[Discussion] Integrating the Ethereum Distribution System (EDS) with Gnosis Safe

Authors: peersky.eth ( tim@peeramid.xyz )

Created: 2024-10-31

Abstract

This proposal suggests integrating the Ethereum Distribution System (EDS) developed by Peeramid Labs with the Gnosis Safe wallet to increase SAFE ecosystem decentralized security measures, streamline and enhance the distribution of smart contract assets within the Safe DAO.

By leveraging EDS, Safe DAO can achieve a more efficient, transparent, and secure method for distributing and managing multi-signature wallet contract infrastructure, it aims to enhancing the overall ecosystem security and operational efficiency of the DAO.

This proposal addresses multiple ORBA goals such as Safe token utility & Foster module ecosystem

Proposal types

State which proposal type this proposal belongs to.
SEP: Constitutional Proposals
SEP: Governance Proposals
Other SEPs

Proposal details

Purpose and Background

Background
Ethereum Distribution system is an on-chain generalizable factory interface & implementation.
It enables secure, user-centric code distribution, with heavy security and reusability in mind.

Particular features include:

• Versioning: deploys semantic versioning on chain.
• Proxy tolerance: Refers distribution code by codehash.
• Runtime security: Built in middleware hooks provision runtime security market.
• Stakeholder concern separation: Distributors / Developers / Users.
• Reusability: Developers can refer other distributions when building own.
• Source of trust: Distributions launched from same source may be designed to trust each other, reducing needs for app specific approvals.
• Monetization: Instantiating from source of trust may be paid event.
• Widespread vulnerability management: O(1) to stop vulnerable distributions

This project is developed as a holistic response to a generic concern of widespread vulnerability threats and possible on-chain solutions that I spoke during ETH Taipei 2024, for more background please refer to this youtube recording

Purpose

The primary goals of this proposal are to:

1. Establish a Secure and Efficient Distribution System: Implement the Ethereum Distribution System (EDS) to streamline the deployment and management of Gnosis Safe smart contract infrastructure, ensuring robust security and operational efficiency.
2. Enhance On-Chain Security and Transparency: Integrate EDS to enable on-chain versioning, runtime security checks, and rapid vulnerability responses, increasing the security and transparency of Safe wallets.
3. Empower Developers and Foster Ecosystem Growth: Provide developers with a standardized and reusable platform for building and distributing Safe modules and extensions, fostering a thriving module ecosystem.
4. Mitigate UI Vulnerabilities: Implement EDS’s on-chain UI URI specification management and runtime verification to provision infrastructure for couping with vulnerabilities like those exploited in the recent Bybit hack, ensuring safer user interactions.

Proposal

This proposal outlines the implementation of the Ethereum Distribution System (EDS) for Gnosis Safe wallets, with specific adjustments to cater to the Safe ecosystem’s needs.

Key Adjustments:

• Safe Guard Extension: A custom EDS Safe Guard extension will be developed. This extension will enable Safe wallets to directly own and manage their EDS “installer” contract, providing users with greater control over their wallet’s security and upgradeability.

Deliverables:

• Safe DAO owned EDS Distributor contract: This contract will manage the distribution of Safe smart contract infrastructure.
  • Developers can contribute to this repository, expanding the Safe ecosystem with new modules, extensions, and security features.
• Safe DAO owned Wallets Repository contract: This repository will implement smart contract distribution according to EDS standards, allowing developers to securely package and reuse Safe code.
  • Safe DAO owned User Interface Repository: This repository will link specific versions of Safe wallets (or individual distributions) with whitelisted user interface (UI) URI specifications. This ensures that only trusted by the DAO UIs can interact with Safe wallets, mitigating risks associated with compromised or malicious UIs.

One Year Support:

• Dedicated Support Line: Peeramid Labs will provide a dedicated support channel to address technical questions and gather feedback from the Gnosis developer community.
• Developer Tooling: To streamline the creation and distribution of new EDS versions, modules, and guards, Peeramid Labs will develop and provide comprehensive developer tooling.
• Governance Support: Peeramid Labs will assist in creating governance proposals for adding new Safe versions to the repository and provide ongoing technical support.
• Educational Sessions: Peeramid Labs will host at least 5 educational workshops (online or in person) to explain the new mechanics and functionalities available to developers, and provide comprehensive documentation for building and migrating existing Safe solutions to EDS.

Effects and Impact Analysis

Pros:

• ORBA [Safe DAO token utility]: The EDS distributor model allows for

  • A decentralized security oracle market, where users can choose and pay for runtime security services on a subscription basis, potentially increasing Safe token utility.
  • Requiring utility payments for usage of DAO Distributor contract including verifying runtime security with DAO security council & charging for new wallet instantiations

• ORBA [Foster module ecosystem]: EDS fosters a robust Safe module ecosystem by enabling:

  • Developers to reuse and extend existing Safe modules and guards.
  • The Safe DAO to curate and distribute high-quality modules through its repositories.
  • Easy integration of Safe wallets into other projects and distributions.

• Efficiency:

  • Reduced Development Time: Gnosis DAO developers can save significant time by leveraging EDS’s built-in factory functionality, eliminating the need to build and maintain their own distribution pipeline. This allows them to focus on core Safe wallet development and innovation.

• Security:

  • Runtime Security Checks: EDS enables runtime security checks through middleware, allowing for continuous monitoring and mitigation of potential vulnerabilities.
  • Decentralized Security Oracles: Users can opt-in to security services provided by various oracles, enhancing the overall security posture.
  • Rapid Vulnerability Response: In the event of a vulnerability, distributors can quickly disable or upgrade affected instances, minimizing potential damage.

• Transparency and Accountability:

  • On-Chain Versioning: EDS provides a clear and auditable record of all Safe distributions and versions, enhancing transparency and accountability within the DAO.
  • Clear Stakeholder Separation: The distinct roles of developers, users, the DAO, and security firms within the EDS framework further enhance transparency and accountability.

• Reduced Operational Overhead: EDS automates many routine tasks related to distribution and management, reducing the operational burden on DAO members.

• Scalability: EDS facilitates easier scaling of Safe distribution as the DAO grows, without a corresponding increase in manual workload.

• Semantic Versioning: Safe accounts can utilize EDS’s built-in semantic versioning system, enabling features like EIP712 signature integration.

Cons:

• Complexity: The initial setup and integration of EDS may require specialized expertise.

Mitigation:

• Comprehensive Documentation and Support: Peeramid Labs will provide detailed documentation, tutorials, and dedicated support to assist with the integration process.
• External Audits: Thorough audits of the EDS implementation will be conducted to ensure security and mitigate potential risks.

Risks:

• Technical Risks: Potential bugs or vulnerabilities in the EDS or integration process.
  • Mitigation: Rigorous testing and audits will be conducted to minimize these risks.
• Operational Risks: Mismanagement or misconfiguration could lead to distribution errors.
  • Mitigation: Strict governance procedures will be implemented for managing DAO-controlled distributor contracts and repositories. All proposals for listing new distributions will undergo thorough analysis and audits before approval.

Alternative Solutions

While there is currently no other global, on-chain distribution system like EDS, the Safe DAO could consider developing its own distribution system and factories. However, this approach has significant drawbacks:

• Resource Intensive: Developing and maintaining a custom solution would require significant development time and resources, diverting focus from the Safe DAO’s core objectives.
• Fragmentation: Creating a separate system could lead to fragmentation within the Safe ecosystem, hindering interoperability and collaboration.
• Limited Functionality: A custom solution might not offer the same level of functionality and security as EDS, which has been specifically designed for secure and efficient code distribution.
• Reduced Community Adoption: A proprietary system might not gain the same level of community adoption and support as an open-source, standardized solution like EDS.

Therefore, leveraging the existing EDS framework offers a more efficient, secure, and collaborative approach for the Safe DAO.

Implementation

The implementation of EDS for Gnosis Safe will involve the following steps:

High-Level Architecture:

The provided diagram illustrates the key components and interactions within the EDS ecosystem for Gnosis Safe.

• Distributors: Independent developers and the Safe DAO can act as distributors, creating and managing distributions of Safe contracts and modules.
• Repositories: The Safe DAO will maintain repositories for Safe Wallets and User Interfaces, ensuring that only trusted and secure versions are available.
• Safe Guard Extension: Each Safe wallet will utilize a Safe Guard extension that allows it to interact with the EDS system and verify the authenticity of distributions and UIs.
• Users: Users can instantiate Safe wallets from trusted distributions and choose to integrate with third-party security middleware for enhanced protection.

One-Time Effort:

• EDS Smart Contract Development:
  • Complete outstanding issues in the EDS repository.
  • Implement version upgradability functionality.
  • Conduct thorough security assessments and audits.
• SDK Development:
  • Enhance the existing EDS SDK with new methods and CLI tools to simplify developer workflows.
• Distributor Contract Setup:
  • Deploy a Safe DAO-managed distributor contract to handle the distribution of Safe smart contract infrastructure.
  • Include an emergency security hook for the DAO security council to address critical vulnerabilities.
• On-Chain Repositories:
  • Deploy and configure Safe DAO-managed repositories for Safe Wallets and User Interfaces.
• Safe Guard Extension Development:
  • Develop a custom EDS Safe Guard extension that allows Safe wallets to own and manage their installer contracts.
• UI Development:
  • Develop user interfaces for developers and distributors to interact with the EDS system and manage distributions.

One Year Support:

• Dedicated Support: Peeramid Labs will provide a dedicated support channel for the Gnosis developer community.
• Developer Tooling: Continued development and support for EDS developer tooling.
• Governance Support: Assistance with creating governance proposals and providing technical guidance.
• Educational Sessions: Conduct workshops and provide documentation to educate developers on utilizing EDS for Safe development.

Own implementation possible
Own implementation but with funding (how much % to implementation)
Request for tech

Open Questions

1. EDS Governance:

   • Should EDS be managed as an independent DAO? Given that EDS has the potential to benefit a wide range of projects beyond Gnosis Safe, it could be structured as its own DAO, similar to ENS. This would allow for broader community governance and potentially greater adoption.
   • What are the potential benefits and drawbacks of establishing an independent EDS DAO? We encourage the community to discuss the implications of this approach, considering factors such as funding, governance structure, and long-term sustainability.

2. Major Version Upgrades:

   • Community Support for User-Driven Upgradability: EDS enables user-driven upgrades to major versions of Safe wallets through migration scripts. This feature offers significant flexibility but requires complex implementation. We would like to gauge the community’s support for this functionality and understand any potential concerns.
   • Alternative Upgrade Mechanisms: If user-driven upgrades are not prioritized, we can explore alternative upgrade mechanisms that may be less complex to implement, but potentially offer less flexibility for users.

We welcome the community’s feedback and suggestions on these open questions to ensure that the implementation of EDS aligns with the needs and priorities of the Gnosis Safe ecosystem.

Funding Request

To implement and support the integration of EDS with Gnosis Safe, Peeramid Labs requests the following funding:

One-Time Costs:

• Safe Guard Extension Development: $10,000 (1 month FTE)
• EDS Smart Contract Development & Enhancements: $20,000 (2 months FTE)
• Major Version Migration Workflows (Optional): $20,000 (2 months FTE)
  • This item is optional and depends on the community’s decision regarding user-driven upgrades.
• SDK Improvements: $10,000 (1 month FTE)
• Security Audits: $[audit cost]
  • We are actively seeking potential partners for co-funding security audits to ensure the highest level of security for the EDS implementation.

Ongoing Support (One Year):

• Dedicated Support & Maintenance: $25,000

Total Funding Requested: $85,000 USD (+ Audits & Optional Major Version Upgrades)

Justification:

This funding will enable Peeramid Labs to deliver a robust and secure EDS integration for Gnosis Safe, resulting in:

• Enhanced Security: Reduced vulnerability risks and improved user protection.
• Increased Efficiency: Streamlined development processes and reduced operational overhead for the Safe DAO.
• Ecosystem Growth: Fostering a thriving module ecosystem with greater developer participation and innovation.

We believe that this investment will provide significant value to the Gnosis Safe ecosystem and contribute to its long-term success.

About Peeramid Labs

Peeramid Labs is a collective of seasoned professionals with diverse backgrounds in blockchain, Web3, governance, AI, and research, signal theory and devices, as well as academic research. Our mission is to accelerate the adoption of decentralized, merit-based organizations through the development of tools and provision of services that cultivate trust and transparency.

We actively contribute to Ethereum development and public goods, including security-focused standards proposals like ERC7746 and EIP7784; identifying critical vulnerabilities in Ethereum; and prospective R&D projects like Ethereum Distribution System (EDS) libraries and Rankify - a decentralized discourse protocol for DAOs.

Our team’s past experience includes spearheading Institutional, DAO, and enterprise-level Web3 projects. Our founders have previously worked at OpenZeppelin with high-profile clients such as the Bank of International Settlements.

Furthermore, we are members of the Ethereum Enterprise Alliance and contributors to DeFi Risk Assessment Guidelines.

Copyright

Copyright and related rights waived via CC0.

Hey @peersky, thank you for the proposal! Noting that the funding ask might benefit from clarification — could you add something along the lines of a ‘total funding request’ to summarize the total amount requested?

cheers!

and input of old gnosis json key wayback 2016

@amanwithwings We are getting back to this as in contedxt of recent bybit incident it becomes even more actual. We’ve refined our proposal with

• More details
• Budget clarification

Looking forward for feedback, and working with Safe Community!