|
| 1 | +# Nested Ownership Transfer |
| 2 | + |
| 3 | +Status: READY TO DEPLOY |
| 4 | + |
| 5 | +## Procedure |
| 6 | + |
| 7 | +### 1. Update repo: |
| 8 | + |
| 9 | +```bash |
| 10 | +cd contract-deployments |
| 11 | +git pull |
| 12 | +cd sepolia/2025-04-01-nested-ownership-transfer |
| 13 | +make deps |
| 14 | +``` |
| 15 | + |
| 16 | +### 2. Setup Ledger |
| 17 | + |
| 18 | +Your Ledger needs to be connected and unlocked. The Ethereum |
| 19 | +application needs to be opened on Ledger with the message "Application |
| 20 | +is ready". |
| 21 | + |
| 22 | +### 3. Run relevant script(s) |
| 23 | + |
| 24 | +#### 3.1 Deploy new Safes |
| 25 | + |
| 26 | +```bash |
| 27 | +make deploy |
| 28 | +``` |
| 29 | + |
| 30 | +This will output the new addresses of the `SafeA` and `SafeB` contracts to an `addresses.json` file. You will need to commit this file to the repo before signers can sign. |
| 31 | + |
| 32 | +#### 3.2 Sign the transaction |
| 33 | + |
| 34 | +```bash |
| 35 | +make sign |
| 36 | +``` |
| 37 | + |
| 38 | +You will see a "Simulation link" from the output. |
| 39 | + |
| 40 | +Paste this URL in your browser. A prompt may ask you to choose a |
| 41 | +project, any project will do. You can create one if necessary. |
| 42 | + |
| 43 | +Click "Simulate Transaction". |
| 44 | + |
| 45 | +We will be performing 3 validations and extract the domain hash and message hash to approve on your Ledger: |
| 46 | + |
| 47 | +1. Validate integrity of the simulation. |
| 48 | +2. Validate correctness of the state diff. |
| 49 | +3. Validate and extract domain hash and message hash to approve. |
| 50 | + |
| 51 | +##### 3.2.1 Validate integrity of the simulation. |
| 52 | + |
| 53 | +Make sure you are on the "Overview" tab of the tenderly simulation, to |
| 54 | +validate integrity of the simulation, we need to check the following: |
| 55 | + |
| 56 | +1. "Network": Check the network is Mainnet. |
| 57 | +2. "Timestamp": Check the simulation is performed on a block with a |
| 58 | + recent timestamp (i.e. close to when you run the script). |
| 59 | +3. "Sender": Check the address shown is your signer account. If not see the derivation path Note above. |
| 60 | + |
| 61 | +##### 3.2.2. Validate correctness of the state diff. |
| 62 | + |
| 63 | +Now click on the "State" tab, and refer to the [State Validations](./VALIDATION.md) instructions for the transaction you are signing. |
| 64 | +Once complete return to this document to complete the signing. |
| 65 | + |
| 66 | +##### 3.2.3. Extract the domain hash and the message hash to approve. |
| 67 | + |
| 68 | +Now that we have verified the transaction performs the right |
| 69 | +operation, we need to extract the domain hash and the message hash to |
| 70 | +approve. |
| 71 | + |
| 72 | +Go back to the "Overview" tab, and find the |
| 73 | +`GnosisSafe.checkSignatures` call. This call's `data` parameter |
| 74 | +contains both the domain hash and the message hash that will show up |
| 75 | +in your Ledger. |
| 76 | + |
| 77 | +It will be a concatenation of `0x1901`, the domain hash, and the |
| 78 | +message hash: `0x1901[domain hash][message hash]`. |
| 79 | + |
| 80 | +Note down this value. You will need to compare it with the ones |
| 81 | +displayed on the Ledger screen at signing. |
| 82 | + |
| 83 | +Once the validations are done, it's time to actually sign the |
| 84 | +transaction. |
| 85 | + |
| 86 | +> [!WARNING] |
| 87 | +> This is the most security critical part of the playbook: make sure the |
| 88 | +> domain hash and message hash in the following two places match: |
| 89 | +> |
| 90 | +> 1. On your Ledger screen. |
| 91 | +> 2. In the Tenderly simulation. You should use the same Tenderly |
| 92 | +> simulation as the one you used to verify the state diffs, instead |
| 93 | +> of opening the new one printed in the console. |
| 94 | +> |
| 95 | +> There is no need to verify anything printed in the console. There is |
| 96 | +> no need to open the new Tenderly simulation link either. |
| 97 | +
|
| 98 | +After verification, sign the transaction. You will see the `Data`, |
| 99 | +`Signer` and `Signature` printed in the console. Format should be |
| 100 | +something like this: |
| 101 | + |
| 102 | +```shell |
| 103 | +Data: <DATA> |
| 104 | +Signer: <ADDRESS> |
| 105 | +Signature: <SIGNATURE> |
| 106 | +``` |
| 107 | + |
| 108 | +Double check the signer address is the right one. |
| 109 | + |
| 110 | +##### 3.2.4 Send the output to Facilitator(s) |
| 111 | + |
| 112 | +Nothing has occurred onchain - these are offchain signatures which |
| 113 | +will be collected by Facilitators for execution. Execution can occur |
| 114 | +by anyone once a threshold of signatures are collected, so a |
| 115 | +Facilitator will do the final execution for convenience. |
| 116 | + |
| 117 | +Share the `Data`, `Signer` and `Signature` with the Facilitator, and |
| 118 | +congrats, you are done! |
| 119 | + |
| 120 | +### [For Facilitator ONLY] How to execute |
| 121 | + |
| 122 | +#### Execute the transaction |
| 123 | + |
| 124 | +1. IMPORTANT: Ensure op-challenger has been updated before executing. |
| 125 | +1. Collect outputs from all participating signers. |
| 126 | +1. Concatenate all signatures and export it as the `SIGNATURES` |
| 127 | + environment variable, i.e. `export |
| 128 | +SIGNATURES="[SIGNATURE1][SIGNATURE2]..."`. |
| 129 | +1. Run the `make execute` command as described below to execute the transaction. |
| 130 | + |
| 131 | +For example, if the quorum is 2 and you get the following outputs: |
| 132 | + |
| 133 | +```shell |
| 134 | +Data: 0xDEADBEEF |
| 135 | +Signer: 0xC0FFEE01 |
| 136 | +Signature: AAAA |
| 137 | +``` |
| 138 | + |
| 139 | +```shell |
| 140 | +Data: 0xDEADBEEF |
| 141 | +Signer: 0xC0FFEE02 |
| 142 | +Signature: BBBB |
| 143 | +``` |
| 144 | + |
| 145 | +Then you should run: |
| 146 | + |
| 147 | +```bash |
| 148 | +SIGNATURES=AAAABBBB make execute |
| 149 | +``` |
0 commit comments