feat: Add delegate call guard functionality to SafeTxPool #21
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add comprehensive delegate call control system with per-Safe configuration - Implement three security levels: disabled (default), enabled, and restricted - Add management functions for enabling/disabling and target whitelisting - Enhance checkTransaction to enforce delegate call restrictions - Add events and custom errors for delegate call operations - Maintain backward compatibility with existing functionality - Add comprehensive test suite with 9 new tests - Add documentation and example script - All 61 tests passing with zero breaking changes Implements on/off control for delegate calls (operation = 1) as requested.
- Consolidate long function calls onto single lines - Remove trailing whitespace - Apply consistent Solidity formatting standards
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements a comprehensive delegate call guard mechanism for the SafeTxPool contract, allowing Safe wallets to control when and where delegate calls (operation = 1) can be executed.
Features Added
🔒 Delegate Call Control System
🛠 Management Functions
setDelegateCallEnabled(address safe, bool enabled)- Enable/disable delegate callsaddDelegateCallTarget(address safe, address target)- Add allowed delegate call targetremoveDelegateCallTarget(address safe, address target)- Remove allowed targetisDelegateCallEnabled(address safe)- Check if delegate calls are enabledisDelegateCallTargetAllowed(address safe, address target)- Check if target is allowed🔐 Security Model
Three Progressive Security Levels:
Always Allowed Operations:
📊 Events & Error Handling
DelegateCallToggled(address indexed safe, bool enabled)DelegateCallTargetAdded(address indexed safe, address indexed target)DelegateCallTargetRemoved(address indexed safe, address indexed target)DelegateCallDisabled(),DelegateCallTargetNotAllowed()Files Changed
Core Implementation
src/SafeTxPool.sol: Enhanced with delegate call guard functionalitycheckTransactionto enforce delegate call restrictionsTesting
test/SafeTxPoolDelegateCallGuard.t.sol: Comprehensive test suite (9 tests)Documentation & Examples
DELEGATE_CALL_GUARD.md: Complete documentation with usage examplesscript/DelegateCallGuardExample.s.sol: Working example script demonstrating all featuresTesting Results
✅ All tests passing: 61 total tests (9 new + 52 existing)
✅ No breaking changes: All existing functionality preserved
✅ Comprehensive coverage: Edge cases, error conditions, and integration scenarios tested
Usage Example
Migration & Backward Compatibility
Security Considerations
Related Issues
Implements delegate call guard functionality as requested to provide on/off control for delegate calls (operation = 1) in SafeTxPool.
Ready for review 🚀
Pull Request opened by Augment Code with guidance from the PR author