SaferSafes Release
Overview
SaferSafes is a combined Safe extension that provides both liveness module and timelock guard functionality in a single contract. It can be enabled simultaneously as both a module and a guard on a Safe multisig wallet.
Safe Version Compatibility: Safe 1.4.1 only
Components
LivenessModule2
Enables challenge-based ownership transfer to a fallback owner when Safe owners become unresponsive.
Configuration:
livenessResponsePeriod: Duration Safe owners have to respond to a challengefallbackOwner: Address that can initiate challenges and receive ownership
Flow:
- Fallback owner calls
challenge() - Safe owners have
livenessResponsePeriodto callrespond() - If no response, fallback owner calls
changeOwnershipToFallback()to become sole owner
TimelockGuard
Enforces transaction delays and allows a subset of signers to cancel scheduled transactions.
Configuration:
timelockDelay: Required delay before transaction execution (max 365 days)
Flow:
- Schedule transaction via
scheduleTransaction()with required signatures - Wait for timelock delay to pass
- Execute transaction through Safe
- Optionally cancel with
cancelTransaction()using cancellation threshold signatures
Cancellation Threshold: Starts at 1, increases after each cancellation, resets after successful execution.
Critical Invariant
When both components are enabled, the liveness response period must be at least 2x the timelock delay:
if (livenessResponsePeriod < 2 * timelockDelay) {
revert SaferSafes_InsufficientLivenessResponsePeriod();
}This ensures the Safe can always respond to a challenge even when transactions are timelocked.
Changelog
v1.1.0
- Audit fixes
v1.0.0
- Initial implementation
- Combined liveness module and timelock guard functionality
- Challenge-based ownership transfer via LivenessModule2
- Transaction scheduling with configurable timelock via TimelockGuard
- Anti-griefing cancellation threshold mechanism
- FREI-PI invariant validation for combined configuration