Set up sepolia nested ownership transfer

sepolia/2025-04-01-nested-ownership-transfer/.env

@@ -0,0 +1,10 @@
+OP_COMMIT=2073f4059bd806af3e8b76b820aa3fa0b42016d0
+BASE_CONTRACTS_COMMIT=cdedd0fe728eb1f9d63eaa4c6e59138cfb3803d3
+
+L1_GNOSIS_SAFE_IMPLEMENTATION=0x41675C099F32341bf84BFc5382aF534df5C7461a
+L1_GNOSIS_COMPATIBILITY_FALLBACK_HANDLER=0xfd0732Dc9E303f09fCEf3a7388Ad10A83459Ec99
+
+OWNER_SAFE=0x646132a1667ca7ad00d36616afba1a28116c770a
+
+SAFE_B_OWNERS_ENCODED=
+SAFE_B_THRESHOLD=1

sepolia/2025-04-01-nested-ownership-transfer/Makefile

@@ -0,0 +1,26 @@
+include ../../Makefile
+include ../.env
+include .env
+
+ifndef LEDGER_ACCOUNT
+override LEDGER_ACCOUNT = 1
+endif
+
+.PHONY: deps
+deps:
+	forge install --no-git safe-global/safe-smart-account@21dc82410445637820f600c7399a804ad55841d5
+
+.PHONY: deploy
+deploy:
+	forge script --rpc-url $(L1_RPC_URL) DeploySafes --account testnet-admin --broadcast -vvvv
+
+.PHONY: sign
+sign:
+	$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
+	forge script --rpc-url $(L1_RPC_URL) UpdateSigners --sig "sign()"
+
+.PHONY: execute
+execute:
+	forge script --rpc-url $(L1_RPC_URL) UpdateSigners \
+	--sig "run(bytes)" $(SIGNATURES) \
+	--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv

sepolia/2025-04-01-nested-ownership-transfer/README.md

@@ -0,0 +1,149 @@
+# Nested Ownership Transfer
+
+Status: READY TO DEPLOY
+
+## Procedure
+
+### 1. Update repo:
+
+```bash
+cd contract-deployments
+git pull
+cd sepolia/2025-04-01-nested-ownership-transfer
+make deps
+```
+
+### 2. Setup Ledger
+
+Your Ledger needs to be connected and unlocked. The Ethereum
+application needs to be opened on Ledger with the message "Application
+is ready".
+
+### 3. Run relevant script(s)
+
+#### 3.1 Deploy new Safes
+
+```bash
+make deploy
+```
+
+This will output the new addresses of the `SafeA` and `SafeB` contracts to an `addresses.json` file. You will need to commit this file to the repo before signers can sign.
+
+#### 3.2 Sign the transaction
+
+```bash
+make sign
+```
+
+You will see a "Simulation link" from the output.
+
+Paste this URL in your browser. A prompt may ask you to choose a
+project, any project will do. You can create one if necessary.
+
+Click "Simulate Transaction".
+
+We will be performing 3 validations and extract the domain hash and message hash to approve on your Ledger:
+
+1. Validate integrity of the simulation.
+2. Validate correctness of the state diff.
+3. Validate and extract domain hash and message hash to approve.
+
+##### 3.2.1 Validate integrity of the simulation.
+
+Make sure you are on the "Overview" tab of the tenderly simulation, to
+validate integrity of the simulation, we need to check the following:
+
+1. "Network": Check the network is Mainnet.
+2. "Timestamp": Check the simulation is performed on a block with a
+   recent timestamp (i.e. close to when you run the script).
+3. "Sender": Check the address shown is your signer account. If not see the derivation path Note above.
+
+##### 3.2.2. Validate correctness of the state diff.
+
+Now click on the "State" tab, and refer to the [State Validations](./VALIDATION.md) instructions for the transaction you are signing.
+Once complete return to this document to complete the signing.
+
+##### 3.2.3. Extract the domain hash and the message hash to approve.
+
+Now that we have verified the transaction performs the right
+operation, we need to extract the domain hash and the message hash to
+approve.
+
+Go back to the "Overview" tab, and find the
+`GnosisSafe.checkSignatures` call. This call's `data` parameter
+contains both the domain hash and the message hash that will show up
+in your Ledger.
+
+It will be a concatenation of `0x1901`, the domain hash, and the
+message hash: `0x1901[domain hash][message hash]`.
+
+Note down this value. You will need to compare it with the ones
+displayed on the Ledger screen at signing.
+
+Once the validations are done, it's time to actually sign the
+transaction.
+
+> [!WARNING]
+> This is the most security critical part of the playbook: make sure the
+> domain hash and message hash in the following two places match:
+>
+> 1. On your Ledger screen.
+> 2. In the Tenderly simulation. You should use the same Tenderly
+>    simulation as the one you used to verify the state diffs, instead
+>    of opening the new one printed in the console.
+>
+> There is no need to verify anything printed in the console. There is
+> no need to open the new Tenderly simulation link either.
+
+After verification, sign the transaction. You will see the `Data`,
+`Signer` and `Signature` printed in the console. Format should be
+something like this:
+
+```shell
+Data:  <DATA>
+Signer: <ADDRESS>
+Signature: <SIGNATURE>
+```
+
+Double check the signer address is the right one.
+
+##### 3.2.4 Send the output to Facilitator(s)
+
+Nothing has occurred onchain - these are offchain signatures which
+will be collected by Facilitators for execution. Execution can occur
+by anyone once a threshold of signatures are collected, so a
+Facilitator will do the final execution for convenience.
+
+Share the `Data`, `Signer` and `Signature` with the Facilitator, and
+congrats, you are done!
+
+### [For Facilitator ONLY] How to execute
+
+#### Execute the transaction
+
+1. IMPORTANT: Ensure op-challenger has been updated before executing.
+1. Collect outputs from all participating signers.
+1. Concatenate all signatures and export it as the `SIGNATURES`
+   environment variable, i.e. `export
+SIGNATURES="[SIGNATURE1][SIGNATURE2]..."`.
+1. Run the `make execute` command as described below to execute the transaction.
+
+For example, if the quorum is 2 and you get the following outputs:
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE01
+Signature: AAAA
+```
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE02
+Signature: BBBB
+```
+
+Then you should run:
+
+```bash
+SIGNATURES=AAAABBBB make execute
+```

sepolia/2025-04-01-nested-ownership-transfer/foundry.toml

@@ -0,0 +1,19 @@
+[profile.default]
+src = 'src'
+out = 'out'
+libs = ['lib']
+broadcast = 'records'
+fs_permissions = [{ access = "read-write", path = "./" }]
+optimizer = true
+optimizer_runs = 999999
+via-ir = false
+remappings = [
+    '@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/',
+    '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts',
+    '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts',
+    '@rari-capital/solmate/=lib/solmate/',
+    '@base-contracts/=lib/base-contracts',
+    'solady/=lib/solady/src/',
+]
+
+# See more config options https://github.com/foundry-rs/foundry/tree/master/config

sepolia/2025-04-01-nested-ownership-transfer/script/DeploySafes.s.sol

@@ -0,0 +1,101 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.24;
+
+import {Script} from "forge-std/Script.sol";
+import {Safe} from "safe-smart-account/contracts/Safe.sol";
+import {SafeProxy} from "safe-smart-account/contracts/proxies/SafeProxy.sol";
+import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
+import {console} from "forge-std/console.sol";
+
+contract DeploySafes is Script {
+    using Strings for address;
+
+    address private SAFE_IMPLEMENTATION = vm.envAddress("L1_GNOSIS_SAFE_IMPLEMENTATION");
+    address private FALLBACK_HANDLER = vm.envAddress("L1_GNOSIS_COMPATIBILITY_FALLBACK_HANDLER");
+    address private OWNER_SAFE = vm.envAddress("OWNER_SAFE");
+    address private zAddr;
+
+    address[] private OWNER_SAFE_OWNERS;
+    uint256 private OWNER_SAFE_THRESHOLD;
+
+    address[] private SAFE_B_OWNERS;
+    uint256 private SAFE_B_THRESHOLD;
+
+    function run() public {
+        Safe ownerSafe = Safe(payable(OWNER_SAFE));
+        OWNER_SAFE_OWNERS = ownerSafe.getOwners();
+        OWNER_SAFE_THRESHOLD = ownerSafe.getThreshold();
+
+        SAFE_B_OWNERS = abi.decode(vm.envBytes("SAFE_B_OWNERS_ENCODED"), (address[]));
+        SAFE_B_THRESHOLD = vm.envUint("SAFE_B_THRESHOLD");
+
+        require(OWNER_SAFE_OWNERS.length == 14, "Owner safe owners length must be 14");
+        require(SAFE_B_OWNERS.length == 10, "Safe B owners length must be 10");
+
+        require(OWNER_SAFE_THRESHOLD == 3, "Owner safe threshold must be 3");
+        require(SAFE_B_THRESHOLD == 1, "Safe B threshold must be 1");
+
+        console.log("Deploying SafeA with owners:");
+        _printOwners(OWNER_SAFE_OWNERS);
+
+        console.log("Deploying SafeB with owners:");
+        _printOwners(SAFE_B_OWNERS);
+
+        console.log("Threshold of SafeA:", OWNER_SAFE_THRESHOLD);
+        console.log("Threshold of SafeB:", SAFE_B_THRESHOLD);
+
+        vm.startBroadcast();
+        // First safe maintains the same owners + threshold as the current owner safe
+        address safeA = _createAndInitProxy(OWNER_SAFE_OWNERS, OWNER_SAFE_THRESHOLD);
+        // Second safe specifies its own owners + threshold
+        address safeB = _createAndInitProxy(SAFE_B_OWNERS, SAFE_B_THRESHOLD);
+        vm.stopBroadcast();
+        _postCheck(safeA, safeB);
+
+        vm.writeFile(
+            "addresses.json",
+            string.concat(
+                "{", "\"SafeA\": \"", safeA.toHexString(), "\",", "\"SafeB\": \"", safeB.toHexString(), "\"" "}"
+            )
+        );
+    }
+
+    function _postCheck(address safeAAddress, address safeBAddress) private view {
+        Safe safeA = Safe(payable(safeAAddress));
+        Safe safeB = Safe(payable(safeBAddress));
+
+        address[] memory safeAOwners = safeA.getOwners();
+        uint256 safeAThreshold = safeA.getThreshold();
+
+        address[] memory safeBOwners = safeB.getOwners();
+        uint256 safeBThreshold = safeB.getThreshold();
+
+        require(safeAThreshold == 3, "PostCheck 1");
+        require(safeBThreshold == 1, "PostCheck 2");
+
+        require(safeAOwners.length == 14, "PostCheck 3");
+        require(safeBOwners.length == 10, "PostCheck 4");
+
+        for (uint256 i; i < safeAOwners.length; i++) {
+            require(safeAOwners[i] == OWNER_SAFE_OWNERS[i], "PostCheck 5");
+        }
+
+        for (uint256 i; i < safeBOwners.length; i++) {
+            require(safeBOwners[i] == SAFE_B_OWNERS[i], "PostCheck 6");
+        }
+
+        console.log("PostCheck passed");
+    }
+
+    function _createAndInitProxy(address[] memory owners, uint256 threshold) private returns (address) {
+        Safe proxy = Safe(payable(address(new SafeProxy(SAFE_IMPLEMENTATION))));
+        proxy.setup(owners, threshold, zAddr, "", FALLBACK_HANDLER, zAddr, 0, payable(zAddr));
+        return address(proxy);
+    }
+
+    function _printOwners(address[] memory owners) private pure {
+        for (uint256 i; i < owners.length; i++) {
+            console.logAddress(owners[i]);
+        }
+    }
+}