[SEP #14] [OBRA] Role-based Access Control & Pilot Browser Extension -- Gnosis Guild

Initiative Title

Provide a concise and descriptive title for your initiative. Use the format [Draft/Discussion] [OBRA] Your Initiative Title - Author for submission.

Role-based Access Control & Pilot Browser Extension – Gnosis Guild

Previous Discussion

Provide links to any relevant previous discussion

Phase 0 Thread


Provide a brief summary of your initiative

This is a proposal to integrate Gnosis Guild’s Roles Mod into the Safe Core SDK, Safe Wallet, and Pilot Browser Extension.

Aligned Strategy

Which pre-approved strategy is this initiative driving forward?

Strategy 2: Foster Module Ecosystem

Funding request:

What resources are being requested from SafeDAO in USDC?

180.000 USDC

If applicable, upfront funding:

Indicate if upfront funding is needed. Refer to 'Payout’ under Get funding from SafeDAO for lump sum payment options.


Relation to budget:

State the requested funding as a percentage of the total initiative budget (e.g. if you ask for 50k for Strategy 1: 25%)*


Metrics and KPIs:

Which metrics and KPIs will the initiative be measured against?*

  1. Impact on governance participation (direct attributable increase in participation through tool):

  2. Increase in TVL in Safes with Roles Mod (Roles) enabled

  3. Increase in Total number of Safes with Roles enabled

  4. Increase in developer engagement with Roles

Initiative description:

What is the initiative about?

Gnosis Guild plans to extend Safe’s core functions by developing and integrating specific mods in their modular tool suite, Zodiac. The impact of this work will increase the interoperability and modularity of the Safe ecosystem, enhance overall ecosystem security, and facilitate easier adoption of Safe wallets. As a result, we estimate an increase in TVL in Safes with these changes.

For this initiative, we will extend Safe’s core functionalities and increase Safe wallet TVL by natively integrating the Roles Mod (Roles) into Safe Wallet and Safe Core SDK. The mod allows Safe owners to extend secure transaction permissions to any member address through flexible, customizable roles.

Roles is steadily becoming a core piece of infrastructure for the Safe ecosystem, providing fine-grained access control on top of Safe and powering karpatkey’s treasury asset management (expected to drive billions in Safe TVL). A tight integration would provide expressive and granular permissions to all Safe wallets, expanding on and eventually replacing the Spending Limit module. It would also create more secure transaction environments through Roles’s meticulous permission scoping and access control safeguards.

This integration would also include a new and vastly improved version of Roles. For over a year, karpatkey has been managing multiple large-scale DAO treasuries (GnosisDAO, ENS, Balancer, etc.) using v1 of the Roles mod. The design and implementation of Roles mod v2 is informed largely on learnings from these use cases, along with a handful of other current and upcoming use cases. Aside from a significant refactor, v2 includes a handful of new features:

  • threshold limits
  • rate limits
  • arbitrary parameter decoding
  • support for complex parameter types (tuples, arrays, arrays of tuples, etc)
  • new comparison types
  • custom comparison types

We plan to add support for Roles by opening a PR to the safe-wallet-web repo, integrating the mod in a similar way to the current integration of the Allowances Mod. To further enhance developer accessibility, we will create comprehensive documentation for the Roles SDK, along with adding Roles as a kit to the Safe Core SDK. This not only fosters ease of adoption but also encourages the creation of and compatibility with future role- and permission-based Safe modules.

Finally, we also plan to further develop and improve Pilot, a user-friendly Chrome extension that makes it much easier and more efficient for Safe wallets to interact with dapps. Pilot allows for batching multiple transactions to save on gas, routing transactions through modules, simulating transactions with Tenderly for accuracy, and submitting transactions directly to Safe for signing. The whole process occurs directly within the dapp’s interface and is designed to work synergistically and seamlessly with Roles.

Current status:

Does the offering (product/service) already exist or is the funding used to create it?

The Roles Mod v1 and v2 contracts have already been implemented and audited, along with a Roles Safe app and SDK supporting Roles Mod v1. Roles Mod v2 is not yet fully integrated into the Roles Safe app and Roles SDK, and has yet to integrate with the Safe Core SDK and Safe Wallet. Funding will be used to complete these integrations.


What risks does the initiative entail?

The obvious risks involved are implementation and execution risks. Given our years of experience building secure Zodiac modules, we find these risks minimal.

Timeline and milestones:

Provide a detailed timeline or roadmap, include key milestones

Week Focus Outcomes USDC $SAFE
1-4 Development Roles Safe App supports Roles v2. 45.000 N/A
5-8 Development, Design, Documentation Roles v2 kit is implemented in Safe Core SDK. Roles v2 is ready to be integrated natively into Safe Wallet. 70.000 N/A
9-16 Development Roles v2 is integrated natively into Safe Wallet. Roles v2 is integrated into the Pilot Chrome extension. 65.000 N/A

Initiative lead:

Who is the accountable initiative lead? (individual or organization)

Gnosis Guild


How many individuals in total will be working on this initiative and what role do they have? Please provide a brief background of the team members, highlighting their relevant experience and expertise

Gnosis Guild would assign a full pod (one designer/PM and two engineers) to this initiative for 16 weeks.

Additional support/resources:

Are there any resources (non-financial) requested from the Safe Ecosystem Foundation or the core contributors?


Implementation dependencies:

Does the implementation of this initiative require any prior changes in the current governance processes, e.g., updates to the governance framework, or have any other dependency? If yes, please specify these. Note that the funding of the initiative will be dependent on the approval and (if needed) successful implementation of such necessary governance modifications or any other dependency.

This proposal has no dependencies.



Improving access controls is one of the largest opportunities to improve security and UX of self-owned digital accounts.

I’ve shared thoughts on the forum and started open info (OI) that focus on interacting with apps.

Does v1 and v2 make it easier for developers to create UX that allows users to manage Safe access controls for signing in to apps?

Safe access controls for apps


  • Managing sign-in access controls with Safe has the potential to improve UX and security
  • Sign-in is secured by the Safe account
  • Sign-in is fast and easy with access controls provided to easily accessible externally owned accounts (EOAs) on web browsers, mobile, etc.
  • Accounts with access to apps (Sign-in, reading, writing, etc) can be existing Safe approval accounts (Aka signers) of the given Safe or other accounts defined


I provide access control from my Safe account that is associated to my Fileverse (Writing, publishing, and data storage) app

  • I allow my MetaMask web browser account to sign-in to Fileverse and write files to Fileverse on behalf of the Safe account.
    • My 3 of 5 approvers from my Safe account approves these ongoing access controls.
  • I make sure the less secure MetaMask account has no transfer of ownership access with the Fileverse app.
  • Ownership access control remains fully controlled by the 3 of 5 Safe account.

Sample apps to assign Safe access controls to


As a delegate with sufficient voting power, I can confirm that this is ready to move to a vote!


I am a Safe Guardian with sufficient voting power and I believe this proposal is ready to move to a vote. Supportive.


As a delegate with sufficient voting power and I believe this proposal is ready to move to a vote.