|
| 1 | +# Funding |
| 2 | + |
| 3 | +Status: READY TO SIGN |
| 4 | + |
| 5 | +## Description |
| 6 | + |
| 7 | +This task contains a single script that can be used to fund addresses from a Gnosis Safe. |
| 8 | + |
| 9 | +## Procedure |
| 10 | + |
| 11 | +### 1. Update repo: |
| 12 | + |
| 13 | +```bash |
| 14 | +cd contract-deployments |
| 15 | +git pull |
| 16 | +cd mainnet/2025-05-06-fund-ledgers |
| 17 | +make deps |
| 18 | +``` |
| 19 | + |
| 20 | +### 2. Setup Ledger |
| 21 | + |
| 22 | +Your Ledger needs to be connected and unlocked. The Ethereum |
| 23 | +application needs to be opened on Ledger with the message "Application |
| 24 | +is ready". |
| 25 | + |
| 26 | +### 3. Simulate, Validate, and Sign |
| 27 | + |
| 28 | +#### 3.1. Simulate and validate the transaction |
| 29 | + |
| 30 | +Make sure your ledger is still unlocked and run the following commands for both Ethereum and Base: |
| 31 | + |
| 32 | +```bash |
| 33 | +make sign-ethereum |
| 34 | +``` |
| 35 | + |
| 36 | +```bash |
| 37 | +make sign-base |
| 38 | +``` |
| 39 | + |
| 40 | +For each run, you will see a "Simulation link" from the output. |
| 41 | + |
| 42 | +Paste this URL in your browser. A prompt may ask you to choose a |
| 43 | +project, any project will do. You can create one if necessary. |
| 44 | + |
| 45 | +Click "Simulate Transaction". |
| 46 | + |
| 47 | +We will be performing 3 validations and extract the domain hash and |
| 48 | +message hash to approve on your Ledger: |
| 49 | + |
| 50 | +1. Validate integrity of the simulation. |
| 51 | +2. Validate correctness of the state diff. |
| 52 | +3. Validate and extract domain hash and message hash to approve. |
| 53 | + |
| 54 | +##### 3.1.1. Validate integrity of the simulation. |
| 55 | + |
| 56 | +Make sure you are on the "Overview" tab of the tenderly simulation, to |
| 57 | +validate integrity of the simulation, we need to check the following: |
| 58 | + |
| 59 | +1. "Network": Check the network is `Mainnet` (when running `make sign-ethereum`) or `Base` (when running `make sign-base`). |
| 60 | +2. "Timestamp": Check the simulation is performed on a block with a |
| 61 | + recent timestamp (i.e. close to when you run the script). |
| 62 | + |
| 63 | +##### 3.1.2. Validate correctness of the state diff. |
| 64 | + |
| 65 | +Now click on the "State" tab, and refer to the [Ethereum State](./validations/ethereum.md) or [Base State](./validations/base.md) validations instructions for the transaction you are signing. Once complete return to this document to complete the signing. |
| 66 | + |
| 67 | +### 4. Extract the domain hash and the message hash to approve. |
| 68 | + |
| 69 | +Now that we have verified the transaction performs the right |
| 70 | +operation, we need to extract the domain hash and the message hash to |
| 71 | +approve. |
| 72 | + |
| 73 | +Go back to the "Overview" tab, and find the |
| 74 | +`GnosisSafe.checkSignatures` call. This call's `data` parameter |
| 75 | +contains both the domain hash and the message hash that will show up |
| 76 | +in your Ledger. |
| 77 | + |
| 78 | +It will be a concatenation of `0x1901`, the domain hash, and the |
| 79 | +message hash: `0x1901[domain hash][message hash]`. |
| 80 | + |
| 81 | +Note down this value. You will need to compare it with the ones |
| 82 | +displayed on the Ledger screen at signing. |
| 83 | + |
| 84 | +Once the validations are done, it's time to actually sign the |
| 85 | +transaction. |
| 86 | + |
| 87 | +> [!WARNING] |
| 88 | +> This is the most security critical part of the playbook: make sure the |
| 89 | +> domain hash and message hash in the following three places match: |
| 90 | +> |
| 91 | +> 1. On your Ledger screen. |
| 92 | +> 2. In the terminal output. |
| 93 | +> 3. In the Tenderly simulation. You should use the same Tenderly |
| 94 | +> simulation as the one you used to verify the state diffs, instead |
| 95 | +> of opening the new one printed in the console. |
| 96 | +> |
| 97 | +
|
| 98 | +After verification, sign the transaction. You will see the `Data`, |
| 99 | +`Signer` and `Signature` printed in the console. Format should be |
| 100 | +something like this: |
| 101 | + |
| 102 | +```shell |
| 103 | +Data: <DATA> |
| 104 | +Signer: <ADDRESS> |
| 105 | +Signature: <SIGNATURE> |
| 106 | +``` |
| 107 | + |
| 108 | +Double check the signer address is the right one. |
| 109 | + |
| 110 | +#### 4.1. Send the output to Facilitator(s) |
| 111 | + |
| 112 | +Nothing has occurred onchain - these are offchain signatures which |
| 113 | +will be collected by Facilitators for execution. Execution can occur |
| 114 | +by anyone once a threshold of signatures are collected, so a |
| 115 | +Facilitator will do the final execution for convenience. |
| 116 | + |
| 117 | +Share the `Data`, `Signer` and `Signature` with the Facilitator, and |
| 118 | +congrats, you are done! |
| 119 | + |
| 120 | +### [For Facilitator ONLY] How to execute |
| 121 | + |
| 122 | +#### Execute the transaction |
| 123 | + |
| 124 | +1. Collect outputs from all participating signers. |
| 125 | +1. Concatenate all signatures and export it as the `SIGNATURES` |
| 126 | + environment variable, i.e. `export |
| 127 | +SIGNATURES="[SIGNATURE1][SIGNATURE2]..."`. |
| 128 | +1. Run the `make execute-ethereum` or `make execute-base` command as described below to execute the transaction. |
| 129 | + |
| 130 | +For example, if the quorum is 2 and you get the following outputs: |
| 131 | + |
| 132 | +```shell |
| 133 | +Data: 0xDEADBEEF |
| 134 | +Signer: 0xC0FFEE01 |
| 135 | +Signature: AAAA |
| 136 | +``` |
| 137 | + |
| 138 | +```shell |
| 139 | +Data: 0xDEADBEEF |
| 140 | +Signer: 0xC0FFEE02 |
| 141 | +Signature: BBBB |
| 142 | +``` |
| 143 | + |
| 144 | +Then you should run: |
| 145 | + |
| 146 | +Coinbase facilitator: |
| 147 | + |
| 148 | +```bash |
| 149 | +SIGNATURES=AAAABBBB make execute |
| 150 | +``` |
0 commit comments