Git Product home page Git Product logo

safe-module's Introduction

Withdraw Module

Withdraw module allows accounts not related to the Safe to withdraw a predetermined amount of a specific token using alternative access scheme.

Approach

  • Made myself aware of Safe contracts and Modules
  • Looked into and then later borrowed some code from safe-modules repo
  • Dusted off my basic knowledge of digital signatures
  • Started building out the MVP trying to mostly go with the TDD approach
  • After I was done with the main features, I added additional security & sanity checks (i.e. slither, solhint, basic CI)

Run it locally

# Clone the repo
git clone https://github.com/ninabarbakadze/safe-module

# Go into the newly cloned repo
cd safe-module

# Install dev dependencies with yarn
yarn

# Install submodule dependencies with forge
forge install

# Compile the smart contracts with forge
forge build

# Run all tests with forge
forge test

Slither

Install slither, if not already installed.

pip3 install slither-analyzer

Running slither locally requires you to build only a subset of packages:

forge clean
forge build --build-info --skip tests
slither . --foundry-ignore-compile

If you want to ignore a slither warning run:

slither . --foundry-ignore-compile --triage-mode

For triage mode, in which you can choose to ignore warnings which are added to slither.db.json

Deployment

The next thing I'd do would be to actually deploy the Module onto a public testnet. There's certain types of issues you only really start thinking about and finding by interacting with a live system. I'd perform some manual testing, write deployment checks and fork tests that run on top of the deployment.

Improvements

  • Write a more comprehensive test suit including integration, fuzz, invariant and maybe some property based testing with echidna
  • Extend Withdraw contract to work with different Safes and tokens
  • Should work with multiple signatures depending on the threshold required by the Safe

Security

As TokenWithdrawModule deals with moving user's funds out of the Safe and signature verification there has to be vigorous testing and audit done in order to avoid common security vulnerabilities associated with such functionality like reentrancy and signature replay attacks.

Developer Experience

  • Add more GitHub Actions & checks like test coverage reports, etc to ensure that the system is properly verified
  • Add audit report and proper documentation to make the module easier to use and integrate

safe-module's People

Contributors

ninabarbakadze avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.