From 5af8fe625a26de4aaf79e6e17ab4736099df32c8 Mon Sep 17 00:00:00 2001 From: spengrah Date: Mon, 18 Nov 2024 16:47:28 -0600 Subject: [PATCH 1/6] update readme --- README.md | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 82 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bfcea7c..b3f1ec3 100644 --- a/README.md +++ b/README.md @@ -28,22 +28,94 @@ B) **Signers cannot execute transactions that remove the constraint in (A)**. Sp 2. Removing the contract as a module on the multisig — or removing/changing/adding any other modules, 3. Changing the multisig threshold 4. Changing the multisig owners +5. Making delegatecalls to any target not approved by the owner + > **Warning** > Protections against (3) and (4) above only hold if the Safe does not have any authority over the signer Hat(s). If it does — e.g. it wears an admin Hat of the signer Hat(s) or is an eligibility or toggle module on the signer Hat(s) — then in some cases the signers may be able to change the multisig threshold or owners. > > Proceed with caution if granting such authority to a Safe attached to HatsSignerGate. -### Contract Ownership +### Signer Management + +Hats Signer Gate provides several ways to manage Safe signers based on their hat-wearing status: + +#### Claiming Signer Rights +- Individual hat wearers can claim their own signing rights via `claimSigner()` +- Must be wearing a valid signer hat at time of claim +- Each signer's hat ID is registered and tracked for future validation + +#### Claiming for Others +When enabled by the owner (`claimableFor = true`): +- Anyone can claim signing rights on behalf of valid hat wearers via `claimSignerFor()` or `claimSignersFor()` +- Useful for batch onboarding of signers +- Prevents re-registration if signer is still wearing their currently registered hat + +#### Signer Removal +- Signers who no longer wear their registered hat can be removed via `removeSigner()` +- Threshold automatically adjusts according to the threshold configuration +- If the removed signer was the last valid signer, the contract itself becomes the sole owner + +### Threshold Configuration + +The threshold (number of required signatures) is managed dynamically based on the `ThresholdConfig`: + +#### Threshold Types +1. **ABSOLUTE** + - Sets a fixed target number of required signatures + - Example: Always require exactly 3 signatures + - Bounded by min threshold and number of valid signers + +2. **PROPORTIONAL** + - Sets a percentage of total signers required (in basis points) + - Example: Require 51% of signers (5100 basis points) + - Actual number of required signatures rounds up + - Still bounded by min threshold + +#### Configuration Parameters +- `min`: Minimum number of required signatures (must be > 0) +- `target`: Either fixed number (ABSOLUTE) or percentage in basis points (PROPORTIONAL) +- `thresholdType`: ABSOLUTE (0) or PROPORTIONAL (1) -Hats Signer Gate uses the [HatsOwned](https://github.com/Hats-Protocol/hats-auth/) mix-in to manage ownership via a specified `ownerHat`. +The Safe's threshold is automatically adjusted when: +- New signers are added +- Existing signers are removed +- Threshold configuration is changed + +### Delegatecall Targets + +HSG restricts delegatecalls to protect the Safe from unauthorized modifications. Only approved targets can receive delegatecalls. + +#### Default Enabled Targets +The following MultiSend libraries are enabled by default: + +| Address | Version | Type | +| --- | --- | --- | +| `0x40A2aCCbd92BCA938b02010E17A5b8929b49130D` | v1.3.0 | canonical | +| `0xA1dabEF33b3B82c7814B6D82A79e50F4AC44102B` | v1.3.0 | eip155 | +| `0x9641d764fc13c8B624c04430C7356C1C7C8102e2` | v1.4.1 | canonical | + +See [safe-deployments](https://github.com/safe-global/safe-deployments/tree/main/src/assets) for more information. + +#### Security Considerations +- Delegatecalls can modify Safe state if not properly restricted +- HSG validates that approved delegatecalls don't modify critical Safe parameters +- Direct calls to the Safe are always prohibited + +### Contract Ownership The wearer of the `ownerHat` can make the following changes to Hats Signer Gate: 1. "Transfer" ownership to a new Hat by changing the `ownerHat` -2. Set the acceptable multisig threshold range by changing `minThreshold` and `targetThreshold` -3. Add other Zodiac modules to the multisig -4. Add other Hats as valid signer Hats +2. Change the threshold configuration +3. Enable other Zodiac modules on HSG itself +4. Enable another Zodiac guard on HSG itself +5. Add other Hats as valid signer Hats +6. Enable or disable the ability for others to claim signer rights on behalf of valid hat wearers (`claimableFor`) +7. Detach HatsSignerGate from the Safe (removing it as both guard and module) +8. Migrate to a new HatsSignerGate instance +9. Enable or disable specific delegatecall targets +10. Lock the contract permanently, preventing any further owner changes ### Deploying New Instances @@ -53,13 +125,17 @@ Instances can be created for an existing Safe by passing the Safe address on ini ### Security Audits -This project has received the following security audits. See the [audits directory](./audits/) for the detailed reports. +v1 of this project has received the following security audits. See the [audits directory](./audits/) for the detailed reports. | Auditor | Report Date | Commit Hash | Notes | | --- | --- | --- | --- | | Trust Security | Feb 23, 2023 | [b9b7fcf](https://github.com/Hats-Protocol/hats-zodiac/commit/b9b7fcf22fd5cbb98c7d93dead590e80bf9c780a) | Report also includes findings from [Hats Protocol](https://github.com/Hats-Protocol/hats-protocol) audit | | Sherlock | May 3, 2023 | [9455c0](https://github.com/Hats-Protocol/hats-zodiac/commit/9455cc0957762f5dbbd8e62063d970199109b977) | Report also includes findings from [Hats Protocol](https://github.com/Hats-Protocol/hats-protocol) audit | +v2 — the present version — of this project will be audited soon. + ### Recent Deployments See [Releases](https://github.com/Hats-Protocol/hats-zodiac/releases) for deployments. Specific deployment parameters are [stored here](./script/DeployParams.json). + + From 27dae136b6980b9dfa620f030a174658ae810553 Mon Sep 17 00:00:00 2001 From: spengrah Date: Mon, 18 Nov 2024 16:47:39 -0600 Subject: [PATCH 2/6] adding AUDITING.md --- docs/AUDITING.md | 197 ++++++++++++++++++ .../Hats_Audit_Report_Sherlock.pdf | Bin .../TrustSecurity_HatsProtocol_v02.pdf | Bin 3 files changed, 197 insertions(+) create mode 100644 docs/AUDITING.md rename {audits => docs}/Hats_Audit_Report_Sherlock.pdf (100%) rename {audits => docs}/TrustSecurity_HatsProtocol_v02.pdf (100%) diff --git a/docs/AUDITING.md b/docs/AUDITING.md new file mode 100644 index 0000000..0965d2d --- /dev/null +++ b/docs/AUDITING.md @@ -0,0 +1,197 @@ +# HatsSignerGate v2 for auditors + +## Introduction: Hats Protocol + +[Hats Protocol](https://github.com/Hats-Protocol/hats-protocol) is a protocol for creating and managing onchain roles, aka “hats.” Organizations typically use hats to represent tasks, jobs, workstreams, teams, departments, etc. + +Hats Protocol uses a singleton (multitenant) architecture. All organizations' roles are stored in the same contract. Each organization has full control over its own roles, and no control over the roles of another organization unless explicitly granted. + +Hats are onchain objects, exposed to other contracts and offchain consumers as ERC1155 tokens. The id of a given hat is its token id. + +Within a given organization, hats form in a tree structure, with parent-child relationships. With the exception of the root of the tree (the “top hat”), hats are not transferable by the owner of the hat token (the “wearer” of the hat). + +Every hat has several key properties: + +- An admin (its parent hat, a uint), which can create new child hats, modify the properties of its children, and mint its children to accounts (“wearers”). Admins can exercise these powers transitively for all children, children’s children, etc. +- An eligibility module (address), which can a) determine which accounts are allowed to wear the hat, and b) revoke the hat from existing wearers. Eligibility modules can push such status changes to the protocol, or they can implement the IHatsEligibility interface to enable the protocol to pull wearer status from their own state. +- A toggle module (address), which can deactivate the hat. Toggle modules can push such status changes to the protocol, or they can implement the IHatsToggle interface to enable the protocol to pull hat status from their own state. +A max supply (uint32), which is the maximum number of accounts that can wear the hat. +- Mutability (bool), which determines whether or not the admin can change any of these properties. If a hat is immutable, its admins can mint it to new wearers, the eligibility module can revoke it from current wearers, and the toggle module can deactivate it, but nothing else can change. +- A details/metadata field (string) +- An image uri field (string) + +Hats can be revoked in two ways: + +1. “Statically,” resulting in the wearer’s hat token being fully burned (burn event emitted). This occurs when an eligibility module pushes an update to the protocol, as described above. +2. “Dynamically,” resulting in the wearer’s balance of the hat going to 0 but without a full burn of the token (no burn event emitted). This occurs when the protocol pulls either a) “ineligible” status from a compliant eligibility module, or b) “inactive” status from a compliant toggle module. + - Dynamic revocation is made possible by staticcalls (the “pulls”) out to the hat’s eligibility and toggle modules from within the ERC1155.balanceOf function. + - If a hat has been dynamically revoked, any account can poke the protocol to fully burn the token (burn event emitted), but this is not required for the revocation to count. The source of truth is always the balance returned by ERC1155.balanceOf. + +A given ethereum account can wear many hats, but the protocol enforces that a given account cannot have more than 1 copy of a given hat (ie no account’s balance of a given hat must always be 0 or 1). + +## Attaching Permissions to Hats + +One of the foundational use cases of hats is attaching permissions. Much like in role-based access control systems, multiple permissions can be attached to hats to make permission management easier and more efficient. + +Attaching permissions to hats works via token gating (this is one reason Hats implements the ERC1155 interface), and can include both offchain permissions (via standard token-gating techniques leveraging Sign In With Ethereum) and onchain permissions. Onchain permissioning via hats looks a lot like standard address-based permissioning in smart contracts functions (such as in OZ.Ownable, OZ.AccessControl, etc), but instead of checking whether msg.sender is authorized within the same contract, a hat-permission function checks whether msg.sender has a balance of the specific hat token. Note that this means that authorization can change without needing to interact with the target contract. + +## HatsSignerGate + +HatsSignerGate (HSG) is an adapter that enables organizations to attach Safe multisig signing permissions to hats. Wearers of a specified hat can become signers on an HSG-gated Safe, and only wearers of the specified hat can provide valid signatures when attempting to execute a multisig transaction. HSG accomplishes the former as a module enabled on the Safe, and the latter as a guard set on the Safe. + +It is designed to enable organizations to delegate operations of a Safe and the assets therein to a set of operators (“signers”) while retaining ultimate ownership of the Safe account, including who the signers are. +Security +From a security perspective, the ideal way to build such a product would be to fork the Safe contract and insert out hat-based signer management logic natively (or build an entirely new contract). Since Safe was originally designed to be controlled by a sovereign set of owners rather than a delegated set of operators, the signers on a Safe have many ways to control the Safe’s properties. In order to ensure that the Safe remains under the control of the delegating organization, there is a lot of surface area to cover. + +However, the Safe ecosystem has such strong network effects that it is worth the extra effort. The organizations that use Hats Protocol specifically want delegated Safes, not some other type of account. And they want to use the Safe-compatible apps they are already familiar with, like Safe’s own UI or others like Den. + +Therefore, the primary objective HatsSignerGate seeks to accomplish is to lock down a Safe so that its signers can use the Safe to manage its assets but not change any of its properties. Of utmost importance is that the signers not be able to jailbreak those constraints. Specifically, the signers should not be able to: +- Add or remove signers +- Change the threshold +- Disable HSG as a module on the Safe +- Remove HSG as a guard on the Safe +- Do anything else that would allow them to do 1-4. This includes: +- Enabling other modules on the Safe +- Executing delegatecalls to contracts that directly update the Safe’s state in such a way that cannot be detected by HSG’s guard functionality +- Changing the Safe singleton that provides the logic to the Safe’s proxy +- Changing the fallback handler + +> **Warning** +> These limitations must not be violated. + +## Tradeoffs and Limitations of v1 + +The contract that you are currently auditing is HSG v2. HSG v1 was developed and audited ~18 months ago. Since then, we have learned a lot about how organizations want to use it, and our understanding of the full surface area of the Safe contract has advanced. As a result, a number of limitations and sub-optimalities with v1 have surfaced which have driven us to develop v2. + +### A) Incompatibility with other Safe modules and guards + +Perhaps the biggest thing we learned from our users is that they want to use HSG with additional modules and guards such as UMA’s oSnap module, Decent’s Fractal module, OZ’s timelock guard, Gnosis Guild’s Roles Mod, Connext’s Crosschain module, etc. + +But in v1 we explicitly disabled additional modules because modules have full control over the Safe. If the signers were allowed to add a module of their choosing, they would have unmediated control over the Safe. They could change anything, including detaching HSG, which is exactly what we want to protect against. + +### B) Delegatecalls + +One of the most difficult elements of Safe to handle correctly is delegatecall. In practice, Safe makes heavy use of delegatecalls to enable common use cases like batching multiple actions and transactions, ie by delegatecalling their MultiSend library. That library does not present a security issue, but the need to allow delegatecalls does. + +If the signers were to execute a delegatecall to a contract with certain logic, they could directly update the Safe’s state, bypassing the typical Safe functions to do so. This is an issue because two of the critical types of Safe state changes we want to avoid — owners and modules — are mappings and therefore infeasible to explicitly check onchain. For example, a malicious delegatecalled contract could change the value for an address’s key in the owner mapping such that Safe’s logic would treat the address as a valid owner but not retrieve it as part of the owner linked list. The same issue exists for modules. + +### C) Updating the proxy to a malicious Safe singleton + +Also due to the need to allow arbitrary delegatecalls, the signers could update the Safe proxy to point to a different Safe singleton (aka “master copy” or “implementation”) contract that exposes sensitive functionality to an attacker. + +### D) Setting a malicious fallback handler + +Safe has a modular fallback concept that enables extensions to the Safe’s functionality via setting a fallback handler contract. The fallback handler deployed with new Safes by default, for example, is where ERC1271 compliance is implemented. In regular usage, the Safe itself (ie the signers or a module) can update the fallback handler to an arbitrary contract address. + +But if the signers (or a rogue module; see A) did this, they could gain the same unmediated access to Safe state as adding a module. + +### E) Sub-optimal gas overhead + +Some of the techniques we used to implement our desired logic and protections in v1 were not ideal, leading to what we now think is an extra 20k-40k gas cost for every transaction executed by signers. + +This is not that big of a deal on L2s, but on L1 it imposes meaningful costs on users and limits the potential market for what we’re building. + +### F) Valid threshold legibility + +HSG enables an organization to control the decision model for the delegated account. In other words, in addition to controlling who the signers are, HSG controls how many signers are needed to execute a transaction, ie the multisig threshold N. Because the Safe only validates N signatures regardless of how many are included in the signature bytes array of a multisig transaction, HSG needs to keep the Safe threshold up to date in accordance with the number of presently hat-wearing signers. But since hats can be revoked dynamically (see the Hats Protocol intro above), HSG is not always aware of such a change. This means that HSG needs to check whether each signer is still wearing the hat whenever it tries to update the Safe’s threshold, contributing to some of the gas overhead (see (E)) and otherwise increasing complexity. + +### G) Inability to remove HSG + +To give signers some form of credible expectations, we didn’t allow orgs to detach HSG from the Safe. This was a mistake, since it added significant friction when deciding whether to try HSG in the first place. + +### Implications for v2 + +For (A), we need to find a solution to this problem. Part of our ethos is a deep love for open source composability, and the HSG v1 does not meet that bar. + +Despite the vulnerabilities outlined above in (B), (C), and (D), we still consider HSG v1 sufficiently secure. They imply an assumption that the signers are semi-trusted, which today is generally the case anyways for a typical multisig within an organization. + +But we’re not satisfied with this scenario. Part of our mission is to enable organizations to delegate authorities and responsibilities to operators across the full trust spectrum. To do so for multisig signing permissions, therefore, we want to close down these vulnerabilities as best we can without harming legitimate delegated operations. + +## Differences between v1 and v2 + +Here’s what we’re changing in v2 to address the limitations described above. + +### 1) Simpler, more legible threshold logic + +HSG v2 will set the Safe’s threshold to the lower of the following: +- The number of current owners on the Safe (the number of “static signers”) +- The required number of valid signatures to execute a transaction + +Since (b) is a function of (a), this means that the threshold value set in Safe storage is independent of whether the Safe owners are wearing one of the signer Hats. As a result, unlike in v1, there will never be a discrepancy between what the Safe threshold is and what it should be. + +One tradeoff is that the threshold according to the Safe is not necessarily the same as the number of valid signatures that will be enforced by HSG. If, for example, one or more of the Safe owners has lost their Hat, its possible that the actual number of required valid signatures is lower than the threshold set in Safe storage. + +### 2) Proportional threshold option + +In addition to the absolute approach to calculating the number of required valid signatures that v1 used, v2 introduces an option to calculate the number of valid signatures proportionally. + +The absolute approach is a good fit for when the number of signers is expected to be constant over time. + +The proportional approach is a good fit for when the number of signers is expected to float up and down according to some external factor. + +Both approaches can be configured with a minimum value to ensure the desired level of safety during signer transitions. + +### 3) HSG as a Zodiac modifier + +This addresses limitation A. Any Safe modules and guards can now be used on a Safe in conjunction HSG. HSG still needs to be the sole module and guard enabled directly on the Safe, but the HSG owner can enable additional modules and guards on HSG. In other words, HSG now serves as a Zodiac modifier. + +For a guard enabled on HSG, HSG’s own guard functions will include a call to the guard. + +For a module enabled on HSG, HSG exposes its own execTransactionFromModule function that forwards the call to Safe’s execTransactionFromModule. Note that these calls are subject to the same safety checks as those initiated by the signers. + +### 4) Only allow delegatecalls to approved targets + +This addresses limitations B and C. In HSG v2, the owner can set a list of approved targets for delegatecalls. Delegatecalls to targets not on this list are rejected. + +HSG is deployed by default with Safe’s MultiSendCallOnly library for Safe versions v1.3.0 and v1.4.1. This enables batched transactions from Safe apps without any custom configuration. + +The owner is trusted to not approve malicious or unsafe contracts. For example, they should not approve the MultiSend library, since that would allow arbitrary delegatecalls. + +### 5) Prevent changes to the fallback handler + +HSG v2’s suite of safety checks prevents changes to the fallback handler. + +### 6) Leverage transient storage for gas savings + +In many of its safety checks, HSG stores a copy of Safe storage values to ensure they are not changed by a Safe transaction. In v2, this is done with transient storage for significant gas savings. + +Note that this means that HSG v2 cannot be deployed to chains that do have support for TSTORE or TLOAD (EIP 1153). + +### 7) Better reentrancy logic + +Reentrancy creates a specific type of vulnerability in HSG. To prevent Safe signers and modules from changing any Safe state, HSG temporarily stores a pre-execution copy of the values of key state (owners, threshold, tx operation, and fallback handler). If those values are manipulated by reentering the functions where they are set, the protections would break down. + +In v1, there was only one function that set these pre-execution values. In v2, there are two: i) checkTransaction, and ii) execTransactionFromModule and execTransactionFromModuleReturnData. + +In (ii), we can use a fairly standard reentrancy guard: revert if either execTransactionFromModule or execTransactionFromModuleReturnData have already been entered. Our design should allow multiple legitimate external calls to one or both functions, but disallow reentrance from within the same call that could override our copy of the Safe state. + +Since (i) is called as part of a multi-call flow originating from Safe.execTransaction, we need a slightly different approach. The goal is to ensure the checkTransaction is only called once per time that Safe.execTransaction is called. If checkTransaction is called more, our cached state could be overwritten. To do this, we use the fact that the Safe nonce increments only from within the execTransaction to calculate how many times Safe.execTransaction has been called and compare that to a count of how many times checkTransaction has been entered. + +Note that there is a relationship between (i) and (ii). We also need to ensure that (i) is not entered from within a call to (ii), and vice versa. + +### 8) Only 1 implementation: all HSGs support multiple signer hats + +To simplify the implementation, HSG v2 supports multiple signer hats. This means that all signers must register the hat with which they are claiming their signer permission. + +### 9) No max signers value + +v1 had a max signers value to ensure that there were no more than the desired number of signers. This was redundant, since the maximum could also be managed via the max supply of the signer hat(s). v2 removes this redundant requirement, simplifying some of the logic and making it easier to get started. + +### 10) Detaching and migrating + +This addresses limitation G. In v2, the owner can now detach HSG from the Safe, handing over full control over the Safe to its existing signers. + +The owner can also choose to migrate the Safe from one HSG version to another. This is useful for upgrading to a future v3 of HSG, or if the owner wants to start clean with a new instance for whatever reason. When migrating, the owner can include a list of signers to migrate. + +### 11) Locking + +In HSG v2, the owner can “lock” the HSG, disabling any further changes by the owner. This is useful for scenarios where removing all trust from the system or eliminating uncertainty is valuable. + +### 12) Claiming For +In HSG v2, the owner can optionally allow signer permissions to be claimed on behalf of accounts wearing a signer hat. This option removes the often-desired requirement for signers to opt in to the responsibility being a signer on a multisig, but adds the ability to integrate signer permissions claiming with external actions. + +### 13) No dedicated factory + +In contrast to the dedicated factory used by v1, v2 is deployed via the Zodiac Module Factory. This makes it easier to deploy HSG to new chains and will also make it easier to deploy new versions or future flavors of HSG. + +To enable paired deployment of HSG with a Safe, the Safe can optionally be deployed and configured from within HSG’s setUp function. diff --git a/audits/Hats_Audit_Report_Sherlock.pdf b/docs/Hats_Audit_Report_Sherlock.pdf similarity index 100% rename from audits/Hats_Audit_Report_Sherlock.pdf rename to docs/Hats_Audit_Report_Sherlock.pdf diff --git a/audits/TrustSecurity_HatsProtocol_v02.pdf b/docs/TrustSecurity_HatsProtocol_v02.pdf similarity index 100% rename from audits/TrustSecurity_HatsProtocol_v02.pdf rename to docs/TrustSecurity_HatsProtocol_v02.pdf From 422386962ce50464682bc3a0218a8a98bf92c3db Mon Sep 17 00:00:00 2001 From: spengrah Date: Mon, 18 Nov 2024 16:59:19 -0600 Subject: [PATCH 3/6] fmt --- README.md | 12 +++++++++++- docs/AUDITING.md | 15 +++++++++------ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b3f1ec3..0865b93 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ A) **Only valid signers can execute transactions**, i.e. only signatures made by B) **Signers cannot execute transactions that remove the constraint in (A)**. Specifically, this contract guards against signers... 1. Removing the contract as a guard on the multisig -2. Removing the contract as a module on the multisig — or removing/changing/adding any other modules, +2. Removing the contract as a module on the multisig — or removing/changing/adding any other modules 3. Changing the multisig threshold 4. Changing the multisig owners 5. Making delegatecalls to any target not approved by the owner @@ -41,17 +41,20 @@ B) **Signers cannot execute transactions that remove the constraint in (A)**. Sp Hats Signer Gate provides several ways to manage Safe signers based on their hat-wearing status: #### Claiming Signer Rights + - Individual hat wearers can claim their own signing rights via `claimSigner()` - Must be wearing a valid signer hat at time of claim - Each signer's hat ID is registered and tracked for future validation #### Claiming for Others + When enabled by the owner (`claimableFor = true`): - Anyone can claim signing rights on behalf of valid hat wearers via `claimSignerFor()` or `claimSignersFor()` - Useful for batch onboarding of signers - Prevents re-registration if signer is still wearing their currently registered hat #### Signer Removal + - Signers who no longer wear their registered hat can be removed via `removeSigner()` - Threshold automatically adjusts according to the threshold configuration - If the removed signer was the last valid signer, the contract itself becomes the sole owner @@ -61,23 +64,28 @@ When enabled by the owner (`claimableFor = true`): The threshold (number of required signatures) is managed dynamically based on the `ThresholdConfig`: #### Threshold Types + 1. **ABSOLUTE** + - Sets a fixed target number of required signatures - Example: Always require exactly 3 signatures - Bounded by min threshold and number of valid signers 2. **PROPORTIONAL** + - Sets a percentage of total signers required (in basis points) - Example: Require 51% of signers (5100 basis points) - Actual number of required signatures rounds up - Still bounded by min threshold #### Configuration Parameters + - `min`: Minimum number of required signatures (must be > 0) - `target`: Either fixed number (ABSOLUTE) or percentage in basis points (PROPORTIONAL) - `thresholdType`: ABSOLUTE (0) or PROPORTIONAL (1) The Safe's threshold is automatically adjusted when: + - New signers are added - Existing signers are removed - Threshold configuration is changed @@ -87,6 +95,7 @@ The Safe's threshold is automatically adjusted when: HSG restricts delegatecalls to protect the Safe from unauthorized modifications. Only approved targets can receive delegatecalls. #### Default Enabled Targets + The following MultiSend libraries are enabled by default: | Address | Version | Type | @@ -98,6 +107,7 @@ The following MultiSend libraries are enabled by default: See [safe-deployments](https://github.com/safe-global/safe-deployments/tree/main/src/assets) for more information. #### Security Considerations + - Delegatecalls can modify Safe state if not properly restricted - HSG validates that approved delegatecalls don't modify critical Safe parameters - Direct calls to the Safe are always prohibited diff --git a/docs/AUDITING.md b/docs/AUDITING.md index 0965d2d..fe6611f 100644 --- a/docs/AUDITING.md +++ b/docs/AUDITING.md @@ -46,15 +46,16 @@ From a security perspective, the ideal way to build such a product would be to f However, the Safe ecosystem has such strong network effects that it is worth the extra effort. The organizations that use Hats Protocol specifically want delegated Safes, not some other type of account. And they want to use the Safe-compatible apps they are already familiar with, like Safe’s own UI or others like Den. Therefore, the primary objective HatsSignerGate seeks to accomplish is to lock down a Safe so that its signers can use the Safe to manage its assets but not change any of its properties. Of utmost importance is that the signers not be able to jailbreak those constraints. Specifically, the signers should not be able to: + - Add or remove signers - Change the threshold - Disable HSG as a module on the Safe - Remove HSG as a guard on the Safe - Do anything else that would allow them to do 1-4. This includes: -- Enabling other modules on the Safe -- Executing delegatecalls to contracts that directly update the Safe’s state in such a way that cannot be detected by HSG’s guard functionality -- Changing the Safe singleton that provides the logic to the Safe’s proxy -- Changing the fallback handler + - Enabling other modules on the Safe + - Executing delegatecalls to contracts that directly update the Safe's state in such a way that cannot be detected by HSG's guard functionality + - Changing the Safe singleton that provides the logic to the Safe's proxy + - Changing the fallback handler > **Warning** > These limitations must not be violated. @@ -113,8 +114,9 @@ Here’s what we’re changing in v2 to address the limitations described above. ### 1) Simpler, more legible threshold logic -HSG v2 will set the Safe’s threshold to the lower of the following: -- The number of current owners on the Safe (the number of “static signers”) +HSG v2 will set the Safe's threshold to the lower of the following: + +- The number of current owners on the Safe (the number of "static signers") - The required number of valid signatures to execute a transaction Since (b) is a function of (a), this means that the threshold value set in Safe storage is independent of whether the Safe owners are wearing one of the signer Hats. As a result, unlike in v1, there will never be a discrepancy between what the Safe threshold is and what it should be. @@ -188,6 +190,7 @@ The owner can also choose to migrate the Safe from one HSG version to another. T In HSG v2, the owner can “lock” the HSG, disabling any further changes by the owner. This is useful for scenarios where removing all trust from the system or eliminating uncertainty is valuable. ### 12) Claiming For + In HSG v2, the owner can optionally allow signer permissions to be claimed on behalf of accounts wearing a signer hat. This option removes the often-desired requirement for signers to opt in to the responsibility being a signer on a multisig, but adds the ability to integrate signer permissions claiming with external actions. ### 13) No dedicated factory From f4a2b6f7b92e920519e72756c0486352413e4b0c Mon Sep 17 00:00:00 2001 From: spengrah Date: Mon, 18 Nov 2024 17:01:23 -0600 Subject: [PATCH 4/6] fmt --- README.md | 1 + docs/AUDITING.md | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0865b93..dc1d189 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ Hats Signer Gate provides several ways to manage Safe signers based on their hat #### Claiming for Others When enabled by the owner (`claimableFor = true`): + - Anyone can claim signing rights on behalf of valid hat wearers via `claimSignerFor()` or `claimSignersFor()` - Useful for batch onboarding of signers - Prevents re-registration if signer is still wearing their currently registered hat diff --git a/docs/AUDITING.md b/docs/AUDITING.md index fe6611f..21d2554 100644 --- a/docs/AUDITING.md +++ b/docs/AUDITING.md @@ -112,7 +112,7 @@ But we’re not satisfied with this scenario. Part of our mission is to enable o Here’s what we’re changing in v2 to address the limitations described above. -### 1) Simpler, more legible threshold logic +### 1) Simpler, more legible threshold logic HSG v2 will set the Safe's threshold to the lower of the following: @@ -123,7 +123,7 @@ Since (b) is a function of (a), this means that the threshold value set in Safe One tradeoff is that the threshold according to the Safe is not necessarily the same as the number of valid signatures that will be enforced by HSG. If, for example, one or more of the Safe owners has lost their Hat, its possible that the actual number of required valid signatures is lower than the threshold set in Safe storage. -### 2) Proportional threshold option +### 2) Proportional threshold option In addition to the absolute approach to calculating the number of required valid signatures that v1 used, v2 introduces an option to calculate the number of valid signatures proportionally. @@ -133,7 +133,7 @@ The proportional approach is a good fit for when the number of signers is expect Both approaches can be configured with a minimum value to ensure the desired level of safety during signer transitions. -### 3) HSG as a Zodiac modifier +### 3) HSG as a Zodiac modifier This addresses limitation A. Any Safe modules and guards can now be used on a Safe in conjunction HSG. HSG still needs to be the sole module and guard enabled directly on the Safe, but the HSG owner can enable additional modules and guards on HSG. In other words, HSG now serves as a Zodiac modifier. @@ -171,7 +171,7 @@ Since (i) is called as part of a multi-call flow originating from Safe.execTrans Note that there is a relationship between (i) and (ii). We also need to ensure that (i) is not entered from within a call to (ii), and vice versa. -### 8) Only 1 implementation: all HSGs support multiple signer hats +### 8) Only 1 implementation: all HSGs support multiple signer hats To simplify the implementation, HSG v2 supports multiple signer hats. This means that all signers must register the hat with which they are claiming their signer permission. From 447f6264f9b0ecce01ede764dff0855ee64ce0ea Mon Sep 17 00:00:00 2001 From: spengrah Date: Mon, 18 Nov 2024 17:02:52 -0600 Subject: [PATCH 5/6] fmt --- README.md | 3 --- docs/AUDITING.md | 8 ++++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index dc1d189..0a32024 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,6 @@ B) **Signers cannot execute transactions that remove the constraint in (A)**. Sp 4. Changing the multisig owners 5. Making delegatecalls to any target not approved by the owner - > **Warning** > Protections against (3) and (4) above only hold if the Safe does not have any authority over the signer Hat(s). If it does — e.g. it wears an admin Hat of the signer Hat(s) or is an eligibility or toggle module on the signer Hat(s) — then in some cases the signers may be able to change the multisig threshold or owners. > @@ -148,5 +147,3 @@ v2 — the present version — of this project will be audited soon. ### Recent Deployments See [Releases](https://github.com/Hats-Protocol/hats-zodiac/releases) for deployments. Specific deployment parameters are [stored here](./script/DeployParams.json). - - diff --git a/docs/AUDITING.md b/docs/AUDITING.md index 21d2554..8ea0f70 100644 --- a/docs/AUDITING.md +++ b/docs/AUDITING.md @@ -66,13 +66,13 @@ The contract that you are currently auditing is HSG v2. HSG v1 was developed and ### A) Incompatibility with other Safe modules and guards -Perhaps the biggest thing we learned from our users is that they want to use HSG with additional modules and guards such as UMA’s oSnap module, Decent’s Fractal module, OZ’s timelock guard, Gnosis Guild’s Roles Mod, Connext’s Crosschain module, etc. +Perhaps the biggest thing we learned from our users is that they want to use HSG with additional modules and guards such as UMA’s oSnap module, Decent’s Fractal module, OZ’s timelock guard, Gnosis Guild’s Roles Mod, Connext’s Crosschain module, etc. But in v1 we explicitly disabled additional modules because modules have full control over the Safe. If the signers were allowed to add a module of their choosing, they would have unmediated control over the Safe. They could change anything, including detaching HSG, which is exactly what we want to protect against. ### B) Delegatecalls -One of the most difficult elements of Safe to handle correctly is delegatecall. In practice, Safe makes heavy use of delegatecalls to enable common use cases like batching multiple actions and transactions, ie by delegatecalling their MultiSend library. That library does not present a security issue, but the need to allow delegatecalls does. +One of the most difficult elements of Safe to handle correctly is delegatecall. In practice, Safe makes heavy use of delegatecalls to enable common use cases like batching multiple actions and transactions, ie by delegatecalling their MultiSend library. That library does not present a security issue, but the need to allow delegatecalls does. If the signers were to execute a delegatecall to a contract with certain logic, they could directly update the Safe’s state, bypassing the typical Safe functions to do so. This is an issue because two of the critical types of Safe state changes we want to avoid — owners and modules — are mappings and therefore infeasible to explicitly check onchain. For example, a malicious delegatecalled contract could change the value for an address’s key in the owner mapping such that Safe’s logic would treat the address as a valid owner but not retrieve it as part of the owner linked list. The same issue exists for modules. @@ -104,7 +104,7 @@ To give signers some form of credible expectations, we didn’t allow orgs to de For (A), we need to find a solution to this problem. Part of our ethos is a deep love for open source composability, and the HSG v1 does not meet that bar. -Despite the vulnerabilities outlined above in (B), (C), and (D), we still consider HSG v1 sufficiently secure. They imply an assumption that the signers are semi-trusted, which today is generally the case anyways for a typical multisig within an organization. +Despite the vulnerabilities outlined above in (B), (C), and (D), we still consider HSG v1 sufficiently secure. They imply an assumption that the signers are semi-trusted, which today is generally the case anyways for a typical multisig within an organization. But we’re not satisfied with this scenario. Part of our mission is to enable organizations to delegate authorities and responsibilities to operators across the full trust spectrum. To do so for multisig signing permissions, therefore, we want to close down these vulnerabilities as best we can without harming legitimate delegated operations. @@ -125,7 +125,7 @@ One tradeoff is that the threshold according to the Safe is not necessarily the ### 2) Proportional threshold option -In addition to the absolute approach to calculating the number of required valid signatures that v1 used, v2 introduces an option to calculate the number of valid signatures proportionally. +In addition to the absolute approach to calculating the number of required valid signatures that v1 used, v2 introduces an option to calculate the number of valid signatures proportionally. The absolute approach is a good fit for when the number of signers is expected to be constant over time. From 0c4a342cac5cb2326d7e888e97931aa18226f6b4 Mon Sep 17 00:00:00 2001 From: spengrah Date: Mon, 18 Nov 2024 17:05:25 -0600 Subject: [PATCH 6/6] gas report and coverage --- gasreport.ansi | 540 +++++++++++------ lcov.info | 1576 ++++++++++++++++++++++++------------------------ 2 files changed, 1154 insertions(+), 962 deletions(-) diff --git a/gasreport.ansi b/gasreport.ansi index 1d79846..188a639 100644 --- a/gasreport.ansi +++ b/gasreport.ansi @@ -1,207 +1,385 @@ No files changed, compilation skipped -Ran 1 test for test/HatsSignerGate.t.sol:EnablingHSGModules -[PASS] test_happy() (gas: 92418) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.47s (103.95ms CPU time) - -Ran 2 tests for test/HatsSignerGate.t.sol:GuardFunctionAuth -[PASS] testCannotCallCheckAfterExecutionFromNonSafe() (gas: 34650) -[PASS] testCannotCallCheckTransactionFromNonSafe() (gas: 38347) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 2.59s (255.40ms CPU time) - -Ran 2 tests for test/HatsSignerGate.t.sol:SettingHSGGuard -[PASS] test_happy() (gas: 90136) -[PASS] test_removeGuard() (gas: 64280) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 2.66s (276.58ms CPU time) - -Ran 1 test for test/HatsSignerGate.t.sol:DisablingDelegatecallTargets -[PASS] test_happy() (gas: 60708) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.66s (75.65ms CPU time) - -Ran 2 tests for test/HatsSignerGate.t.sol:ExecutingFromModuleReturnDataViaHSG -[PASS] test_happy_executionFailure() (gas: 67145) -[PASS] test_happy_executionSuccess() (gas: 104412) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 2.66s (196.83ms CPU time) - -Ran 2 tests for test/HatsSignerGate.t.sol:ClaimingSignerFor -[PASS] test_happy() (gas: 308644) -[PASS] test_happy_alreadyOwnerNotRegistered() (gas: 345641) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 2.85s (492.33ms CPU time) +Ran 2 tests for test/HatsSignerGate.internals.t.sol:AuthInternals +[PASS] test_happy_checkOwner() (gas: 34286) +[PASS] test_happy_checkUnlocked() (gas: 10262) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 1.77s (406.21µs CPU time) Ran 1 test for test/HatsSignerGate.t.sol:DetachingHSG -[PASS] test_happy() (gas: 89694) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.01s (110.07ms CPU time) +[PASS] test_happy_detachHSG() (gas: 218630) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.89s (136.84ms CPU time) -Ran 1 test for test/HatsSignerGate.t.sol:SettingOwnerHat -[PASS] test_happy() (gas: 65577) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.20s (108.56ms CPU time) +Ran 2 tests for test/HatsSignerGate.moduleTxs.sol:ExecutingFromModuleViaHSG +[PASS] test_happy_executionFailure() (gas: 66230) +[PASS] test_happy_executionSuccess() (gas: 103519) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 1.97s (80.78ms CPU time) + +Ran 1 test for test/HatsSignerGate.signerTxs.sol:HSGGuarding +[PASS] test_executed() (gas: 433155) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.56s (54.93ms CPU time) + +Ran 7 tests for test/HatsSignerGate.signerTxs.sol:ConstrainingSigners +[PASS] testCannotDecreaseThreshold() (gas: 1092698) +[PASS] testCannotDisableGuard() (gas: 858428) +[PASS] testCannotDisableModule() (gas: 877441) +[PASS] testCannotIncreaseThreshold() (gas: 1092686) +[PASS] testSignersCannotAddOwners() (gas: 1126662) +[PASS] testSignersCannotRemoveOwners() (gas: 1109093) +[PASS] testSignersCannotSwapOwners() (gas: 1131591) +Suite result: ok. 7 passed; 0 failed; 0 skipped; finished in 4.31s (2.56s CPU time) + +Ran 7 tests for test/HatsSignerGate.signerTxs.sol:ExecutingTransactions +[PASS] testExecByLessThanMinThresholdReverts() (gas: 877579) +[PASS] testExecTxByHatWearers() (gas: 1203260) +[PASS] testExecTxByNonHatWearersReverts() (gas: 1230247) +[PASS] testExecTxByTooFewOwnersReverts() (gas: 458838) +[PASS] test_Multi_ExecTxByHatWearers() (gas: 1231547) +[PASS] test_Multi_ExecTxByNonHatWearersReverts() (gas: 1260795) +[PASS] test_happy_delegateCall() (gas: 1272654) +Suite result: ok. 7 passed; 0 failed; 0 skipped; finished in 4.45s (2.70s CPU time) + +Ran 8 tests for test/HatsSignerGate.attacks.t.sol:AttacksScenarios +[PASS] testAttackerCannotExploitSigHandlingDifferences() (gas: 1576164) +[PASS] testCanClaimToReplaceInvalidSignerAtMaxSigner() (gas: 1460066) +[PASS] testRemoveSignerCorrectlyUpdates() (gas: 1427846) +[PASS] testSetTargetThresholdCannotSetBelowMinThreshold() (gas: 68793) +[PASS] testSetTargetThresholdUpdatesThresholdCorrectly() (gas: 1393389) +[PASS] testSignersCannotAddNewModules() (gas: 896764) +[PASS] testSignersCannotReenterCheckTransactionToAddOwners() (gas: 1250647) +[PASS] testTargetSigAttackFails() (gas: 1871128) +Suite result: ok. 8 passed; 0 failed; 0 skipped; finished in 6.41s (4.65s CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:CheckAfterExecution +[PASS] test_happy_checkAfterExecution(bytes32,bool) (runs: 256, μ: 59484, ~: 59606) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 16.22s (14.45s CPU time) + +Ran 2 tests for test/HatsSignerGate.t.sol:CheckTransaction +[PASS] test_delegatecallTargetEnabled() (gas: 337618) +[PASS] test_happy_checkTransaction_callToNonSafe(uint256) (runs: 256, μ: 190169, ~: 190170) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 16.71s (14.70s CPU time) + +Ran 3 tests for test/HatsSignerGate.internals.t.sol:TransactionValidationInternals +[FAIL: CannotChangeThreshold()] test_checkSafeState() (gas: 112477) +[PASS] test_fuzz_checkModuleTransaction_callToNonSafeTarget(uint8) (runs: 256, μ: 40102, ~: 40103) +[FAIL: the existing owners hash should be unchanged: 0x0000000000000000000000000000000000000000000000000000000000000000 != 0xdec22d665cd8a5d6a8e2fb5e36109e7c69a9fde85d7436b5081a9c4cc04c0d29; counterexample: calldata=0x9d37a228000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000079e8 args=[8, 1, 5, 3, 31208 [3.12e4]]] test_fuzz_checkModuleTransaction_delegatecallToApprovedTarget(uint8,uint8,uint8,uint8,uint16) (runs: 0, μ: 0, ~: 0) +Suite result: FAILED. 1 passed; 2 failed; 0 skipped; finished in 16.41s (14.91s CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:AddingSignerHats +[PASS] test_fuzz_happy_addSignerHats(uint8) (runs: 256, μ: 616786, ~: 480218) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 30.96s (29.49s CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:DisablingDelegatecallTarget +[PASS] test_fuzz_happy_disableDelegatecallTarget(uint256) (runs: 256, μ: 264260, ~: 264348) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 45.24s (43.95s CPU time) + +Ran 8 tests for test/HatsSignerGate.internals.t.sol:OwnerSettingsInternals +[PASS] test_addSignerHats_duplicateHats() (gas: 62732) +[PASS] test_addSignerHats_emptyArray() (gas: 35944) +[PASS] test_fuzz_addSignerHats(uint8) (runs: 256, μ: 453318, ~: 330467) +[PASS] test_fuzz_setClaimableFor(bool) (runs: 256, μ: 40112, ~: 41497) +[PASS] test_fuzz_setDelegatecallTarget(uint256,bool) (runs: 256, μ: 90055, ~: 93244) +[PASS] test_fuzz_setOwnerHat(uint256) (runs: 257, μ: 41211, ~: 41328) +[PASS] test_fuzz_setThresholdConfig_valid(uint8,uint120,uint120) (runs: 256, μ: 47369, ~: 47380) +[PASS] test_lock() (gas: 39277) +Suite result: ok. 8 passed; 0 failed; 0 skipped; finished in 60.59s (88.57s CPU time) -Ran 1 test for test/HatsSignerGate.t.sol:DisablingHSGModules -[PASS] test_happy() (gas: 66051) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.12s (118.83ms CPU time) +Ran 2 tests for test/HatsSignerGate.moduleTxs.sol:ExecutingFromModuleReturnDataViaHSG +[PASS] test_happy_executionFailure() (gas: 67690) +[PASS] test_happy_executionSuccess() (gas: 104979) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 1.66s (119.46ms CPU time) -Ran 2 tests for test/HatsSignerGate.t.sol:ExecutingFromModuleViaHSG -[PASS] test_happy_executionFailure() (gas: 65685) -[PASS] test_happy_executionSuccess() (gas: 102952) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 2.25s (127.77ms CPU time) +Ran 2 tests for test/HatsSignerGate.internals.t.sol:RegisterSignerInternals +[PASS] test_fuzz_happy_registerSigner_allowRegistration(uint256,uint8) (runs: 256, μ: 129332, ~: 129317) +[PASS] test_fuzz_happy_registerSigner_disallowRegistration(uint256,uint8,uint256) (runs: 256, μ: 204740, ~: 204753) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 74.63s (72.86s CPU time) + +Ran 2 tests for test/HatsSignerGate.t.sol:DisablingModule +[PASS] test_happy_disableModule(uint256) (runs: 257, μ: 274605, ~: 274731) +[PASS] test_happy_disableModule_twoModules(uint256) (runs: 257, μ: 352851, ~: 352979) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 104.29s (102.72s CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:EnablingDelegatecallTarget +[PASS] test_fuzz_happy_enableDelegatecallTarget(uint256) (runs: 257, μ: 216595, ~: 216682) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 30.73s (29.27s CPU time) + +Ran 3 tests for test/HatsSignerGate.t.sol:ClaimingSignerFor +[PASS] test_alreadyOwner_notRegistered(uint256) (runs: 256, μ: 339864, ~: 339866) +[PASS] test_alreadyRegistered_notWearingRegisteredHat(uint256) (runs: 257, μ: 516046, ~: 516050) +[PASS] test_happy_claimSignerFor(uint256) (runs: 257, μ: 313371, ~: 313373) +Suite result: ok. 3 passed; 0 failed; 0 skipped; finished in 192.40s (190.99s CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:EnablingModule +[PASS] test_happy_enableModule(uint256) (runs: 257, μ: 221590, ~: 221661) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 30.89s (29.40s CPU time) + +Ran 8 tests for test/SafeManagerLib.t.sol:SafeManagerLib_EncodingActions +[PASS] test_fuzz_encodeAddOwnerWithThresholdAction(address,uint256) (runs: 257, μ: 4043, ~: 4043) +[PASS] test_fuzz_encodeChangeThresholdAction(uint256) (runs: 257, μ: 3874, ~: 3874) +[PASS] test_fuzz_encodeDisableModuleAction(address,address) (runs: 257, μ: 4161, ~: 4161) +[PASS] test_fuzz_encodeEnableModuleAction(address) (runs: 257, μ: 3958, ~: 3958) +[PASS] test_fuzz_encodeRemoveHSGAsGuardAction() (gas: 3810) +[PASS] test_fuzz_encodeRemoveOwnerAction(address,address,uint256) (runs: 257, μ: 4245, ~: 4245) +[PASS] test_fuzz_encodeSetGuardAction(address) (runs: 257, μ: 4002, ~: 4002) +[PASS] test_fuzz_encodeSwapOwnerAction(address,address,address) (runs: 257, μ: 4245, ~: 4245) +Suite result: ok. 8 passed; 0 failed; 0 skipped; finished in 20.45ms (20.37ms CPU time) Ran 1 test for test/HatsSignerGate.t.sol:HSGGuarding -[PASS] test_executed() (gas: 430670) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.38s (57.56ms CPU time) - -Ran 4 tests for test/HatsSignerGate.t.sol:ClaimingSigners -[PASS] test_canClaim_alreadyOwner() (gas: 546063) -[PASS] test_happy() (gas: 252843) -[PASS] test_signerCanReregister_differentHat() (gas: 477490) -[PASS] test_signerCanReregister_sameHat() (gas: 303397) -Suite result: ok. 4 passed; 0 failed; 0 skipped; finished in 3.13s (1.42s CPU time) - -Ran 7 tests for test/HatsSignerGate.t.sol:ConstrainingSigners -[PASS] testCannotDecreaseThreshold() (gas: 1085410) -[PASS] testCannotDisableGuard() (gas: 851057) -[PASS] testCannotDisableModule() (gas: 867539) -[PASS] testCannotIncreaseThreshold() (gas: 1085420) -[PASS] testSignersCannotAddOwners() (gas: 1119396) -[PASS] testSignersCannotRemoveOwners() (gas: 1101827) -[PASS] testSignersCannotSwapOwners() (gas: 1124303) -Suite result: ok. 7 passed; 0 failed; 0 skipped; finished in 6.56s (4.26s CPU time) - -Ran 1 test for test/HatsSignerGate.t.sol:EnablingDelegatecallTargets -[PASS] test_happy() (gas: 87430) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.81s (104.78ms CPU time) - -Ran 7 tests for test/HatsSignerGate.t.sol:ExecutingTransactions -[PASS] testExecByLessThanMinThresholdReverts() (gas: 874469) -[PASS] testExecTxByHatWearers() (gas: 1201068) -[PASS] testExecTxByNonHatWearersReverts() (gas: 1227316) -[PASS] testExecTxByTooFewOwnersReverts() (gas: 455664) -[PASS] test_Multi_ExecTxByHatWearers() (gas: 1218611) -[PASS] test_Multi_ExecTxByNonHatWearersReverts() (gas: 1247092) -[PASS] test_happy_delegateCall() (gas: 1243356) -Suite result: ok. 7 passed; 0 failed; 0 skipped; finished in 6.77s (4.41s CPU time) - -Ran 6 tests for test/HatsSignerGate.t.sol:RemovingSigners -[PASS] testCanRemoveInvalidSigner1() (gas: 388175) -[PASS] testCanRemoveInvalidSignerWhenMultipleSigners() (gas: 603735) -[PASS] testCannotRemoveValidSigner() (gas: 307686) -[PASS] testValidSignerCanClaimAfterPrevRemoved() (gas: 597617) -[PASS] test_Multi_CanRemoveInvalidSigner1() (gas: 397447) -[PASS] test_Multi_CannotRemoveValidSigner() (gas: 316924) -Suite result: ok. 6 passed; 0 failed; 0 skipped; finished in 4.03s (2.51s CPU time) - -Ran 3 tests for test/HatsSignerGate.t.sol:AddingSignerHats -[PASS] test_Multi_NonOwnerCannotAddSignerHats() (gas: 58954) -[PASS] test_Multi_OwnerCanAddSignerHats(uint256) (runs: 256, μ: 368974, ~: 108996) -[PASS] test_Multi_OwnerCanAddSignerHats1() (gas: 85612) -Suite result: ok. 3 passed; 0 failed; 0 skipped; finished in 23.64s (21.44s CPU time) +[PASS] test_executed() (gas: 433155) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.86s (57.34ms CPU time) + +Ran 3 tests for test/HatsSignerGate.t.sol:ImplementationDeployment +[PASS] test_constructorArgs() (gas: 21832) +[PASS] test_ownerHat() (gas: 10491) +[PASS] test_version() (gas: 9360) +Suite result: ok. 3 passed; 0 failed; 0 skipped; finished in 1.22s (169.08µs CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:RemovingSigner +[PASS] test_happy_removeSigner(uint256) (runs: 257, μ: 374906, ~: 374908) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 60.49s (59.04s CPU time) + +Ran 2 tests for test/HatsSignerGate.internals.t.sol:RemovingSignerInternals +[PASS] test_fuzz_removeSigner(uint8) (runs: 257, μ: 1832737, ~: 1302599) +[PASS] test_fuzz_removeSigner_lastSigner(uint8) (runs: 257, μ: 181697, ~: 181698) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 195.77s (223.84s CPU time) + +Ran 4 tests for test/HatsSignerGate.internals.t.sol:AddingSignerInternals +[PASS] test_fuzz_addSigner_alreadySigner(uint8) (runs: 256, μ: 141828, ~: 141830) +[PASS] test_fuzz_addSigner_firstSigner(uint8) (runs: 256, μ: 99003, ~: 99004) +[PASS] test_fuzz_addSigner_happy(uint8,uint8) (runs: 256, μ: 1408363, ~: 808540) +[PASS] test_fuzz_addSigner_secondSigner_notSigner(uint8,uint8) (runs: 256, μ: 203119, ~: 203121) +Suite result: ok. 4 passed; 0 failed; 0 skipped; finished in 241.29s (228.01s CPU time) + +Ran 1 test for test/SafeManagerLib.t.sol:SafeManagerLib_DeployingSafeAndAttachingHSG +[PASS] test_deploySafeAndAttachHSG() (gas: 6646719) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.34s (119.20ms CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:Locking +[PASS] test_happy_lock() (gas: 193172) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.59s (114.55ms CPU time) + +Ran 6 tests for test/SafeManagerLib.t.sol:SafeManagerLib_Views +[PASS] test_canAttachHSG_false() (gas: 19652) +[PASS] test_canAttachHSG_true() (gas: 275125) +[PASS] test_findPrevOwner() (gas: 5505190) +[PASS] test_getModulesWith1() (gas: 23225) +[PASS] test_getSafeFallbackHandler() (gas: 1983153) +[PASS] test_getSafeGuard() (gas: 18976) +Suite result: ok. 6 passed; 0 failed; 0 skipped; finished in 6.32s (4.78s CPU time) Ran 1 test for test/HatsSignerGate.t.sol:SettingClaimableFor -[PASS] test_happy(bool) (runs: 256, μ: 63876, ~: 65261) -Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 20.83s (18.93s CPU time) +[PASS] test_fuzz_happy_setClaimableFor(bool) (runs: 257, μ: 192806, ~: 194185) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 30.92s (29.45s CPU time) -Ran 2 tests for test/HatsSignerGate.t.sol:Deployment -[PASS] test_andSafe(bool,bool) (runs: 256, μ: 3068525, ~: 3073633) -[PASS] test_onlyHSG(bool,bool) (runs: 256, μ: 2991895, ~: 2991406) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 82.03s (141.10s CPU time) +Ran 1 test for test/HatsSignerGate.t.sol:SettingGuard +[PASS] test_happy_setGuard(uint256) (runs: 257, μ: 269446, ~: 269446) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 45.35s (43.89s CPU time) -Ran 8 tests for test/HatsSignerGate.attacks.t.sol:AttacksScenarios -[PASS] testAttackerCannotExploitSigHandlingDifferences() (gas: 1573312) -[PASS] testCanClaimToReplaceInvalidSignerAtMaxSigner() (gas: 1460709) -[PASS] testRemoveSignerCorrectlyUpdates() (gas: 1428493) -[PASS] testSetTargetThresholdCannotSetBelowMinThreshold() (gas: 68756) -[PASS] testSetTargetThresholdUpdatesThresholdCorrectly() (gas: 1393888) -[PASS] testSignersCannotAddNewModules() (gas: 886851) -[PASS] testSignersCannotReenterCheckTransactionToAddOwners() (gas: 1268236) -[PASS] testTargetSigAttackFails() (gas: 1871684) -Suite result: ok. 8 passed; 0 failed; 0 skipped; finished in 113.67s (8.00s CPU time) - -Ran 2 tests for test/HatsSignerGate.t.sol:MigratingHSG -[PASS] test_happy_claimableFor_signersToMigrate(uint256) (runs: 256, μ: 1578554, ~: 1349027) -[PASS] test_happy_noSignersToMigrate() (gas: 152036) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 135.91s (133.43s CPU time) - -Ran 4 tests for test/HatsSignerGate.t.sol:AddingSigners -[PASS] testAddSingleSigner() (gas: 260816) -[PASS] testAddThreeSigners() (gas: 733846) -[PASS] test_Multi_AddSingleSigner() (gas: 266758) -[PASS] test_Multi_AddTwoSigners_DifferentHats() (gas: 506348) -Suite result: ok. 4 passed; 0 failed; 0 skipped; finished in 131.77s (1.50s CPU time) - -Ran 2 tests for test/HatsSignerGate.t.sol:SettingThresholdConfig -[PASS] test_happy_absolute(uint120,uint120,uint256) (runs: 256, μ: 1330014, ~: 1282861) -[PASS] test_happy_proportional(uint120,uint120,uint256) (runs: 256, μ: 1352524, ~: 1285077) -Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 132.01s (257.83s CPU time) +Ran 5 tests for test/HatsSignerGate.t.sol:ClaimingSigner +[PASS] test_fuzz_claimSigner_alreadyRegistered_differentHats(uint256) (runs: 256, μ: 412549, ~: 412551) +[PASS] test_fuzz_claimSigner_alreadyRegistered_sameHat(uint256) (runs: 257, μ: 316165, ~: 316166) +[PASS] test_fuzz_claimSigner_notRegistered_onSafe(uint256) (runs: 257, μ: 280189, ~: 280191) +[PASS] test_fuzz_happy_claimSigner(uint256) (runs: 201, μ: 253702, ~: 253703) +[PASS] test_fuzz_multipleSigners_multipleHats(uint256,uint256) (runs: 257, μ: 1344961, ~: 1322429) +Suite result: ok. 5 passed; 0 failed; 0 skipped; finished in 301.57s (330.81s CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:SettingOwnerHat +[PASS] test_fuzz_happy_setOwnerHat(uint256) (runs: 257, μ: 193841, ~: 193956) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 30.47s (28.98s CPU time) + +Ran 1 test for test/HatsSignerGate.t.sol:SettingThresholdConfig +[PASS] test_fuzz_happy_setThresholdConfig(uint8,uint8,uint16) (runs: 257, μ: 235554, ~: 235551) +Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 27.25s (25.79s CPU time) + +Ran 2 tests for test/HatsSignerGate.t.sol:InstanceDeployment +[PASS] test_initialParams_existingSafe(bool,bool) (runs: 257, μ: 3249682, ~: 3249191) +[PASS] test_initialParams_newSafe(bool,bool) (runs: 257, μ: 3326320, ~: 3331405) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 101.87s (131.89s CPU time) + +Ran 8 tests for test/HatsSignerGate.internals.t.sol:ViewInternals +[PASS] test_fuzz_countValidSigners(uint8) (runs: 257, μ: 1659436, ~: 1265024) +[PASS] test_fuzz_getNewThreshold(uint8,uint8,uint16,uint16) (runs: 257, μ: 52657, ~: 52703) +[PASS] test_fuzz_getNewThreshold_exceedsOwnerCount(uint8,uint8,uint16) (runs: 257, μ: 51144, ~: 51139) +[PASS] test_fuzz_getRequiredValidSignatures_absolute(uint8,uint16,uint16) (runs: 257, μ: 49366, ~: 49313) +[PASS] test_fuzz_getRequiredValidSignatures_absolute_ownerCountIsMin(uint8,uint16) (runs: 257, μ: 49262, ~: 49131) +[PASS] test_fuzz_getRequiredValidSignatures_absolute_targetOwnerCount(uint8,uint16) (runs: 257, μ: 49328, ~: 49197) +[PASS] test_fuzz_getRequiredValidSignatures_ownerCountLtMin(uint8,uint8,uint16) (runs: 257, μ: 51126, ~: 51121) +[PASS] test_fuzz_getRequiredValidSignatures_proportional(uint8,uint16,uint16) (runs: 257, μ: 51158, ~: 50999) +Suite result: ok. 8 passed; 0 failed; 0 skipped; finished in 316.08s (417.47s CPU time) + +Ran 3 tests for test/HatsSignerGate.t.sol:Views +[PASS] test_false_canAttachToSafe(uint256) (runs: 257, μ: 813627, ~: 813628) +[PASS] test_fuzz_canAttachToSafe() (gas: 751870) +[PASS] test_fuzz_validSignerCount(uint256) (runs: 257, μ: 2528957, ~: 2676120) +Suite result: ok. 3 passed; 0 failed; 0 skipped; finished in 217.03s (215.50s CPU time) + +Ran 2 tests for test/HatsSignerGate.t.sol:MigratingToNewHSG +[PASS] test_happy_noSignersToMigrate() (gas: 280867) +[PASS] test_happy_signersToMigrate(uint256) (runs: 257, μ: 3313913, ~: 3217606) +Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 185.09s (183.39s CPU time) Ran 3 tests for test/HatsSignerGate.t.sol:ClaimingSignersFor -[PASS] test_alreadyOwnerNotRegistered_happy(uint256) (runs: 256, μ: 1161284, ~: 972352) -[PASS] test_startingEmpty_happy(uint256) (runs: 256, μ: 982548, ~: 828275) -[PASS] test_startingWith1Signer_happy(uint256) (runs: 256, μ: 1056861, ~: 905259) -Suite result: ok. 3 passed; 0 failed; 0 skipped; finished in 133.68s (335.05s CPU time) +[PASS] test_alreadyOwnerNotRegistered_happy(uint256) (runs: 257, μ: 2081673, ~: 1980770) +[PASS] test_startingEmpty_happy(uint256) (runs: 257, μ: 1752542, ~: 1670221) +[PASS] test_startingWith1Signer_happy(uint256) (runs: 257, μ: 1826677, ~: 1746526) +Suite result: ok. 3 passed; 0 failed; 0 skipped; finished in 327.07s (521.47s CPU time) + +Ran 6 tests for test/SafeManagerLib.t.sol:SafeManagerLib_ExecutingActions +[PASS] test_execAttachNewHSG() (gas: 108422) +[PASS] test_execDisableHSGAsOnlyModule() (gas: 58646) +[PASS] test_execRemoveHSGAsGuard() (gas: 51239) +[PASS] test_fuzz_execChangeThreshold(uint256) (runs: 257, μ: 1860772, ~: 2116033) +[PASS] test_fuzz_execDisableHSGAsModule(uint256) (runs: 257, μ: 1493220, ~: 1412971) +[PASS] test_fuzz_fail_execChangeThreshold_tooHigh(uint256) (runs: 257, μ: 1583090, ~: 1582366) +Suite result: ok. 6 passed; 0 failed; 0 skipped; finished in 238.53s (528.72s CPU time) + +Ran 4 tests for test/HatsSignerGate.internals.t.sol:CountingValidSignaturesInternals +[PASS] test_fuzz_countValidSignatures_approvedHash(uint256) (runs: 256, μ: 1090712, ~: 1067058) +[PASS] test_fuzz_countValidSignatures_contractSignature(uint256) (runs: 257, μ: 1091265, ~: 1066879) +[PASS] test_fuzz_countValidSignatures_default(bytes32,uint256) (runs: 256, μ: 1289598, ~: 1394821) +[PASS] test_fuzz_countValidSignatures_ethSign(bytes32,uint256) (runs: 257, μ: 1294101, ~: 1400360) +Suite result: ok. 4 passed; 0 failed; 0 skipped; finished in 452.18s (899.04s CPU time) | script/HatsSignerGate.s.sol:DeployImplementation contract | | | | | | |-----------------------------------------------------------|-----------------|---------|---------|---------|---------| | Deployment Cost | Deployment Size | | | | | -| 6345032 | 29195 | | | | | +| 6495455 | 29898 | | | | | | Function Name | min | avg | median | max | # calls | -| hats | 400 | 400 | 400 | 400 | 66 | -| prepare | 26507 | 26507 | 26507 | 26507 | 66 | -| run | 5056124 | 5056124 | 5056124 | 5056124 | 66 | -| safeFallbackLibrary | 346 | 346 | 346 | 346 | 66 | -| safeMultisendLibrary | 345 | 345 | 345 | 345 | 66 | -| safeProxyFactory | 347 | 347 | 347 | 347 | 66 | -| safeSingleton | 368 | 368 | 368 | 368 | 66 | -| zodiacModuleFactory | 346 | 346 | 346 | 346 | 66 | - -| script/HatsSignerGate.s.sol:DeployInstance contract | | | | | | -|-----------------------------------------------------|-----------------|--------|--------|--------|---------| -| Deployment Cost | Deployment Size | | | | | -| 1617977 | 7222 | | | | | -| Function Name | min | avg | median | max | # calls | -| prepare1 | 233128 | 344292 | 361235 | 361475 | 578 | -| prepare2 | 46041 | 48819 | 48829 | 48829 | 578 | -| run | 472813 | 730723 | 768134 | 875298 | 578 | +| hats | 400 | 400 | 400 | 400 | 111 | +| prepare | 26507 | 26507 | 26507 | 26507 | 111 | +| run | 5175332 | 5175332 | 5175332 | 5175332 | 111 | +| safeFallbackLibrary | 346 | 346 | 346 | 346 | 111 | +| safeMultisendLibrary | 345 | 345 | 345 | 345 | 111 | +| safeProxyFactory | 347 | 347 | 347 | 347 | 111 | +| safeSingleton | 368 | 368 | 368 | 368 | 111 | +| zodiacModuleFactory | 346 | 346 | 346 | 346 | 111 | + + +| script/HatsSignerGate.s.sol:DeployInstance contract | | | | | | +|-----------------------------------------------------|-----------------|--------|--------|---------|---------| +| Deployment Cost | Deployment Size | | | | | +| 1617977 | 7222 | | | | | +| Function Name | min | avg | median | max | # calls | +| prepare1 | 345088 | 456479 | 473195 | 473435 | 577 | +| prepare2 | 46041 | 48819 | 48829 | 48829 | 577 | +| run | 598310 | 856149 | 893615 | 1000778 | 577 | + | src/HatsSignerGate.sol:HatsSignerGate contract | | | | | | |------------------------------------------------|-----------------|--------|--------|---------|---------| | Deployment Cost | Deployment Size | | | | | | 0 | 0 | | | | | | Function Name | min | avg | median | max | # calls | -| HATS | 293 | 293 | 293 | 293 | 512 | -| addSignerHats | 23902 | 319909 | 70868 | 2270425 | 259 | -| checkAfterExecution | 1116 | 7978 | 8369 | 15932 | 15 | -| checkTransaction | 3987 | 59223 | 64043 | 77305 | 22 | -| claimSigner | 37891 | 115153 | 114545 | 131021 | 4233 | -| claimSignerFor | 58040 | 82865 | 82865 | 107690 | 2 | -| claimSignersFor | 24653 | 282005 | 257809 | 728010 | 1024 | -| claimableFor | 421 | 421 | 421 | 421 | 768 | -| claimedSignerHats | 587 | 587 | 587 | 587 | 2 | -| detachHSG | 66450 | 66450 | 66450 | 66450 | 1 | -| disableDelegatecallTarget | 30177 | 30177 | 30177 | 30177 | 1 | -| disableModule | 35507 | 35507 | 35507 | 35507 | 1 | -| enableDelegatecallTarget | 47301 | 47301 | 47301 | 47301 | 2 | -| enableModule | 52438 | 52438 | 52438 | 52438 | 6 | -| enabledDelegatecallTargets | 590 | 590 | 590 | 590 | 1538 | -| execTransactionFromModule | 24934 | 40665 | 40665 | 56396 | 2 | -| execTransactionFromModuleReturnData | 25929 | 41660 | 41660 | 57391 | 2 | -| getGuard | 372 | 372 | 372 | 372 | 515 | -| getModulesPaginated | 2910 | 2910 | 2910 | 2910 | 512 | +| HATS | 315 | 315 | 315 | 315 | 513 | +| addSignerHats | 48193 | 393814 | 274944 | 1159290 | 256 | +| canAttachToSafe | 2890 | 3570 | 3573 | 3573 | 257 | +| checkAfterExecution | 716 | 8819 | 8367 | 18164 | 15 | +| checkTransaction | 3944 | 66392 | 71633 | 80561 | 22 | +| claimSigner | 37812 | 112873 | 115277 | 156982 | 8714 | +| claimSignerFor | 52485 | 86401 | 89436 | 114248 | 1024 | +| claimSignersFor | 24653 | 545538 | 511105 | 1438687 | 1024 | +| claimableFor | 421 | 1421 | 1421 | 2421 | 1536 | +| detachHSG | 66410 | 66410 | 66410 | 66410 | 1 | +| disableDelegatecallTarget | 30199 | 30199 | 30199 | 30199 | 256 | +| disableModule | 35507 | 35507 | 35507 | 35507 | 512 | +| enableDelegatecallTarget | 47279 | 47279 | 47279 | 47279 | 512 | +| enableModule | 52438 | 52438 | 52438 | 52438 | 1028 | +| enabledDelegatecallTargets | 590 | 590 | 590 | 590 | 2048 | +| execTransactionFromModule | 25501 | 41232 | 41232 | 56963 | 2 | +| execTransactionFromModuleReturnData | 26496 | 42227 | 42227 | 57958 | 2 | +| getGuard | 395 | 395 | 395 | 395 | 1026 | +| getModulesPaginated | 2888 | 2888 | 2888 | 2888 | 512 | +| getSafeDeployParamAddresses | 343 | 343 | 343 | 343 | 1 | | implementation | 380 | 380 | 380 | 380 | 512 | -| isModuleEnabled | 660 | 660 | 660 | 660 | 3 | -| isValidSigner | 4135 | 4135 | 4135 | 4135 | 1224 | -| isValidSignerHat | 502 | 502 | 502 | 502 | 2560 | -| locked | 420 | 420 | 420 | 420 | 512 | -| migrateToNewHSG | 112872 | 305646 | 278334 | 493850 | 257 | -| ownerHat | 384 | 384 | 384 | 384 | 513 | -| removeSigner | 21686 | 65310 | 80325 | 85461 | 7 | -| safe | 425 | 425 | 425 | 425 | 832 | -| setClaimableFor | 25052 | 27576 | 27852 | 27852 | 1282 | -| setGuard | 27102 | 42546 | 50268 | 50268 | 3 | -| setOwnerHat | 27644 | 27644 | 27644 | 27644 | 1 | -| setThresholdConfig | 24275 | 74655 | 75130 | 88162 | 517 | -| supportsInterface | 441 | 441 | 441 | 441 | 577 | -| thresholdConfig | 899 | 901 | 899 | 2899 | 1796 | -| validSignerCount | 7070 | 22383 | 20531 | 54469 | 1297 | - - - - -Ran 24 test suites in 138.51s (822.70s CPU time): 66 tests passed, 0 failed, 0 skipped (66 total tests) \ No newline at end of file +| isModuleEnabled | 660 | 660 | 660 | 660 | 768 | +| isValidSigner | 4179 | 4201 | 4179 | 4718 | 6044 | +| isValidSignerHat | 502 | 502 | 502 | 502 | 9278 | +| lock | 27419 | 27419 | 27419 | 27419 | 1 | +| locked | 398 | 398 | 398 | 398 | 513 | +| migrateToNewHSG | 112816 | 523179 | 519136 | 899182 | 257 | +| ownerHat | 384 | 386 | 384 | 2384 | 769 | +| registeredSignerHats | 565 | 565 | 565 | 565 | 3446 | +| removeSigner | 80200 | 85316 | 85336 | 85336 | 257 | +| safe | 425 | 425 | 425 | 425 | 831 | +| setClaimableFor | 25052 | 27681 | 27852 | 27852 | 2048 | +| setGuard | 29902 | 40124 | 50268 | 50268 | 514 | +| setOwnerHat | 27644 | 27644 | 27644 | 27644 | 256 | +| setThresholdConfig | 24312 | 61662 | 61656 | 74895 | 261 | +| supportsInterface | 441 | 441 | 441 | 441 | 576 | +| thresholdConfig | 899 | 906 | 899 | 2899 | 516 | +| validSignerCount | 7064 | 40894 | 38497 | 97404 | 1540 | +| version | 495 | 495 | 495 | 495 | 1 | + + +| test/harnesses/HatsSignerGateHarness.sol:HatsSignerGateHarness contract | | | | | | +|-------------------------------------------------------------------------|-----------------|--------|--------|---------|---------| +| Deployment Cost | Deployment Size | | | | | +| 6245470 | 29331 | | | | | +| Function Name | min | avg | median | max | # calls | +| checkAfterExecution | 740 | 740 | 740 | 740 | 2 | +| checkTransaction | 63980 | 63980 | 63980 | 63980 | 2 | +| claimSigner | 107315 | 110867 | 110867 | 114419 | 4 | +| claimableFor | 422 | 422 | 422 | 422 | 256 | +| deploySafeAndAttachHSG | 318547 | 318547 | 318547 | 318547 | 1 | +| enableDelegatecallTarget | 27422 | 27422 | 27422 | 27422 | 1 | +| enabledDelegatecallTargets | 588 | 588 | 588 | 588 | 1 | +| entrancyCounter | 428 | 428 | 428 | 428 | 257 | +| execAttachNewHSG | 64387 | 64387 | 64387 | 64387 | 1 | +| execChangeThreshold | 19785 | 22765 | 21431 | 25877 | 512 | +| execDisableHSGAsModule | 28112 | 28112 | 28112 | 28112 | 256 | +| execDisableHSGAsOnlyModule | 28061 | 28061 | 28061 | 28061 | 1 | +| execRemoveHSGAsGuard | 23749 | 23749 | 23749 | 23749 | 1 | +| existingFallbackHandler | 446 | 446 | 446 | 446 | 257 | +| existingOwnersHash | 385 | 385 | 385 | 385 | 257 | +| existingThreshold | 429 | 429 | 429 | 429 | 257 | +| exposed_addSigner | 12933 | 80195 | 75711 | 143490 | 7456 | +| exposed_addSignerHats | 2281 | 143235 | 47759 | 1139253 | 770 | +| exposed_checkAfterExecution | 2729 | 2729 | 2729 | 2729 | 256 | +| exposed_checkModuleTransaction | 659 | 760 | 659 | 26788 | 257 | +| exposed_checkOwner | 21426 | 21426 | 21426 | 21426 | 1 | +| exposed_checkSafeState | 6013 | 6013 | 6013 | 6013 | 1 | +| exposed_checkTransaction | 104030 | 104291 | 104030 | 171204 | 257 | +| exposed_checkUnlocked | 2396 | 2396 | 2396 | 2396 | 1 | +| exposed_countValidSignatures | 4954 | 62346 | 55820 | 157787 | 1024 | +| exposed_countValidSigners | 4924 | 68908 | 47670 | 208334 | 256 | +| exposed_existingOwnersHash | 380 | 380 | 380 | 380 | 1 | +| exposed_getNewThreshold | 1015 | 1200 | 1051 | 3015 | 6896 | +| exposed_getRequiredValidSignatures | 985 | 1073 | 1012 | 1220 | 1536 | +| exposed_lock | 6046 | 6046 | 6046 | 6046 | 1 | +| exposed_registerSigner | 12652 | 49556 | 52019 | 52019 | 8136 | +| exposed_removeSigner | 53455 | 72810 | 63382 | 132838 | 512 | +| exposed_setClaimableFor | 3768 | 5189 | 6568 | 6568 | 256 | +| exposed_setDelegatecallTarget | 4190 | 14814 | 24090 | 24090 | 513 | +| exposed_setOwnerHat | 6442 | 6442 | 6442 | 6442 | 256 | +| exposed_setThresholdConfig | 5200 | 7986 | 8000 | 8000 | 2049 | +| initialNonce | 384 | 384 | 384 | 384 | 257 | +| isValidSignerHat | 547 | 868 | 547 | 2547 | 4773 | +| locked | 421 | 421 | 421 | 421 | 1 | +| operation | 502 | 502 | 502 | 502 | 257 | +| ownerHat | 386 | 386 | 386 | 386 | 256 | +| reentrancyGuard | 407 | 407 | 407 | 407 | 257 | +| registeredSignerHats | 588 | 588 | 588 | 588 | 512 | +| safe | 425 | 425 | 425 | 425 | 42 | +| setExistingFallbackHandler | 672 | 672 | 672 | 672 | 1 | +| setExistingOwnersHash | 443 | 443 | 443 | 443 | 1 | +| setExistingThreshold | 422 | 422 | 422 | 422 | 1 | +| supportsInterface | 464 | 464 | 464 | 464 | 43 | +| thresholdConfig | 966 | 966 | 966 | 966 | 256 | + + +| test/mocks/TestGuard.sol:TestGuard contract | | | | | | +|---------------------------------------------|-----------------|-----|--------|-----|---------| +| Deployment Cost | Deployment Size | | | | | +| 499117 | 2727 | | | | | +| Function Name | min | avg | median | max | # calls | +| supportsInterface | 350 | 350 | 350 | 350 | 771 | + + + + +Ran 40 test suites in 452.71s (3426.38s CPU time): 117 tests passed, 2 failed, 0 skipped (119 total tests) + +Failing tests: +Encountered 2 failing tests in test/HatsSignerGate.internals.t.sol:TransactionValidationInternals +[FAIL: CannotChangeThreshold()] test_checkSafeState() (gas: 112477) +[FAIL: the existing owners hash should be unchanged: 0x0000000000000000000000000000000000000000000000000000000000000000 != 0xdec22d665cd8a5d6a8e2fb5e36109e7c69a9fde85d7436b5081a9c4cc04c0d29; counterexample: calldata=0x9d37a228000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000079e8 args=[8, 1, 5, 3, 31208 [3.12e4]]] test_fuzz_checkModuleTransaction_delegatecallToApprovedTarget(uint8,uint8,uint8,uint8,uint16) (runs: 0, μ: 0, ~: 0) + +Encountered a total of 2 failing tests, 117 tests succeeded diff --git a/lcov.info b/lcov.info index 0909845..08e07c4 100644 --- a/lcov.info +++ b/lcov.info @@ -1,27 +1,27 @@ TN: SF:script/HatsSignerGate.s.sol FN:13,BaseScript.getChainKey -FNDA:865,BaseScript.getChainKey -DA:14,865 +FNDA:844,BaseScript.getChainKey +DA:14,844 FN:35,DeployImplementation.setDeployParams FNDA:0,DeployImplementation.setDeployParams -DA:36,211 -DA:37,211 -DA:38,211 -DA:39,211 -DA:41,211 -DA:44,211 +DA:36,200 +DA:37,200 +DA:38,200 +DA:39,200 +DA:41,200 +DA:44,200 FN:48,DeployImplementation.prepare -FNDA:211,DeployImplementation.prepare -DA:49,211 +FNDA:200,DeployImplementation.prepare +DA:49,200 FN:52,DeployImplementation.run -FNDA:211,DeployImplementation.run -DA:53,211 -DA:54,211 -DA:55,211 -DA:56,211 -DA:58,211 -DA:61,211 +FNDA:200,DeployImplementation.run +DA:53,200 +DA:54,200 +DA:55,200 +DA:56,200 +DA:58,200 +DA:61,200 DA:63,0 BRDA:63,0,0,- DA:64,0 @@ -36,48 +36,48 @@ DA:74,0 DA:75,0 DA:76,0 DA:77,0 -DA:80,211 +DA:80,200 FN:102,DeployInstance.prepare1 -FNDA:654,DeployInstance.prepare1 -DA:113,654 -DA:114,654 -DA:115,654 -DA:116,654 -DA:117,654 -DA:118,654 -DA:119,654 -DA:120,654 -DA:121,654 +FNDA:644,DeployInstance.prepare1 +DA:113,644 +DA:114,644 +DA:115,644 +DA:116,644 +DA:117,644 +DA:118,644 +DA:119,644 +DA:120,644 +DA:121,644 FN:124,DeployInstance.prepare2 -FNDA:654,DeployInstance.prepare2 -DA:125,654 -DA:126,654 +FNDA:644,DeployInstance.prepare2 +DA:125,644 +DA:126,644 FN:129,DeployInstance.setModuleFactory FNDA:0,DeployInstance.setModuleFactory -DA:130,654 -DA:131,654 -DA:132,654 -DA:133,654 -DA:135,654 -DA:138,654 +DA:130,644 +DA:131,644 +DA:132,644 +DA:133,644 +DA:135,644 +DA:138,644 FN:141,DeployInstance.setupParams FNDA:0,DeployInstance.setupParams -DA:142,654 +DA:142,644 DA:153,0 FN:156,DeployInstance.run -FNDA:654,DeployInstance.run -DA:157,654 -DA:159,654 -DA:160,654 -DA:161,654 -DA:163,654 -DA:167,654 +FNDA:644,DeployInstance.run +DA:157,644 +DA:159,644 +DA:160,644 +DA:161,644 +DA:163,644 +DA:167,644 DA:169,5 BRDA:169,0,0,5 DA:170,5 BRDA:170,1,0,- DA:171,0 -DA:175,654 +DA:175,644 FNF:9 FNH:6 LF:55 @@ -87,462 +87,467 @@ BRH:1 end_of_record TN: SF:src/HatsSignerGate.sol -FN:119,HatsSignerGate._checkOwner -FNDA:14977,HatsSignerGate._checkOwner -DA:120,14977 -BRDA:120,0,0,2366 -FN:124,HatsSignerGate._checkUnlocked -FNDA:17756,HatsSignerGate._checkUnlocked -DA:125,2829 -BRDA:125,1,0,2829 -FN:132,HatsSignerGate. -FNDA:281,HatsSignerGate. -DA:139,281 -DA:140,281 -DA:141,281 -DA:142,281 -DA:143,281 -DA:146,281 -FN:154,HatsSignerGate.setUp -FNDA:725,HatsSignerGate.setUp -DA:155,723 -DA:158,723 -BRDA:158,2,0,461 -DA:159,461 -DA:165,723 -DA:167,264 -BRDA:167,3,0,264 -DA:170,723 -DA:173,723 -DA:174,723 -DA:175,723 -DA:178,723 -DA:181,723 -DA:182,723 -DA:183,1545 -DA:187,723 -BRDA:187,4,0,515 -DA:190,723 -DA:191,723 -DA:192,723 -FN:200,HatsSignerGate.claimSigner -FNDA:12137,HatsSignerGate.claimSigner -DA:202,12137 -DA:205,11623 -FN:209,HatsSignerGate.claimSignerFor +FN:125,HatsSignerGate._checkOwner +FNDA:14975,HatsSignerGate._checkOwner +DA:126,14975 +BRDA:126,0,0,2366 +FN:130,HatsSignerGate._checkUnlocked +FNDA:17754,HatsSignerGate._checkUnlocked +DA:131,2829 +BRDA:131,1,0,2829 +FN:138,HatsSignerGate. +FNDA:269,HatsSignerGate. +DA:145,269 +DA:146,269 +DA:147,269 +DA:148,269 +DA:149,269 +DA:152,269 +FN:160,HatsSignerGate.setUp +FNDA:714,HatsSignerGate.setUp +DA:161,712 +DA:164,712 +BRDA:164,2,0,450 +DA:165,450 +DA:171,712 +DA:173,264 +BRDA:173,3,0,264 +DA:176,712 +DA:179,712 +DA:180,712 +DA:181,712 +DA:184,712 +DA:187,712 +DA:188,712 +DA:189,1545 +DA:193,712 +BRDA:193,4,0,515 +DA:196,712 +DA:197,712 +DA:198,712 +FN:206,HatsSignerGate.claimSigner +FNDA:12194,HatsSignerGate.claimSigner +DA:208,12194 +DA:211,11680 +FN:215,HatsSignerGate.claimSignerFor FNDA:2313,HatsSignerGate.claimSignerFor -DA:211,2313 -BRDA:211,5,0,257 -DA:214,2056 -DA:217,1285 -FN:221,HatsSignerGate.claimSignersFor +DA:217,2313 +BRDA:217,5,0,257 +DA:220,2056 +DA:223,1285 +FN:227,HatsSignerGate.claimSignersFor FNDA:2056,HatsSignerGate.claimSignersFor -DA:223,2056 -BRDA:223,6,0,514 -DA:226,1542 -DA:227,1542 -BRDA:227,7,0,- -DA:229,1542 -DA:231,1542 +DA:229,2056 +BRDA:229,6,0,514 +DA:232,1542 DA:233,1542 -DA:236,1542 +BRDA:233,7,0,- +DA:235,1542 +DA:237,1542 DA:239,1542 DA:242,1542 -DA:243,12318 -DA:244,12318 -DA:247,12318 -DA:250,11804 -BRDA:250,8,0,6432 -DA:252,6432 -DA:255,6432 -BRDA:255,9,0,450 -BRDA:255,9,1,5982 -DA:256,450 -DA:259,5982 -DA:260,5982 -DA:264,6432 -DA:269,1028 -DA:270,1028 -BRDA:270,10,0,739 -DA:271,739 -FN:276,HatsSignerGate.removeSigner +DA:245,1542 +DA:248,1542 +DA:249,12116 +DA:250,12116 +DA:253,12116 +DA:256,11602 +BRDA:256,8,0,6278 +DA:258,6278 +DA:261,6278 +BRDA:261,9,0,451 +BRDA:261,9,1,5827 +DA:262,451 +DA:265,5827 +DA:266,5827 +DA:270,6278 +DA:275,1028 +DA:276,1028 +BRDA:276,10,0,745 +DA:277,745 +FN:282,HatsSignerGate.removeSigner FNDA:772,HatsSignerGate.removeSigner -DA:277,772 -BRDA:277,11,0,257 -DA:280,515 -FN:288,HatsSignerGate.lock +DA:283,772 +BRDA:283,11,0,257 +DA:286,515 +FN:294,HatsSignerGate.lock FNDA:3087,HatsSignerGate.lock -DA:289,3087 -DA:290,2830 -DA:291,2829 -FN:295,HatsSignerGate.setOwnerHat +DA:295,3087 +DA:296,2830 +DA:297,2829 +FN:301,HatsSignerGate.setOwnerHat FNDA:771,HatsSignerGate.setOwnerHat -DA:296,771 -DA:297,514 -DA:298,257 -FN:302,HatsSignerGate.addSignerHats +DA:302,771 +DA:303,514 +DA:304,257 +FN:308,HatsSignerGate.addSignerHats FNDA:771,HatsSignerGate.addSignerHats -DA:303,771 -DA:304,514 -DA:305,257 -FN:309,HatsSignerGate.setThresholdConfig +DA:309,771 +DA:310,514 +DA:311,257 +FN:315,HatsSignerGate.setThresholdConfig FNDA:776,HatsSignerGate.setThresholdConfig -DA:310,776 -DA:311,519 -DA:312,262 -DA:315,261 -DA:318,261 -DA:320,261 -BRDA:320,12,0,204 -DA:321,204 +DA:316,776 +DA:317,519 +DA:318,262 +DA:321,261 DA:324,261 -FN:328,HatsSignerGate.setClaimableFor +DA:326,261 +BRDA:326,12,0,203 +DA:327,203 +DA:330,261 +FN:334,HatsSignerGate.setClaimableFor FNDA:4369,HatsSignerGate.setClaimableFor -DA:329,4369 -DA:330,4112 -DA:331,3855 -FN:335,HatsSignerGate.detachHSG +DA:335,4369 +DA:336,4112 +DA:337,3855 +FN:341,HatsSignerGate.detachHSG FNDA:259,HatsSignerGate.detachHSG -DA:336,259 -DA:337,2 -DA:338,1 -DA:341,1 -DA:342,1 -DA:343,1 -FN:347,HatsSignerGate.migrateToNewHSG +DA:342,259 +DA:343,2 +DA:344,1 +DA:347,1 +DA:348,1 +DA:349,1 +FN:353,HatsSignerGate.migrateToNewHSG FNDA:517,HatsSignerGate.migrateToNewHSG -DA:350,517 -DA:351,516 -DA:353,515 -DA:355,515 -DA:357,515 +DA:356,517 +DA:357,516 DA:359,515 -DA:362,515 +DA:361,515 DA:363,515 -BRDA:363,13,0,514 -DA:365,514 -BRDA:365,14,0,- -DA:367,514 -DA:369,258 -FN:373,HatsSignerGate.enableDelegatecallTarget -FNDA:1779,HatsSignerGate.enableDelegatecallTarget -DA:374,1779 -DA:375,1522 -DA:377,1265 -FN:381,HatsSignerGate.disableDelegatecallTarget +DA:365,515 +DA:368,515 +DA:369,515 +BRDA:369,13,0,514 +DA:371,514 +BRDA:371,14,0,- +DA:373,514 +DA:375,258 +FN:379,HatsSignerGate.enableDelegatecallTarget +FNDA:1777,HatsSignerGate.enableDelegatecallTarget +DA:380,1777 +DA:381,1520 +DA:383,1263 +FN:387,HatsSignerGate.disableDelegatecallTarget FNDA:771,HatsSignerGate.disableDelegatecallTarget -DA:382,771 -DA:383,514 -DA:385,257 -FN:394,HatsSignerGate.checkTransaction +DA:388,771 +DA:389,514 +DA:391,257 +FN:400,HatsSignerGate.checkTransaction FNDA:41,HatsSignerGate.checkTransaction -DA:408,817 -BRDA:408,15,0,1 -DA:414,816 -DA:417,816 -BRDA:417,16,0,2 -DA:420,814 -BRDA:420,17,0,7 -DA:421,7 -DA:438,811 -DA:439,811 -DA:442,811 -DA:444,811 -BRDA:444,18,0,253 -BRDA:444,18,1,556 -DA:447,253 -BRDA:447,19,0,3 -DA:451,250 -DA:452,250 -DA:453,250 -DA:454,558 -BRDA:454,20,0,2 -DA:458,2 -DA:467,806 -BRDA:467,21,0,258 -DA:470,548 -DA:485,548 -BRDA:485,22,0,261 -FN:502,HatsSignerGate.checkAfterExecution +DA:414,817 +BRDA:414,15,0,1 +DA:420,816 +BRDA:420,16,0,- +DA:423,816 +BRDA:423,17,0,812 +DA:424,812 +DA:428,816 +DA:437,816 +BRDA:437,18,0,2 +DA:440,814 +BRDA:440,19,0,7 +DA:441,7 +DA:458,811 +DA:459,811 +DA:462,811 +DA:464,811 +BRDA:464,20,0,251 +BRDA:464,20,1,558 +DA:467,251 +BRDA:467,21,0,3 +DA:471,248 +DA:472,248 +DA:473,248 +DA:474,560 +BRDA:474,22,0,2 +DA:478,2 +DA:487,806 +BRDA:487,23,0,258 +DA:490,548 +DA:505,548 +BRDA:505,24,0,261 +FN:520,HatsSignerGate.checkAfterExecution FNDA:27,HatsSignerGate.checkAfterExecution -DA:503,798 -DA:504,798 -BRDA:504,23,0,257 -DA:508,541 -DA:509,261 -BRDA:509,24,0,261 -DA:515,282 -DA:516,12 -BRDA:516,25,0,12 -DA:521,273 -FN:529,HatsSignerGate.thresholdConfig +DA:522,541 +DA:523,261 +BRDA:523,25,0,261 +DA:529,282 +DA:530,12 +BRDA:530,26,0,12 +FN:539,HatsSignerGate.thresholdConfig FNDA:774,HatsSignerGate.thresholdConfig -DA:530,774 -FN:534,HatsSignerGate.isValidSigner -FNDA:10571,HatsSignerGate.isValidSigner -DA:537,43759 -FN:541,HatsSignerGate.isValidSignerHat -FNDA:15257,HatsSignerGate.isValidSignerHat -DA:542,50443 -FN:546,HatsSignerGate.validSignerCount +DA:540,774 +FN:544,HatsSignerGate.isValidSigner +FNDA:10590,HatsSignerGate.isValidSigner +DA:547,43404 +FN:551,HatsSignerGate.isValidSignerHat +FNDA:15142,HatsSignerGate.isValidSignerHat +DA:552,50058 +FN:556,HatsSignerGate.validSignerCount FNDA:2060,HatsSignerGate.validSignerCount -DA:547,2060 -FN:551,HatsSignerGate.canAttachToSafe +DA:557,2060 +FN:561,HatsSignerGate.canAttachToSafe FNDA:258,HatsSignerGate.canAttachToSafe -DA:552,258 -FN:556,HatsSignerGate.getSafeDeployParamAddresses +DA:562,258 +FN:566,HatsSignerGate.getSafeDeployParamAddresses FNDA:1,HatsSignerGate.getSafeDeployParamAddresses -DA:566,1 -FN:575,HatsSignerGate._setOwnerHat -FNDA:1237,HatsSignerGate._setOwnerHat -DA:576,1237 -DA:577,1237 -FN:583,HatsSignerGate._addSignerHats -FNDA:2267,HatsSignerGate._addSignerHats -DA:584,2267 -DA:585,16834 -DA:588,2267 -FN:593,HatsSignerGate._setThresholdConfig -FNDA:4065,HatsSignerGate._setThresholdConfig -DA:595,4065 -BRDA:595,26,0,256 -DA:597,3809 -DA:598,2653 -BRDA:598,27,0,2653 -BRDA:597,27,1,899 -DA:599,2653 -BRDA:599,28,0,257 -DA:602,1156 -BRDA:602,29,0,257 -DA:605,3295 -DA:608,3295 -FN:615,HatsSignerGate._countValidSigners +DA:576,1 +FN:585,HatsSignerGate._setOwnerHat +FNDA:1226,HatsSignerGate._setOwnerHat +DA:586,1226 +DA:587,1226 +FN:593,HatsSignerGate._addSignerHats +FNDA:2256,HatsSignerGate._addSignerHats +DA:594,2256 +DA:595,16352 +DA:598,2256 +FN:603,HatsSignerGate._setThresholdConfig +FNDA:4056,HatsSignerGate._setThresholdConfig +DA:605,4056 +BRDA:605,27,0,256 +DA:607,3800 +DA:608,2640 +BRDA:608,28,0,2640 +BRDA:607,28,1,903 +DA:609,2640 +BRDA:609,29,0,258 +DA:612,1160 +BRDA:612,30,0,257 +DA:615,3285 +DA:618,3285 +FN:625,HatsSignerGate._countValidSigners FNDA:2317,HatsSignerGate._countValidSigners -DA:617,2317 -DA:618,20579 -DA:619,14770 -BRDA:619,30,0,14770 -DA:621,14770 -FN:634,HatsSignerGate._countValidSignatures +DA:627,2317 +DA:628,20339 +DA:629,14577 +BRDA:629,31,0,14577 +DA:631,14577 +FN:644,HatsSignerGate._countValidSignatures FNDA:1576,HatsSignerGate._countValidSignatures -DA:640,1576 -DA:641,1576 -DA:642,1576 -DA:643,1576 -DA:644,1576 -DA:646,13413 -DA:647,11837 -DA:648,11837 -DA:649,3765 -BRDA:649,31,0,3765 -BRDA:648,31,1,2702 -DA:651,3765 -DA:652,8072 -DA:653,2735 -BRDA:653,32,0,2735 -BRDA:652,32,1,2702 -DA:655,2735 -DA:656,5337 -DA:657,2635 -BRDA:657,33,0,2635 -BRDA:656,33,1,2702 -DA:660,2635 -DA:664,2702 -DA:667,11837 -DA:668,6498 -BRDA:668,34,0,6498 -DA:670,6498 -FN:678,HatsSignerGate._setClaimableFor -FNDA:4835,HatsSignerGate._setClaimableFor -DA:679,4835 -DA:680,4835 -FN:687,HatsSignerGate._registerSigner -FNDA:35186,HatsSignerGate._registerSigner -DA:689,35186 -BRDA:689,35,0,1028 -DA:692,34158 -BRDA:692,36,0,1028 -DA:696,33130 -DA:697,21250 -BRDA:697,37,0,21250 -BRDA:697,38,0,514 -DA:701,32616 -DA:704,32616 -FN:711,HatsSignerGate._addSigner -FNDA:23120,HatsSignerGate._addSigner -DA:712,23120 -DA:715,23120 -DA:716,21431 -BRDA:716,39,0,21431 -DA:717,21431 -DA:720,21431 -DA:723,21431 -DA:724,5158 -BRDA:724,40,0,5158 -BRDA:723,40,1,16273 -DA:725,5158 -DA:728,16273 -DA:730,16273 -DA:734,21431 -FN:741,HatsSignerGate._removeSigner -FNDA:1284,HatsSignerGate._removeSigner -DA:742,1284 -DA:743,1284 -DA:744,1284 -DA:746,1284 -DA:748,1284 -DA:749,830 -BRDA:749,41,0,830 -BRDA:748,41,1,454 -DA:750,830 -DA:753,454 -DA:755,454 -DA:760,1284 -FN:767,HatsSignerGate._getRequiredValidSignatures -FNDA:30008,HatsSignerGate._getRequiredValidSignatures -DA:769,30008 -DA:772,30008 -DA:773,26912 -BRDA:773,42,0,26912 -BRDA:772,42,1,3096 -DA:774,26912 -BRDA:774,43,0,3046 -BRDA:774,43,1,4342 -DA:775,23866 -BRDA:775,44,0,19524 -BRDA:775,44,1,4342 -DA:776,4342 -DA:780,3096 -DA:782,3096 -BRDA:782,45,0,2247 -FN:791,HatsSignerGate._getNewThreshold -FNDA:27399,HatsSignerGate._getNewThreshold -DA:793,27399 -DA:795,27399 -DA:796,4084 -BRDA:796,46,0,4084 -FN:801,HatsSignerGate._lock +DA:650,1576 +DA:651,1576 +DA:652,1576 +DA:653,1576 +DA:654,1576 +DA:656,13279 +DA:657,11703 +DA:658,11703 +DA:659,3717 +BRDA:659,32,0,3717 +BRDA:658,32,1,2683 +DA:661,3717 +DA:662,7986 +DA:663,2687 +BRDA:663,33,0,2687 +BRDA:662,33,1,2683 +DA:665,2687 +DA:666,5299 +DA:667,2616 +BRDA:667,34,0,2616 +BRDA:666,34,1,2683 +DA:670,2616 +DA:674,2683 +DA:677,11703 +DA:678,6414 +BRDA:678,35,0,6414 +DA:680,6414 +FN:688,HatsSignerGate._setClaimableFor +FNDA:4824,HatsSignerGate._setClaimableFor +DA:689,4824 +DA:690,4824 +FN:697,HatsSignerGate._registerSigner +FNDA:34916,HatsSignerGate._registerSigner +DA:699,34916 +BRDA:699,36,0,1028 +DA:702,33888 +BRDA:702,37,0,1028 +DA:706,32860 +DA:707,20923 +BRDA:707,38,0,20923 +BRDA:707,39,0,514 +DA:711,32346 +DA:714,32346 +FN:721,HatsSignerGate._addSigner +FNDA:22571,HatsSignerGate._addSigner +DA:722,22571 +DA:725,22571 +DA:726,20877 +BRDA:726,40,0,20877 +DA:727,20877 +DA:730,20877 +DA:733,20877 +DA:734,5164 +BRDA:734,41,0,5164 +BRDA:733,41,1,15713 +DA:735,5164 +DA:738,15713 +DA:740,15713 +DA:744,20877 +FN:751,HatsSignerGate._removeSigner +FNDA:1286,HatsSignerGate._removeSigner +DA:752,1286 +DA:753,1286 +DA:754,1286 +DA:756,1286 +DA:758,1286 +DA:759,835 +BRDA:759,42,0,835 +BRDA:758,42,1,451 +DA:760,835 +DA:763,451 +DA:765,451 +DA:770,1286 +FN:777,HatsSignerGate._getRequiredValidSignatures +FNDA:28832,HatsSignerGate._getRequiredValidSignatures +DA:779,28832 +DA:782,28832 +DA:783,26004 +BRDA:783,43,0,26004 +BRDA:782,43,1,2828 +DA:784,26004 +BRDA:784,44,0,2996 +BRDA:784,44,1,4318 +DA:785,23008 +BRDA:785,45,0,18690 +BRDA:785,45,1,4318 +DA:786,4318 +DA:790,2828 +DA:792,2828 +BRDA:792,46,0,1893 +FN:801,HatsSignerGate._getNewThreshold +FNDA:26223,HatsSignerGate._getNewThreshold +DA:803,26223 +DA:805,26223 +DA:806,3678 +BRDA:806,47,0,3678 +FN:811,HatsSignerGate._lock FNDA:3095,HatsSignerGate._lock -DA:802,3095 -DA:803,3095 -FN:809,HatsSignerGate._setDelegatecallTarget -FNDA:4459,HatsSignerGate._setDelegatecallTarget -DA:810,4459 -DA:811,4459 -FN:815,HatsSignerGate. +DA:812,3095 +DA:813,3095 +FN:819,HatsSignerGate._setDelegatecallTarget +FNDA:4425,HatsSignerGate._setDelegatecallTarget +DA:820,4425 +DA:821,4425 +FN:825,HatsSignerGate. FNDA:0,HatsSignerGate. -FN:834,HatsSignerGate.execTransactionFromModule +FN:844,HatsSignerGate.execTransactionFromModule FNDA:16,HatsSignerGate.execTransactionFromModule -DA:840,15 -DA:843,15 -DA:846,10 -DA:850,9 -BRDA:850,47,0,9 -BRDA:849,47,1,1 -DA:852,1 +DA:851,15 +DA:854,10 DA:857,10 -BRDA:857,48,0,8 FN:870,HatsSignerGate.execTransactionFromModuleReturnData FNDA:16,HatsSignerGate.execTransactionFromModuleReturnData -DA:876,15 -DA:879,15 -DA:882,10 -DA:886,9 -BRDA:886,49,0,9 -BRDA:885,49,1,1 -DA:888,1 -DA:893,10 -BRDA:893,50,0,8 -FN:898,HatsSignerGate.disableModule +DA:877,15 +DA:880,10 +DA:883,10 +FN:888,HatsSignerGate.disableModule FNDA:1028,HatsSignerGate.disableModule -DA:899,1028 -DA:900,771 -DA:901,514 -FN:907,HatsSignerGate.enableModule +DA:889,1028 +DA:890,771 +DA:891,514 +FN:897,HatsSignerGate.enableModule FNDA:2077,HatsSignerGate.enableModule -DA:908,2077 -DA:909,1820 -DA:910,1563 -FN:920,HatsSignerGate.setGuard +DA:898,2077 +DA:899,1820 +DA:900,1563 +FN:910,HatsSignerGate.setGuard FNDA:1549,HatsSignerGate.setGuard -DA:921,1549 -DA:922,1292 -DA:923,1035 -FN:933,HatsSignerGate._checkModuleTransaction -FNDA:799,HatsSignerGate._checkModuleTransaction -DA:935,799 -DA:936,534 -BRDA:936,51,0,534 -BRDA:935,51,1,260 -DA:938,534 -BRDA:938,52,0,262 -DA:942,272 -DA:943,272 -DA:944,272 -DA:945,265 -DA:946,5 -BRDA:946,53,0,5 -DA:949,5 -FN:959,HatsSignerGate._checkSafeState +DA:911,1549 +DA:912,1292 +DA:913,1035 +FN:927,HatsSignerGate._checkModuleTransaction +FNDA:802,HatsSignerGate._checkModuleTransaction +DA:929,802 +DA:930,536 +BRDA:930,48,0,536 +BRDA:929,48,1,261 +DA:932,536 +BRDA:932,49,0,263 +DA:936,273 +DA:937,273 +DA:938,273 +DA:939,266 +DA:940,5 +BRDA:940,50,0,5 +DA:943,5 +FN:953,HatsSignerGate._checkSafeState FNDA:289,HatsSignerGate._checkSafeState -DA:960,289 -BRDA:960,54,0,4 -DA:963,285 -BRDA:963,55,0,7 -DA:966,278 -BRDA:966,56,0,10 -DA:969,268 -BRDA:969,57,0,3 -DA:972,265 -DA:979,265 -DA:980,261 -BRDA:980,58,0,261 -FNF:46 -FNH:45 -LF:245 -LH:245 -BRF:73 -BRH:71 +DA:954,289 +BRDA:954,51,0,4 +DA:957,285 +BRDA:957,52,0,7 +DA:960,278 +BRDA:960,53,0,10 +DA:963,268 +BRDA:963,54,0,3 +DA:966,265 +DA:973,265 +DA:974,261 +BRDA:974,55,0,261 +FN:983,HatsSignerGate._beforeExecTransactionFromModule +FNDA:30,HatsSignerGate._beforeExecTransactionFromModule +DA:989,30 +BRDA:989,56,0,- +DA:992,30 +DA:994,30 +DA:997,30 +FN:1005,HatsSignerGate._afterExecTransactionFromModule +FNDA:20,HatsSignerGate._afterExecTransactionFromModule +DA:1008,18 +BRDA:1008,57,0,18 +BRDA:1007,57,1,2 +DA:1010,2 +DA:1015,20 +BRDA:1015,58,0,16 +DA:1018,4 +FNF:48 +FNH:47 +LF:247 +LH:247 +BRF:72 +BRH:68 end_of_record TN: SF:src/lib/SafeManagerLib.sol FN:38,SafeManagerLib.deploySafeAndAttachHSG -FNDA:462,SafeManagerLib.deploySafeAndAttachHSG -DA:44,462 -DA:47,462 -DA:48,462 -DA:50,462 -DA:65,462 -DA:68,462 -DA:69,462 -DA:72,462 +FNDA:451,SafeManagerLib.deploySafeAndAttachHSG +DA:44,451 +DA:47,451 +DA:48,451 +DA:50,451 +DA:65,451 +DA:68,451 +DA:69,451 +DA:72,451 FN:89,SafeManagerLib.encodeEnableModuleAction -FNDA:1235,SafeManagerLib.encodeEnableModuleAction -DA:90,1235 +FNDA:1224,SafeManagerLib.encodeEnableModuleAction +DA:90,1224 FN:95,SafeManagerLib.encodeDisableModuleAction FNDA:1031,SafeManagerLib.encodeDisableModuleAction DA:100,1031 FN:108,SafeManagerLib.encodeSetGuardAction -FNDA:1753,SafeManagerLib.encodeSetGuardAction -DA:109,1753 +FNDA:1742,SafeManagerLib.encodeSetGuardAction +DA:109,1742 FN:113,SafeManagerLib.encodeRemoveHSGAsGuardAction FNDA:1,SafeManagerLib.encodeRemoveHSGAsGuardAction DA:115,1 FN:123,SafeManagerLib.encodeSwapOwnerAction -FNDA:6695,SafeManagerLib.encodeSwapOwnerAction -DA:128,6695 +FNDA:6707,SafeManagerLib.encodeSwapOwnerAction +DA:128,6707 FN:133,SafeManagerLib.encodeRemoveOwnerAction -FNDA:711,SafeManagerLib.encodeRemoveOwnerAction -DA:138,711 +FNDA:708,SafeManagerLib.encodeRemoveOwnerAction +DA:138,708 FN:142,SafeManagerLib.encodeAddOwnerWithThresholdAction -FNDA:22512,SafeManagerLib.encodeAddOwnerWithThresholdAction -DA:147,22512 +FNDA:21797,SafeManagerLib.encodeAddOwnerWithThresholdAction +DA:147,21797 FN:155,SafeManagerLib.encodeChangeThresholdAction -FNDA:1771,SafeManagerLib.encodeChangeThresholdAction -DA:156,1771 +FNDA:1777,SafeManagerLib.encodeChangeThresholdAction +DA:156,1777 FN:164,SafeManagerLib.execSafeTransactionFromHSG -FNDA:32984,SafeManagerLib.execSafeTransactionFromHSG -DA:165,32984 +FNDA:32284,SafeManagerLib.execSafeTransactionFromHSG +DA:165,32284 FN:169,SafeManagerLib.execDisableHSGAsOnlyModule FNDA:2,SafeManagerLib.execDisableHSGAsOnlyModule DA:171,2 @@ -562,8 +567,8 @@ DA:198,516 DA:200,516 DA:201,516 FN:205,SafeManagerLib.execChangeThreshold -FNDA:1514,SafeManagerLib.execChangeThreshold -DA:206,1514 +FNDA:1520,SafeManagerLib.execChangeThreshold +DA:206,1520 FN:214,SafeManagerLib.getSafeGuard FNDA:294,SafeManagerLib.getSafeGuard DA:215,294 @@ -578,13 +583,13 @@ FNDA:260,SafeManagerLib.canAttachHSG DA:234,260 DA:236,260 FN:244,SafeManagerLib.findPrevOwner -FNDA:555,SafeManagerLib.findPrevOwner -DA:245,555 -DA:247,555 -DA:248,4768 -DA:249,555 -BRDA:249,0,0,555 -DA:250,472 +FNDA:552,SafeManagerLib.findPrevOwner +DA:245,552 +DA:247,552 +DA:248,4546 +DA:249,552 +BRDA:249,0,0,552 +DA:250,470 FNF:20 FNH:20 LF:38 @@ -594,18 +599,18 @@ BRH:1 end_of_record TN: SF:src/lib/zodiac-modified/GuardableUnowned.sol -FN:20,GuardableUnowned._setGuard +FN:23,GuardableUnowned._setGuard FNDA:1550,GuardableUnowned._setGuard -DA:21,1550 -BRDA:21,0,0,1293 -DA:22,1293 -BRDA:22,1,0,- -DA:23,0 -DA:26,1293 -DA:27,1293 -FN:30,GuardableUnowned.getGuard +DA:24,1550 +BRDA:24,0,0,1293 +DA:25,1293 +BRDA:25,1,0,- +DA:26,0 +DA:29,1293 +DA:30,1293 +FN:33,GuardableUnowned.getGuard FNDA:1805,GuardableUnowned.getGuard -DA:31,1805 +DA:34,1805 FNF:2 FNH:2 LF:6 @@ -615,58 +620,58 @@ BRH:1 end_of_record TN: SF:src/lib/zodiac-modified/ModifierUnowned.sol -FN:70,ModifierUnowned.moduleOnly +FN:75,ModifierUnowned.moduleOnly FNDA:16,ModifierUnowned.moduleOnly -DA:71,16 -BRDA:71,0,0,1 -FN:79,ModifierUnowned.disableModule +DA:76,16 +BRDA:76,0,0,1 +FN:84,ModifierUnowned.disableModule FNDA:514,ModifierUnowned.disableModule -DA:80,514 -BRDA:80,1,0,- -DA:81,0 -DA:83,514 -BRDA:83,2,0,- -DA:84,514 DA:85,514 -DA:86,514 -FN:92,ModifierUnowned._enableModule +BRDA:85,1,0,- +DA:86,0 +DA:88,514 +BRDA:88,2,0,- +DA:89,514 +DA:90,514 +DA:91,514 +FN:97,ModifierUnowned._enableModule FNDA:3108,ModifierUnowned._enableModule -DA:93,3108 -BRDA:93,3,0,- -DA:94,0 -DA:96,3108 -BRDA:96,4,0,- -DA:97,3108 DA:98,3108 -DA:99,3108 -FN:104,ModifierUnowned.isModuleEnabled +BRDA:98,3,0,- +DA:99,0 +DA:101,3108 +BRDA:101,4,0,- +DA:102,3108 +DA:103,3108 +DA:104,3108 +FN:109,ModifierUnowned.isModuleEnabled FNDA:1799,ModifierUnowned.isModuleEnabled -DA:105,1799 -FN:115,ModifierUnowned.getModulesPaginated +DA:110,1799 +FN:120,ModifierUnowned.getModulesPaginated FNDA:514,ModifierUnowned.getModulesPaginated -DA:120,514 -BRDA:120,5,0,- -DA:121,0 -DA:123,514 -BRDA:123,6,0,- -DA:124,0 +DA:125,514 +BRDA:125,5,0,- +DA:126,0 DA:128,514 -DA:131,514 -DA:132,514 -DA:133,2056 -DA:134,1542 -DA:135,1542 -DA:136,1542 -DA:146,514 -BRDA:146,7,0,- -DA:147,0 -DA:152,514 -FN:158,ModifierUnowned.setupModules -FNDA:723,ModifierUnowned.setupModules -DA:159,723 -BRDA:159,8,0,- -DA:160,0 -DA:162,723 +BRDA:128,6,0,- +DA:129,0 +DA:133,514 +DA:136,514 +DA:137,514 +DA:138,2056 +DA:139,1542 +DA:140,1542 +DA:141,1542 +DA:151,514 +BRDA:151,7,0,- +DA:152,0 +DA:157,514 +FN:163,ModifierUnowned.setupModules +FNDA:712,ModifierUnowned.setupModules +DA:164,712 +BRDA:164,8,0,- +DA:165,0 +DA:167,712 FNF:6 FNH:6 LF:31 @@ -717,12 +722,12 @@ DA:118,0 DA:119,0 DA:120,0 FN:124,SafeTestHelpers._createAddressesFromPks -FNDA:211,SafeTestHelpers._createAddressesFromPks -DA:129,211 -DA:130,211 -DA:132,211 -DA:133,4220 -DA:134,4220 +FNDA:200,SafeTestHelpers._createAddressesFromPks +DA:129,200 +DA:130,200 +DA:132,200 +DA:133,4000 +DA:134,4000 FN:139,SafeTestHelpers._sort FNDA:42,SafeTestHelpers._sort DA:140,42 @@ -764,43 +769,43 @@ DA:214,0 DA:216,0 DA:218,0 FN:291,TestSuite.setUp -FNDA:211,TestSuite.setUp -DA:293,211 -DA:296,211 -DA:297,211 -DA:298,211 -DA:301,211 -DA:302,211 -DA:303,211 -DA:304,211 -DA:305,211 -DA:306,211 -DA:309,211 -DA:312,211 -DA:315,211 -DA:316,211 -DA:317,211 -DA:318,211 -DA:319,211 -DA:322,211 -DA:323,211 -DA:324,211 -DA:325,211 -DA:328,211 -DA:329,211 -DA:330,211 -DA:331,211 -DA:334,211 -DA:335,211 -DA:337,211 -DA:338,211 -DA:339,211 -DA:341,211 -DA:342,2110 -DA:346,211 -DA:347,211 -DA:349,211 -DA:352,211 +FNDA:200,TestSuite.setUp +DA:293,200 +DA:296,200 +DA:297,200 +DA:298,200 +DA:301,200 +DA:302,200 +DA:303,200 +DA:304,200 +DA:305,200 +DA:306,200 +DA:309,200 +DA:312,200 +DA:315,200 +DA:316,200 +DA:317,200 +DA:318,200 +DA:319,200 +DA:322,200 +DA:323,200 +DA:324,200 +DA:325,200 +DA:328,200 +DA:329,200 +DA:330,200 +DA:331,200 +DA:334,200 +DA:335,200 +DA:337,200 +DA:338,200 +DA:339,200 +DA:341,200 +DA:342,2000 +DA:346,200 +DA:347,200 +DA:349,200 +DA:352,200 FN:363,TestSuite._deploySafe FNDA:516,TestSuite._deploySafe DA:365,516 @@ -815,23 +820,23 @@ BRDA:408,0,0,- DA:409,0 DA:413,257 FN:416,TestSuite._deployHSGAndSafe -FNDA:392,TestSuite._deployHSGAndSafe -DA:427,392 -DA:428,392 -DA:439,392 -DA:440,392 -DA:441,392 +FNDA:382,TestSuite._deployHSGAndSafe +DA:427,382 +DA:428,382 +DA:439,382 +DA:440,382 +DA:441,382 FN:444,TestSuite._getSafeGuard FNDA:1033,TestSuite._getSafeGuard DA:445,1033 FN:452,TestSuite._addSignersSameHat FNDA:1061,TestSuite._addSignersSameHat DA:453,1061 -DA:454,8132 -DA:455,8132 -DA:456,8132 -DA:457,8132 -DA:458,8132 +DA:454,8216 +DA:455,8216 +DA:456,8216 +DA:457,8216 +DA:458,8216 FN:462,TestSuite._addSignersDifferentHats FNDA:2,TestSuite._addSignersDifferentHats DA:463,2 @@ -839,30 +844,30 @@ DA:464,6 DA:465,6 DA:466,6 FN:470,TestSuite._setSignerValidity -FNDA:53935,TestSuite._setSignerValidity -DA:471,40683 -BRDA:471,1,0,40683 -BRDA:471,1,1,13252 -DA:472,40683 -DA:474,40337 -DA:475,40337 -DA:478,13252 -DA:479,13252 +FNDA:53489,TestSuite._setSignerValidity +DA:471,40360 +BRDA:471,1,0,40360 +BRDA:471,1,1,13129 +DA:472,40360 +DA:474,40012 +DA:475,40012 +DA:478,13129 +DA:479,13129 FN:484,TestSuite._constructSingleActionMultiSendTx FNDA:17,TestSuite._constructSingleActionMultiSendTx DA:489,17 DA:496,17 DA:497,17 FN:504,TestSuite._generateFuzzingAddresses -FNDA:211,TestSuite._generateFuzzingAddresses -DA:505,211 -DA:506,211 -DA:507,10550 -DA:509,211 +FNDA:200,TestSuite._generateFuzzingAddresses +DA:505,200 +DA:506,200 +DA:507,10000 +DA:509,200 FN:516,TestSuite.assertValidSignerHats FNDA:0,TestSuite.assertValidSignerHats DA:517,771 -DA:518,9110 +DA:518,8994 FN:522,TestSuite.assertCorrectModules FNDA:0,TestSuite.assertCorrectModules DA:523,514 @@ -882,32 +887,32 @@ DA:543,0 DA:544,0 DA:545,0 FN:552,TestSuite._createValidThresholdConfig -FNDA:2826,TestSuite._createValidThresholdConfig -DA:558,2826 -DA:560,2826 -DA:561,2826 -BRDA:561,3,0,1717 -BRDA:561,3,1,1109 -DA:563,1717 -DA:566,1109 -DA:569,2826 -DA:570,2826 -DA:571,2826 -DA:573,2826 +FNDA:2827,TestSuite._createValidThresholdConfig +DA:558,2827 +DA:560,2827 +DA:561,2827 +BRDA:561,3,0,1720 +BRDA:561,3,1,1107 +DA:563,1720 +DA:566,1107 +DA:569,2827 +DA:570,2827 +DA:571,2827 +DA:573,2827 FN:576,TestSuite._calcProportionalTargetSignatures -FNDA:202,TestSuite._calcProportionalTargetSignatures -DA:577,202 +FNDA:206,TestSuite._calcProportionalTargetSignatures +DA:577,206 FN:581,TestSuite._calcProportionalRequiredValidSignatures FNDA:257,TestSuite._calcProportionalRequiredValidSignatures DA:586,257 -DA:587,202 -DA:588,202 -DA:589,158 +DA:587,206 +DA:588,206 +DA:589,160 FN:592,TestSuite._calcAbsoluteRequiredValidSignatures FNDA:514,TestSuite._calcAbsoluteRequiredValidSignatures DA:597,514 -DA:598,459 -DA:599,349 +DA:598,463 +DA:599,354 FN:602,TestSuite._calcRequiredValidSignatures FNDA:0,TestSuite._calcRequiredValidSignatures DA:607,0 @@ -918,14 +923,14 @@ FN:615,TestSuite._mockHatWearer FNDA:2313,TestSuite._mockHatWearer DA:616,2313 FN:621,TestSuite._getRandomBool -FNDA:10740,TestSuite._getRandomBool -DA:622,10740 +FNDA:10606,TestSuite._getRandomBool +DA:622,10606 FN:626,TestSuite._getRandomSignerHats FNDA:1028,TestSuite._getRandomSignerHats DA:628,1028 DA:631,1028 DA:632,1028 -DA:633,16188 +DA:633,15346 DA:635,1028 FN:639,TestSuite._getRandomValidSignerHatsWithoutReplacement FNDA:0,TestSuite._getRandomValidSignerHatsWithoutReplacement @@ -949,16 +954,16 @@ DA:669,0 DA:670,0 DA:672,0 FN:675,TestSuite._getRandomValidSignerHat -FNDA:3980,TestSuite._getRandomValidSignerHat -DA:676,3980 -DA:677,3980 +FNDA:3953,TestSuite._getRandomValidSignerHat +DA:676,3953 +DA:677,3953 FN:680,TestSuite._getRandomAddress -FNDA:9024,TestSuite._getRandomAddress -DA:681,9024 +FNDA:8769,TestSuite._getRandomAddress +DA:681,8769 FN:684,TestSuite._getRandomAddress -FNDA:18658,TestSuite._getRandomAddress -DA:685,18658 -DA:686,18658 +FNDA:18376,TestSuite._getRandomAddress +DA:685,18376 +DA:686,18376 FN:689,TestSuite._getRandomSigners FNDA:0,TestSuite._getRandomSigners DA:690,0 @@ -1026,13 +1031,13 @@ FN:780,TestSuite.callerIsSafe FNDA:258,TestSuite.callerIsSafe DA:781,257 BRDA:781,14,0,257 -BRDA:781,14,1,257 +BRDA:781,14,1,- DA:782,257 DA:784,1 FN:791,WithHSGInstanceTest.setUp -FNDA:134,WithHSGInstanceTest.setUp -DA:792,134 -DA:794,134 +FNDA:124,WithHSGInstanceTest.setUp +DA:792,124 +DA:794,124 FN:806,WithHSGInstanceTest.isLocked FNDA:2572,WithHSGInstanceTest.isLocked DA:807,2572 @@ -1046,12 +1051,12 @@ BRDA:815,1,0,257 DA:816,257 DA:817,257 FN:829,WithHSGHarnessInstanceTest.setUp -FNDA:69,WithHSGHarnessInstanceTest.setUp -DA:830,69 -DA:833,69 -DA:842,69 -DA:855,69 -DA:863,69 +FNDA:68,WithHSGHarnessInstanceTest.setUp +DA:830,68 +DA:833,68 +DA:842,68 +DA:855,68 +DA:863,68 FN:866,WithHSGHarnessInstanceTest._addSignersSameHat FNDA:9,WithHSGHarnessInstanceTest._addSignersSameHat DA:867,9 @@ -1061,199 +1066,208 @@ DA:870,18 DA:871,18 DA:872,18 FN:877,WithHSGHarnessInstanceTest._addRandomSigners -FNDA:769,WithHSGHarnessInstanceTest._addRandomSigners -DA:879,769 -DA:882,769 -DA:883,769 -DA:885,10744 -DA:888,10744 -DA:889,10744 -DA:890,118998 -BRDA:890,0,0,2324 -DA:891,2324 -DA:892,2324 -DA:895,10744 -BRDA:895,1,0,8420 -DA:896,8420 -DA:899,8420 -DA:900,8420 -DA:902,8420 -DA:903,8420 -DA:906,8420 -DA:907,8420 +FNDA:771,WithHSGHarnessInstanceTest._addRandomSigners +DA:879,771 +DA:882,771 +DA:883,771 +DA:885,9856 +DA:888,9856 +DA:889,9856 +DA:890,102228 +BRDA:890,0,0,2049 +DA:891,2049 +DA:892,2049 +DA:895,9856 +BRDA:895,1,0,7807 +DA:896,7807 +DA:899,7807 +DA:900,7807 +DA:902,7807 +DA:903,7807 +DA:906,7807 +DA:907,7807 FN:918,WithHSGHarnessInstanceTest._generateUniqueECDSASignatures FNDA:514,WithHSGHarnessInstanceTest._generateUniqueECDSASignatures DA:924,514 DA:925,514 DA:926,514 DA:928,514 -DA:930,5270 -DA:932,10164 -DA:936,5270 -DA:939,5270 -DA:940,5270 -DA:943,5270 -DA:946,5270 -DA:949,5270 -DA:950,5270 -DA:953,5270 -DA:954,5270 -DA:957,5270 -DA:960,5270 -DA:961,5270 -DA:962,2782 -BRDA:962,2,0,2782 -DA:963,2782 -DA:964,2782 +DA:930,5232 +DA:932,9892 +DA:936,5232 +DA:939,5232 +DA:940,5232 +DA:943,5232 +DA:946,5232 +DA:949,5232 +DA:950,5232 +DA:953,5232 +DA:954,5232 +DA:957,5232 +DA:960,5232 +DA:961,5232 +DA:962,2750 +BRDA:962,2,0,2750 +DA:963,2750 +DA:964,2750 FN:974,WithHSGHarnessInstanceTest._generateUniqueNonECDSASignatures FNDA:514,WithHSGHarnessInstanceTest._generateUniqueNonECDSASignatures DA:978,514 DA:979,514 DA:980,514 DA:982,514 -DA:984,5470 -DA:986,10340 -DA:990,5470 -DA:993,5470 -DA:994,5470 -DA:997,5470 -DA:1000,5470 -DA:1001,5470 -DA:1004,5470 -DA:1005,5470 -DA:1008,5470 -DA:1011,5470 -DA:1012,5470 -DA:1013,2880 -BRDA:1013,3,0,2880 -DA:1014,2880 -DA:1015,2880 +DA:984,5374 +DA:986,10100 +DA:990,5374 +DA:993,5374 +DA:994,5374 +DA:997,5374 +DA:1000,5374 +DA:1001,5374 +DA:1004,5374 +DA:1005,5374 +DA:1008,5374 +DA:1011,5374 +DA:1012,5374 +DA:1013,2828 +BRDA:1013,3,0,2828 +DA:1014,2828 +DA:1015,2828 FN:1020,WithHSGHarnessInstanceTest._assertTransientStateVariables FNDA:776,WithHSGHarnessInstanceTest._assertTransientStateVariables -DA:1027,776 -DA:1028,776 DA:1029,776 -BRDA:1029,4,0,1 -BRDA:1029,4,1,775 -DA:1030,1 -DA:1031,1 -DA:1032,1 -DA:1034,775 -DA:1035,775 -DA:1036,775 -FN:1042,WithHSGHarnessInstanceTest.assertCorrectTransientState -FNDA:256,WithHSGHarnessInstanceTest.assertCorrectTransientState -DA:1047,256 -DA:1048,256 -DA:1049,256 +DA:1030,776 +DA:1031,776 +DA:1032,776 +DA:1033,776 +BRDA:1033,4,0,1 +BRDA:1033,4,1,775 +DA:1034,1 +DA:1035,1 +DA:1036,1 +DA:1038,775 +DA:1039,775 +DA:1040,775 +FN:1046,WithHSGHarnessInstanceTest.assertCorrectTransientState +FNDA:257,WithHSGHarnessInstanceTest.assertCorrectTransientState +DA:1051,257 +DA:1052,257 +DA:1053,257 FNF:57 FNH:42 -LF:329 -LH:258 +LF:331 +LH:260 BRF:27 -BRH:17 +BRH:16 end_of_record TN: SF:test/harnesses/HatsSignerGateHarness.sol FN:18,HatsSignerGateHarness. -FNDA:70,HatsSignerGateHarness. -FN:40,HatsSignerGateHarness.setExistingOwnersHash +FNDA:69,HatsSignerGateHarness. +FN:42,HatsSignerGateHarness.setExistingOwnersHash FNDA:258,HatsSignerGateHarness.setExistingOwnersHash -DA:41,258 -FN:44,HatsSignerGateHarness.setExistingThreshold +DA:43,258 +FN:46,HatsSignerGateHarness.setExistingThreshold FNDA:259,HatsSignerGateHarness.setExistingThreshold -DA:45,259 -FN:48,HatsSignerGateHarness.setExistingFallbackHandler +DA:47,259 +FN:50,HatsSignerGateHarness.setExistingFallbackHandler FNDA:258,HatsSignerGateHarness.setExistingFallbackHandler -DA:49,258 -FN:56,HatsSignerGateHarness.exposed_checkOwner +DA:51,258 +FN:58,HatsSignerGateHarness.exposed_checkOwner FNDA:51,HatsSignerGateHarness.exposed_checkOwner -DA:57,51 -FN:60,HatsSignerGateHarness.exposed_checkUnlocked +DA:59,51 +FN:62,HatsSignerGateHarness.exposed_checkUnlocked FNDA:2,HatsSignerGateHarness.exposed_checkUnlocked -DA:61,2 -FN:64,HatsSignerGateHarness.exposed_lock +DA:63,2 +FN:66,HatsSignerGateHarness.exposed_lock FNDA:2,HatsSignerGateHarness.exposed_lock -DA:65,2 -FN:68,HatsSignerGateHarness.exposed_setDelegatecallTarget -FNDA:768,HatsSignerGateHarness.exposed_setDelegatecallTarget -DA:69,768 -FN:72,HatsSignerGateHarness.exposed_setClaimableFor +DA:67,2 +FN:70,HatsSignerGateHarness.exposed_setDelegatecallTarget +FNDA:769,HatsSignerGateHarness.exposed_setDelegatecallTarget +DA:71,769 +FN:74,HatsSignerGateHarness.exposed_setClaimableFor FNDA:257,HatsSignerGateHarness.exposed_setClaimableFor -DA:73,257 -FN:76,HatsSignerGateHarness.exposed_registerSigner -FNDA:8675,HatsSignerGateHarness.exposed_registerSigner -DA:77,8675 -FN:80,HatsSignerGateHarness.exposed_addSigner -FNDA:10212,HatsSignerGateHarness.exposed_addSigner -DA:81,10212 -FN:84,HatsSignerGateHarness.exposed_removeSigner -FNDA:769,HatsSignerGateHarness.exposed_removeSigner -DA:85,769 -FN:88,HatsSignerGateHarness.exposed_setOwnerHat +DA:75,257 +FN:78,HatsSignerGateHarness.exposed_registerSigner +FNDA:8550,HatsSignerGateHarness.exposed_registerSigner +DA:79,8550 +FN:82,HatsSignerGateHarness.exposed_addSigner +FNDA:9606,HatsSignerGateHarness.exposed_addSigner +DA:83,9606 +FN:86,HatsSignerGateHarness.exposed_removeSigner +FNDA:771,HatsSignerGateHarness.exposed_removeSigner +DA:87,771 +FN:90,HatsSignerGateHarness.exposed_setOwnerHat FNDA:257,HatsSignerGateHarness.exposed_setOwnerHat -DA:89,257 -FN:92,HatsSignerGateHarness.exposed_addSignerHats +DA:91,257 +FN:94,HatsSignerGateHarness.exposed_addSignerHats FNDA:1287,HatsSignerGateHarness.exposed_addSignerHats -DA:93,1287 -FN:96,HatsSignerGateHarness.exposed_setThresholdConfig -FNDA:3337,HatsSignerGateHarness.exposed_setThresholdConfig -DA:97,3080 -FN:100,HatsSignerGateHarness.exposed_countValidSigners +DA:95,1287 +FN:98,HatsSignerGateHarness.exposed_setThresholdConfig +FNDA:3339,HatsSignerGateHarness.exposed_setThresholdConfig +DA:99,3082 +FN:102,HatsSignerGateHarness.exposed_countValidSigners FNDA:257,HatsSignerGateHarness.exposed_countValidSigners -DA:101,257 -FN:104,HatsSignerGateHarness.exposed_countValidSignatures +DA:103,257 +FN:106,HatsSignerGateHarness.exposed_countValidSignatures FNDA:1028,HatsSignerGateHarness.exposed_countValidSignatures -DA:109,1028 -FN:112,HatsSignerGateHarness.exposed_checkModuleTransaction -FNDA:769,HatsSignerGateHarness.exposed_checkModuleTransaction -DA:113,769 -FN:116,HatsSignerGateHarness.exposed_checkSafeState +DA:111,1028 +FN:114,HatsSignerGateHarness.exposed_checkModuleTransaction +FNDA:772,HatsSignerGateHarness.exposed_checkModuleTransaction +DA:115,772 +FN:118,HatsSignerGateHarness.exposed_checkSafeState FNDA:261,HatsSignerGateHarness.exposed_checkSafeState -DA:117,261 -FN:120,HatsSignerGateHarness.exposed_enableModule +DA:119,261 +FN:122,HatsSignerGateHarness.exposed_enableModule FNDA:0,HatsSignerGateHarness.exposed_enableModule -DA:121,0 -FN:124,HatsSignerGateHarness.exposed_setGuard +DA:123,0 +FN:126,HatsSignerGateHarness.exposed_setGuard FNDA:0,HatsSignerGateHarness.exposed_setGuard -DA:125,0 -FN:128,HatsSignerGateHarness.exposed_getRequiredValidSignatures +DA:127,0 +FN:130,HatsSignerGateHarness.exposed_getRequiredValidSignatures FNDA:1542,HatsSignerGateHarness.exposed_getRequiredValidSignatures -DA:129,1542 -FN:132,HatsSignerGateHarness.exposed_getNewThreshold -FNDA:9644,HatsSignerGateHarness.exposed_getNewThreshold -DA:133,9644 -FN:136,HatsSignerGateHarness.exposed_existingOwnersHash -FNDA:256,HatsSignerGateHarness.exposed_existingOwnersHash -DA:137,256 -FN:140,HatsSignerGateHarness.exposed_existingThreshold -FNDA:256,HatsSignerGateHarness.exposed_existingThreshold -DA:141,256 -FN:144,HatsSignerGateHarness.exposed_existingFallbackHandler -FNDA:256,HatsSignerGateHarness.exposed_existingFallbackHandler -DA:145,256 -FN:148,HatsSignerGateHarness.exposed_operation +DA:131,1542 +FN:134,HatsSignerGateHarness.exposed_getNewThreshold +FNDA:9031,HatsSignerGateHarness.exposed_getNewThreshold +DA:135,9031 +FN:138,HatsSignerGateHarness.exposed_existingOwnersHash +FNDA:257,HatsSignerGateHarness.exposed_existingOwnersHash +DA:139,257 +FN:142,HatsSignerGateHarness.exposed_existingThreshold +FNDA:257,HatsSignerGateHarness.exposed_existingThreshold +DA:143,257 +FN:146,HatsSignerGateHarness.exposed_existingFallbackHandler +FNDA:257,HatsSignerGateHarness.exposed_existingFallbackHandler +DA:147,257 +FN:150,HatsSignerGateHarness.exposed_operation FNDA:0,HatsSignerGateHarness.exposed_operation -DA:149,0 -FN:152,HatsSignerGateHarness.exposed_guardEntries -FNDA:0,HatsSignerGateHarness.exposed_guardEntries -DA:153,0 -FN:157,HatsSignerGateHarness.exposed_checkTransaction +DA:151,0 +FN:154,HatsSignerGateHarness.exposed_reentrancyGuard +FNDA:0,HatsSignerGateHarness.exposed_reentrancyGuard +DA:155,0 +FN:158,HatsSignerGateHarness.exposed_initialNonce +FNDA:0,HatsSignerGateHarness.exposed_initialNonce +DA:159,0 +FN:162,HatsSignerGateHarness.exposed_entrancyCounter +FNDA:0,HatsSignerGateHarness.exposed_entrancyCounter +DA:163,0 +FN:167,HatsSignerGateHarness.exposed_checkTransaction FNDA:776,HatsSignerGateHarness.exposed_checkTransaction -DA:170,776 -DA:173,258 -DA:174,258 -DA:175,258 -DA:176,258 -DA:177,258 -FN:181,HatsSignerGateHarness.exposed_checkAfterExecution -FNDA:771,HatsSignerGateHarness.exposed_checkAfterExecution -DA:183,771 -DA:185,771 -FNF:30 +DA:180,776 +DA:183,258 +DA:184,258 +DA:185,258 +DA:186,258 +DA:187,258 +DA:188,258 +DA:189,258 +FN:193,HatsSignerGateHarness.exposed_checkAfterExecution +FNDA:514,HatsSignerGateHarness.exposed_checkAfterExecution +DA:194,514 +FNF:32 FNH:26 -LF:35 -LH:31 +LF:38 +LH:32 BRF:0 BRH:0 end_of_record @@ -1329,9 +1343,9 @@ end_of_record TN: SF:test/mocks/TestGuard.sol FN:20,TestGuard. -FNDA:633,TestGuard. -DA:21,633 -DA:22,633 +FNDA:600,TestGuard. +DA:21,600 +DA:22,600 FN:25,TestGuard.setModule FNDA:0,TestGuard.setModule DA:26,0 @@ -1360,9 +1374,9 @@ BRDA:56,4,0,2 BRDA:56,4,1,2 DA:58,2 FN:61,TestGuard.setUp -FNDA:633,TestGuard.setUp -DA:62,633 -DA:63,633 +FNDA:600,TestGuard.setUp +DA:62,600 +DA:63,600 FNF:6 FNH:5 LF:13