[Discussion] [OBRA] Role-based Access Control & Pilot Browser Extension – Gnosis Guild

Aligned strategy:

Strategy 2: Foster Module Ecosystem

Funding request:

180.000 USDC

Relation to budget:

60%

Metrics:

1. Increase in TVL in Safes with Roles Mod (Roles) enabled
2. Increase in Total number of Safes with Roles enabled
3. Increase in developer engagement with Roles

Initiative description:

Gnosis Guild plans to extend Safe’s core functions by developing and integrating specific mods in their modular tool suite, Zodiac. The impact of this work will increase the interoperability and modularity of the Safe ecosystem, enhance overall ecosystem security, and facilitate easier adoption of Safe wallets. As a result, we estimate an increase in TVL in Safes with these changes.

For this initiative, we will extend Safe’s core functionalities and increase Safe wallet TVL by natively integrating the Roles Mod (Roles) into Safe Wallet and Safe Core SDK. The mod allows Safe owners to extend secure transaction permissions to any member address through flexible, customizable roles.

Roles is steadily becoming a core piece of infrastructure for the Safe ecosystem, providing fine-grained access control on top of Safe and powering karpatkey’s treasury asset management (expected to drive billions in Safe TVL). A tight integration would provide expressive and granular permissions to all Safe wallets, expanding on and eventually replacing the Spending Limit module. It would also create more secure transaction environments through Roles’s meticulous permission scoping and access control safeguards.

This integration would also include a new and vastly improved version of Roles. For over a year, karpatkey has been managing multiple large-scale DAO treasuries (GnosisDAO, ENS, Balancer, etc.) using v1 of the Roles mod. The design and implementation of Roles mod v2 is informed largely on learnings from these use cases, along with a handful of other current and upcoming use cases. Aside from a significant refactor, v2 includes a handful of new features:

• threshold limits
• rate limits
• arbitrary parameter decoding
• support for complex parameter types (tuples, arrays, arrays of tuples, etc)
• new comparison types
• custom comparison types

We plan to add support for Roles by opening a PR to the safe-wallet-web repo, integrating the mod in a similar way to the current integration of the Allowances Mod. To further enhance developer accessibility, we will create comprehensive documentation for the Roles SDK, along with adding Roles as a kit to the Safe Core SDK. This not only fosters ease of adoption but also encourages the creation of and compatibility with future role- and permission-based Safe modules.

Finally, we also plan to further develop and improve Pilot, a user-friendly Chrome extension that makes it much easier and more efficient for Safe wallets to interact with dapps. Pilot allows for batching multiple transactions to save on gas, routing transactions through modules, simulating transactions with Tenderly for accuracy, and submitting transactions directly to Safe for signing. The whole process occurs directly within the dapp’s interface and is designed to work synergistically and seamlessly with Roles.

Current status:

The Roles Mod v1 and v2 contracts have already been implemented and audited, along with a Roles Safe app and SDK supporting Roles Mod v1. Roles Mod v2 is not yet fully integrated into the Roles Safe app and Roles SDK, and has yet to integrate with the Safe Core SDK and Safe Wallet. Funding will be used to complete these integrations.

Risks:

The obvious risks involved are implementation and execution risks. Given our years of experience building secure Zodiac modules, we find these risks minimal.

Timeline and milestones:

Initiative Lead

Gnosis Guild

Team

Gnosis Guild would assign a full pod (one designer/PM and two engineers) to this initiative for 16 weeks.

Additional support/resources:

None