/ make sense to add support for this to hardhat-deploy. OR if there is a nice way to have this as an plugin to the plugin.

In the perfect scenario I would be able to use the Safe with a Ledger owner :D

I know that there are some things that would need to be improved to make this really usable on every network:

• Dependence on the Safe service
• CreateCall not being available on every network
• Improving mapping of Safe transaction to Ethereum transaction

[wighawag]

Cool!

I would really like to support that. Once I get a bit more time, going to look deeper but it seems what you got will already help a lot.

[rmeissner]

Let me know if I can help.

I really like how it works for a ledge with ledger:, would be nice to have a safe:. The only thing required for that would be a Safe specific Signer that uses the services (this is partially done in the PoC).

[wighawag]

Hey @rmeissner I had a quick go at implementing it I copied the utility file you had in your repo and make use of them in hardhat-deploy

You can see it in the gnosis-safe branch : https://github.com/wighawag/hardhat-deploy/tree/gnosis-safe

first commit : https://github.com/wighawag/hardhat-deploy/commit/3b885e4244e7dd65bb34fd82779c4ae3adb89c96

it currently does not work but made me realise that the adapter would better be a sub class of ethers Web3Provider and return a specific ethers SIgner that would have getAddress return the safe address but sign as the signer address

hardhat-deploy deal with ethers provider and signer. see for example ledger integration. Do you think this would be feasible to have all the functionality of your adapter as an ethers provider ?

[rmeissner]

Ahh nice, I will have a look. Regarding the ethers provider I have to check this out again, why I did not do this.

[rmeissner]

Ok I had a look and I should be able to implement an ether signer and then the provider should be easy. I will try to get to it next week. What would be your preferred way of contribution? I could try to write the ethers provider in a completely separate lib and publish it in the Gnosis org as a npm package. Or I push it directly to this repo.

[wighawag]

Cool, I think having a gnosis provider on its own make more sense as this might be useful for other projects. So an npm package would be great, but I am happy to have it as code and we could extract later.

[rmeissner]

One thing that I realized is that currently in the SafeProviderAdapter I hide the differences between a Safe transaction hash and an Ethereum transaction hash.

What would be the exptected case in your opinion:

• Only return a value for the promise once an Ethereum transaction hash is known (so when all owners of the multisig have confirmed and the Safe tx has been submitted)
• Return the Safe tx hash and try to find some other way to map the hashes (e.g. wrap the network provider)

[rmeissner]

Actually I think I have the proper Ethers answer.

The signer returns the Safe tx hash and the wait method will then try to resolve this.

[rmeissner]

I have a first draft of an Ether signers with a Safe (example: https://github.com/gnosis/safe-core-sdk/blob/dbd203a1fdc54678c18cb5593099fa64b2e0a188/packages/safe-ethers-adapters/example/index.ts#L23). I will clean it up tomorrow and then publish an alpha to npm.

[rmeissner]

I added https://www.npmjs.com/package/@gnosis.pm/safe-ethers-adapters you can find the examples in https://github.com/gnosis/safe-core-sdk/tree/feature/safe_ethers_adapter/packages/safe-ethers-adapters/examples let me know if you require any information/ changes :)

[rmeissner]

@wighawag Is it ok if I continue from your commit to implement this?

[wighawag]

Hi @rmeissner yes sorry could not find the time to dig into it yet. But yes feel free to go ahead. With a ethers signer, it should now be easier, like it is done with the ledgerSIgner

[wighawag]

Hey @rmeissner did you continue integrating gnosis safe into hardhat-deploy ?

[rmeissner]

I didn't manage to look into it in the last weeks, as this is more a "Friday" project. I hope to find time in the next weeks again and would look into it.

[Alexangelj]

Just thought I'd jump in here - support for Open Zeppelin Defender's custom relay signer would be excellent for the teams wanting to use defender + hardhat-deploy for production: https://www.npmjs.com/package/defender-relay-client#user-content-ethersjs

[ramenforbreakfast]

Just thought I'd jump in here - support for Open Zeppelin Defender's custom relay signer would be excellent for the teams wanting to use defender + hardhat-deploy for production: https://www.npmjs.com/package/defender-relay-client#user-content-ethersjs

I know this issue hasn't been updated in almost a year, but was wondering if anybody has had experience integrating OZ's Relay Signer with hardhat-deploy? I am currently using the defender-relay-client and having issues with getting hardhat-deploy to recognize the custom DefenderRelaySigner provided by the defender-relay-client.

hardhat-deploy seems to return a signer as unknown if it doesn't fall under any of the following categories

• An address returned by the default provider for a network (what is returned by the JSON RPC method eth_accounts), which is whatever accounts hardhat has generated given the private key provided to hardhat.config.ts.
• Hardware wallet or hardcoded private key

I am not sure how to get hardhat-deploy to not throw an UnknownSignerError when designating the DefenderRelaySigner as the from account when running deploy.

[ezynda3]

Just thought I'd jump in here - support for Open Zeppelin Defender's custom relay signer would be excellent for the teams wanting to use defender + hardhat-deploy for production: https://www.npmjs.com/package/defender-relay-client#user-content-ethersjs

I know this issue hasn't been updated in almost a year, but was wondering if anybody has had experience integrating OZ's Relay Signer with hardhat-deploy? I am currently using the defender-relay-client and having issues with getting hardhat-deploy to recognize the custom DefenderRelaySigner provided by the defender-relay-client.

hardhat-deploy seems to return a signer as unknown if it doesn't fall under any of the following categories

• An address returned by the default provider for a network (what is returned by the JSON RPC method eth_accounts), which is whatever accounts hardhat has generated given the private key provided to hardhat.config.ts.
• Hardware wallet or hardcoded private key

I am not sure how to get hardhat-deploy to not throw an UnknownSignerError when designating the DefenderRelaySigner as the from account when running deploy.

I'm having this exact same issue. Would be nice to be able to inject a custom Signer instance or something rather than rely on only a private key or mnemonic.

[JohnSmithyy]

Just thought I'd jump in here - support for Open Zeppelin Defender's custom relay signer would be excellent for the teams wanting to use defender + hardhat-deploy for production: https://www.npmjs.com/package/defender-relay-client#user-content-ethersjs

I know this issue hasn't been updated in almost a year, but was wondering if anybody has had experience integrating OZ's Relay Signer with hardhat-deploy? I am currently using the defender-relay-client and having issues with getting hardhat-deploy to recognize the custom DefenderRelaySigner provided by the defender-relay-client.

hardhat-deploy seems to return a signer as unknown if it doesn't fall under any of the following categories

• An address returned by the default provider for a network (what is returned by the JSON RPC method eth_accounts), which is whatever accounts hardhat has generated given the private key provided to hardhat.config.ts.
• Hardware wallet or hardcoded private key

I am not sure how to get hardhat-deploy to not throw an UnknownSignerError when designating the DefenderRelaySigner as the from account when running deploy.

Has anyone figured this out? It would be fantastic to have this support!

[mattvv]

Subscribing for support!

[patidarmanoj10]

Following

[ramenforbreakfast]

So while I never actually ended up using a RelaySigner, our team has been using OpenZeppelin Defender's Proposal infrastructure. https://github.com/prepo-io/prepo-monorepo/blob/main/apps/smart-contracts/core/deploy/Collateral.ts Is an example of one of the deployment scripts for an upgradeable contract. It uses hardhat-deploy in tandem with OpenZeppelin's hardhat-upgrades library as along with their defender-admin-client package.

Might be helpful as an example for how one would utilize hardhat-deploy deploying via a multi-sig using an OZ proposal.

[jdbertron]

Gnosis Safe support with Diamond deploy would be awesome. @wighawag and @rmeissner can you summarize the status of this for me and I can perhaps take a look and help you finish. AFAIK OZ Defender doesn't support Diamond deployment and it's a distraction in this thread..