Merge pull request #1 from cardstack/safe-ownership-2

Integrate safe management scripts and add tests

.github/workflows/main.yml

@@ -40,4 +40,5 @@ jobs:
           node-version: "16"
           cache: "yarn"
       - run: yarn --prefer-offline --frozen-lockfile
+      - run: yarn recompile
       - run: yarn lint

.gitignore

@@ -74,5 +74,8 @@ cache
 coverage.json
 
 UpgradeManager.sol.json
+GnosisSafe.sol.json
+GnosisSafeProxyFactory.sol.json
+IProxyAdmin.sol.json
 
 plugin-tests/fixture-projects/tmp/

README.md

@@ -215,6 +215,26 @@ hardhat deploy:upgrade --network localhost --fork goerli --impersonate-address $
 ```
 
 
+## `deploy:upgrade` command
+
+Usage: hardhat [GLOBAL OPTIONS] deploy:upgrade [--auto-confirm <BOOLEAN>] [--derivation-path <STRING>] [--fork <STRING>] [--impersonate-address <STRING>] [--mnemonic <STRING>] [--prior-signatures <STRING>] newVersion
+
+OPTIONS:
+
+  --auto-confirm        Don't ask for confirmation, useful in scripts / tests (default: false)
+  --derivation-path     Derivation path to use when using mnemonic or trezor
+  --fork                The network to fork
+  --impersonate-address Address to impersonate deploying from (usually only makes sense whilst forking)
+  --mnemonic            Mnemonic to use for deploy actions
+  --prior-signatures    Prior safe signatures collected for this operation
+
+POSITIONAL ARGUMENTS:
+
+  newVersion  The new version number to set on the upgrade manager. Does not have to increase or change
+
+deploy:upgrade: Applies pending contract upgrades and config changes atomically
+
+
 ## Contract configuration
 
 For each contract id above that you want to configure, add a file in the `config/` subdirectory of your hardhat project, for example:
@@ -286,10 +306,135 @@ contract MockUpgradeableContract {
 
 The reason to use a single setter method instead of a setter for each
 property is to avoid contract-bloat with many setter functions. Usually this
-would be inconvenient to manually manager, however with the automated
+would be inconvenient to manually manage, however with the automated
 configuration provided by the UpgradeManager this optimisation is no longer
 inconvenient to use
 
+
+## Adding and removing upgrade proposers
+
+### deploy:add-proposer
+
+Usage: hardhat [GLOBAL OPTIONS] deploy:add-proposer [--auto-confirm <BOOLEAN>] [--derivation-path <STRING>] [--fork <STRING>] [--impersonate-address <STRING>] [--mnemonic <STRING>] [--prior-signatures <STRING>] proposerAddress
+
+OPTIONS:
+
+  --auto-confirm        Don't ask for confirmation, useful in scripts / tests (default: false)
+  --derivation-path     Derivation path to use when using mnemonic or trezor
+  --fork                The network to fork
+  --impersonate-address Address to impersonate deploying from (usually only makes sense whilst forking)
+  --mnemonic            Mnemonic to use for deploy actions
+  --prior-signatures    Prior safe signatures collected for this operation
+
+POSITIONAL ARGUMENTS:
+
+  proposerAddress The proposer address to add
+
+deploy:add-proposer: Adds a proposer
+
+### deploy:remove-proposer
+
+Usage: hardhat [GLOBAL OPTIONS] deploy:remove-proposer [--auto-confirm <BOOLEAN>] [--derivation-path <STRING>] [--fork <STRING>] [--impersonate-address <STRING>] [--mnemonic <STRING>] [--prior-signatures <STRING>] proposerAddress
+
+OPTIONS:
+
+  --auto-confirm        Don't ask for confirmation, useful in scripts / tests (default: false)
+  --derivation-path     Derivation path to use when using mnemonic or trezor
+  --fork                The network to fork
+  --impersonate-address Address to impersonate deploying from (usually only makes sense whilst forking)
+  --mnemonic            Mnemonic to use for deploy actions
+  --prior-signatures    Prior safe signatures collected for this operation
+
+POSITIONAL ARGUMENTS:
+
+  proposerAddress The proposer address to remove
+
+deploy:remove-proposer: Removes a proposer
+
+## Gnosis Safe Ownership of upgrade manager
+
+It is recommended that after initial deploy, you transfer ownership of the upgrade manager to a gnosis safe.
+
+
+### deploy:safe-setup
+
+Usage: hardhat [GLOBAL OPTIONS] deploy:safe-setup [--auto-confirm <BOOLEAN>] [--derivation-path <STRING>] [--fork <STRING>] [--impersonate-address <STRING>] [--mnemonic <STRING>] [--prior-signatures <STRING>] newSafeOwners [newSafeThreshold]
+
+OPTIONS:
+
+  --auto-confirm        Don't ask for confirmation, useful in scripts / tests (default: false)
+  --derivation-path     Derivation path to use when using mnemonic or trezor
+  --fork                The network to fork
+  --impersonate-address Address to impersonate deploying from (usually only makes sense whilst forking)
+  --mnemonic            Mnemonic to use for deploy actions
+  --prior-signatures    Prior safe signatures collected for this operation
+
+POSITIONAL ARGUMENTS:
+
+  newSafeOwners     The new owners of the safe, comma seperated addresses
+  newSafeThreshold  The new threshold for the safe (default: 1)
+
+deploy:safe-setup: Setup a new Gnosis Safe contract and transfer ths ownership of the upgrade manager to the new safe
+
+### deploy:add-safe-owner
+
+Usage: hardhat [GLOBAL OPTIONS] deploy:add-safe-owner [--auto-confirm <BOOLEAN>] [--derivation-path <STRING>] [--fork <STRING>] [--impersonate-address <STRING>] [--mnemonic <STRING>] [--new-safe-threshold <INT>] [--prior-signatures <STRING>] newSafeOwnerAddress
+
+OPTIONS:
+
+  --auto-confirm        Don't ask for confirmation, useful in scripts / tests (default: false)
+  --derivation-path     Derivation path to use when using mnemonic or trezor
+  --fork                The network to fork
+  --impersonate-address Address to impersonate deploying from (usually only makes sense whilst forking)
+  --mnemonic            Mnemonic to use for deploy actions
+  --new-safe-threshold  The new threshold for the safe, if it changes
+  --prior-signatures    Prior safe signatures collected for this operation
+
+POSITIONAL ARGUMENTS:
+
+  newSafeOwnerAddress The safe owner address to add
+
+deploy:add-safe-owner: Adds a safe owner
+
+### deploy:remove-safe-owner
+
+Usage: hardhat [GLOBAL OPTIONS] deploy:remove-safe-owner [--auto-confirm <BOOLEAN>] [--derivation-path <STRING>] [--fork <STRING>] [--impersonate-address <STRING>] [--mnemonic <STRING>] [--new-safe-threshold <INT>] [--prior-signatures <STRING>] removeSafeOwnerAddress
+
+OPTIONS:
+
+  --auto-confirm        Don't ask for confirmation, useful in scripts / tests (default: false)
+  --derivation-path     Derivation path to use when using mnemonic or trezor
+  --fork                The network to fork
+  --impersonate-address Address to impersonate deploying from (usually only makes sense whilst forking)
+  --mnemonic            Mnemonic to use for deploy actions
+  --new-safe-threshold  The new threshold for the safe, if it changes
+  --prior-signatures    Prior safe signatures collected for this operation
+
+POSITIONAL ARGUMENTS:
+
+  removeSafeOwnerAddress  The safe owner address to remove
+
+deploy:remove-safe-owner: Removes a safe owner
+
+### deploy:set-safe-threshold
+
+Usage: hardhat [GLOBAL OPTIONS] deploy:set-safe-threshold [--auto-confirm <BOOLEAN>] [--derivation-path <STRING>] [--fork <STRING>] [--impersonate-address <STRING>] [--mnemonic <STRING>] [--prior-signatures <STRING>] newSafeThreshold
+
+OPTIONS:
+
+  --auto-confirm        Don't ask for confirmation, useful in scripts / tests (default: false)
+  --derivation-path     Derivation path to use when using mnemonic or trezor
+  --fork                The network to fork
+  --impersonate-address Address to impersonate deploying from (usually only makes sense whilst forking)
+  --mnemonic            Mnemonic to use for deploy actions
+  --prior-signatures    Prior safe signatures collected for this operation
+
+POSITIONAL ARGUMENTS:
+
+  newSafeThreshold  The new threshold for the safe
+
+deploy:set-safe-threshold: Sets the threshold for a safe
+
 ## Testing
 
 Running `yarn test` will run the solidity tests along with the plugin tests

contracts/imports.sol

@@ -0,0 +1,5 @@
+pragma solidity 0.8.17;
+
+// These imports are here just so that the compiled code is available in typechain types and artifacts
+import "@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol";
+import "@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol";

hardhat.config.ts

@@ -6,7 +6,24 @@ import "hardhat-contract-sizer";
 import { HardhatUserConfig } from "hardhat/config";
 
 const config: HardhatUserConfig = {
-  solidity: "0.8.17",
+  solidity: {
+    compilers: [
+      {
+        version: "0.8.17",
+      },
+    ],
+
+    overrides: {
+      "@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol": {
+        version: "0.8.17",
+        settings: {
+          optimizer: {
+            enabled: true,
+          },
+        },
+      },
+    },
+  },
 };
 
 export default config;

package.json

@@ -77,13 +77,16 @@
     "hardhat": "^2.0.0"
   },
   "dependencies": {
+    "@gnosis.pm/safe-contracts": "^1.3.0",
+    "@gnosis.pm/safe-deployments": "^1.0.0",
     "@nomicfoundation/hardhat-network-helpers": "^1.0.0",
     "@openzeppelin/contracts-upgradeable": "^4.8.0-rc.1",
     "@openzeppelin/hardhat-upgrades": "^1.21.0",
     "cli-table3": "^0.6.3",
     "colors": "^1.4.0",
     "cpr-promise": "^0.2.6",
     "enquirer": "^2.3.6",
+    "evm-chains": "^0.2.0",
     "fs-extra": "^10.1.0",
     "lodash": "^4.17.21",
     "trezor-cli-wallet-provider": "^1.0.7"

plugin-tests/helpers.ts

@@ -2,6 +2,7 @@ import { EventEmitter } from "events";
 import { existsSync, readFileSync, writeFileSync } from "fs";
 import path from "path";
 
+import { hardhatChaiMatchers } from "@nomicfoundation/hardhat-chai-matchers/internal/hardhatChaiMatchers";
 import { setBalance } from "@nomicfoundation/hardhat-network-helpers";
 import chai from "chai";
 import chaiAsPromised from "chai-as-promised";
@@ -13,15 +14,17 @@ import { Context } from "mocha";
 import rmrf from "rmrf";
 import { stdout } from "test-console";
 
-import { getErrorMessageAndStack } from "../shared";
+import { getErrorMessageAndStack, readArtifactFromPlugin } from "../shared";
 import {
   CREATE2_PROXY_DEPLOYMENT_COST,
   CREATE2_PROXY_DEPLOYMENT_SIGNER_ADDRESS,
+  deployCreate2Contract,
   deployCreate2Proxy,
 } from "../src/create2";
 import { UpgradeManager } from "../typechain-types";
 
 chai.use(chaiAsPromised);
+chai.use(hardhatChaiMatchers);
 
 declare module "mocha" {
   interface Context {
@@ -173,3 +176,27 @@ export async function setupCreate2Proxy(hre: HardhatRuntimeEnvironment) {
 export const HardhatFirstAddress = "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266";
 export const HardhatSecondAddress =
   "0x70997970C51812dc3A010C7d01b50e0d17dc79C8";
+
+export async function deployGnosisSafeProxyFactoryAndSingleton(
+  hre: HardhatRuntimeEnvironment
+): Promise<void> {
+  let { abi, bytecode } = readArtifactFromPlugin("GnosisSafe");
+
+  let GnosisSafe = await hre.ethers.getContractFactory(abi, bytecode);
+
+  await deployCreate2Contract({
+    signer: hre.ethers.provider.getSigner(),
+    bytecode: GnosisSafe.bytecode,
+  });
+
+  ({ abi, bytecode } = readArtifactFromPlugin("GnosisSafeProxyFactory"));
+
+  let GnosisSafeProxyFactory = await hre.ethers.getContractFactory(
+    abi,
+    bytecode
+  );
+  await deployCreate2Contract({
+    signer: hre.ethers.provider.getSigner(),
+    bytecode: GnosisSafeProxyFactory.bytecode,
+  });
+}