Initiative Title

Provide a concise and descriptive title for your initiative. Use the format [Draft/Discussion] [OBRA] Your Initiative Title - Author for submission.

Role-based Access Control & Pilot Browser Extension – Gnosis Guild

Previous Discussion

Provide links to any relevant previous discussion

Phase 0 Thread

Abstract

Provide a brief summary of your initiative

This is a proposal to integrate Gnosis Guild’s Roles Mod into the Safe Core SDK, Safe Wallet, and Pilot Browser Extension.

Aligned Strategy

Which pre-approved strategy is this initiative driving forward?

Strategy 2: Foster Module Ecosystem

Funding request:

What resources are being requested from SafeDAO in USDC?

180.000 USDC

If applicable, upfront funding:

Indicate if upfront funding is needed. Refer to 'Payout’ under Get funding from SafeDAO for lump sum payment options.

N/A

Relation to budget:

State the requested funding as a percentage of the total initiative budget (e.g. if you ask for 50k for Strategy 1: 25%)*

60%

Metrics and KPIs:

Which metrics and KPIs will the initiative be measured against?*

1. Impact on governance participation (direct attributable increase in participation through tool):

2. Increase in TVL in Safes with Roles Mod (Roles) enabled

3. Increase in Total number of Safes with Roles enabled

4. Increase in developer engagement with Roles

Initiative description:

What is the initiative about?

Gnosis Guild plans to extend Safe’s core functions by developing and integrating specific mods in their modular tool suite, Zodiac. The impact of this work will increase the interoperability and modularity of the Safe ecosystem, enhance overall ecosystem security, and facilitate easier adoption of Safe wallets. As a result, we estimate an increase in TVL in Safes with these changes.

For this initiative, we will extend Safe’s core functionalities and increase Safe wallet TVL by natively integrating the Roles Mod (Roles) into Safe Wallet and Safe Core SDK. The mod allows Safe owners to extend secure transaction permissions to any member address through flexible, customizable roles.

Roles is steadily becoming a core piece of infrastructure for the Safe ecosystem, providing fine-grained access control on top of Safe and powering karpatkey’s treasury asset management (expected to drive billions in Safe TVL). A tight integration would provide expressive and granular permissions to all Safe wallets, expanding on and eventually replacing the Spending Limit module. It would also create more secure transaction environments through Roles’s meticulous permission scoping and access control safeguards.

This integration would also include a new and vastly improved version of Roles. For over a year, karpatkey has been managing multiple large-scale DAO treasuries (GnosisDAO, ENS, Balancer, etc.) using v1 of the Roles mod. The design and implementation of Roles mod v2 is informed largely on learnings from these use cases, along with a handful of other current and upcoming use cases. Aside from a significant refactor, v2 includes a handful of new features:

• threshold limits
• rate limits
• arbitrary parameter decoding
• support for complex parameter types (tuples, arrays, arrays of tuples, etc)
• new comparison types
• custom comparison types

We plan to add support for Roles by opening a PR to the safe-wallet-web repo, integrating the mod in a similar way to the current integration of the Allowances Mod. To further enhance developer accessibility, we will create comprehensive documentation for the Roles SDK, along with adding Roles as a kit to the Safe Core SDK. This not only fosters ease of adoption but also encourages the creation of and compatibility with future role- and permission-based Safe modules.

Finally, we also plan to further develop and improve Pilot, a user-friendly Chrome extension that makes it much easier and more efficient for Safe wallets to interact with dapps. Pilot allows for batching multiple transactions to save on gas, routing transactions through modules, simulating transactions with Tenderly for accuracy, and submitting transactions directly to Safe for signing. The whole process occurs directly within the dapp’s interface and is designed to work synergistically and seamlessly with Roles.

Current status:

Does the offering (product/service) already exist or is the funding used to create it?

The Roles Mod v1 and v2 contracts have already been implemented and audited, along with a Roles Safe app and SDK supporting Roles Mod v1. Roles Mod v2 is not yet fully integrated into the Roles Safe app and Roles SDK, and has yet to integrate with the Safe Core SDK and Safe Wallet. Funding will be used to complete these integrations.

Risks:

What risks does the initiative entail?

The obvious risks involved are implementation and execution risks. Given our years of experience building secure Zodiac modules, we find these risks minimal.

Timeline and milestones:

Provide a detailed timeline or roadmap, include key milestones

Initiative lead:

Who is the accountable initiative lead? (individual or organization)

Gnosis Guild

Team:

How many individuals in total will be working on this initiative and what role do they have? Please provide a brief background of the team members, highlighting their relevant experience and expertise

Gnosis Guild would assign a full pod (one designer/PM and two engineers) to this initiative for 16 weeks.

Additional support/resources:

Are there any resources (non-financial) requested from the Safe Ecosystem Foundation or the core contributors?

None

Implementation dependencies:

Does the implementation of this initiative require any prior changes in the current governance processes, e.g., updates to the governance framework, or have any other dependency? If yes, please specify these. Note that the funding of the initiative will be dependent on the approval and (if needed) successful implementation of such necessary governance modifications or any other dependency.

This proposal has no dependencies.

Opportunity

Improving access controls is one of the largest opportunities to improve security and UX of self-owned digital accounts.

I’ve shared thoughts on the forum and started open info (OI) that focus on interacting with apps.

Does v1 and v2 make it easier for developers to create UX that allows users to manage Safe access controls for signing in to apps?

Safe access controls for apps

Benefits

• Managing sign-in access controls with Safe has the potential to improve UX and security
• Sign-in is secured by the Safe account
• Sign-in is fast and easy with access controls provided to easily accessible externally owned accounts (EOAs) on web browsers, mobile, etc.
• Accounts with access to apps (Sign-in, reading, writing, etc) can be existing Safe approval accounts (Aka signers) of the given Safe or other accounts defined

Example

I provide access control from my Safe account that is associated to my Fileverse (Writing, publishing, and data storage) app

• I allow my MetaMask web browser account to sign-in to Fileverse and write files to Fileverse on behalf of the Safe account.
  • My 3 of 5 approvers from my Safe account approves these ongoing access controls.
• I make sure the less secure MetaMask account has no transfer of ownership access with the Fileverse app.
• Ownership access control remains fully controlled by the 3 of 5 Safe account.

Sample apps to assign Safe access controls to

• Skiff
• Fileverse
• Farcaster
• Lens Protocol
• XMTP
• Push Chat
• Nimi

As a delegate with sufficient voting power, I can confirm that this is ready to move to a vote!

I am a Safe Guardian with sufficient voting power and I believe this proposal is ready to move to a vote. Supportive.

As a delegate with sufficient voting power and I believe this proposal is ready to move to a vote.

OBRA update

Over the last 3 months, Gnosis Guild has made significant progress on the completion of SEP 14 milestones. Roles Safe App now supports Roles v2, Roles v2 has been integrated into Safe{Wallet}, and the Pilot extension improvements are complete.

During development explorations, we hit a roadblock with the Safe{Core} integration that resulted in a rescoping of this specific deliverable. While we won’t be able to complete the Roles integration into Safe{Core} as originally scoped, we have made significant progress and completed all other milestones. Due to this shift in prioritization and focus, we are writing this update to provide context on:

• The status of our original scope
• Details of the blocker(s)
• Our revised scope

While Gnosis Guild has successfully developed and implemented Apps within Safe, this proposal was our first attempt at integrating a module into Safe{Core} SDK. During the kick-off meeting for SEP-14, we learned that the Safe{Core} team had recently mandated all Core modules to be compatible with ERC-4337. Following an extensive research period, we concluded that achieving compatibility between Roles and 4337 would extend beyond the scope of the original proposal as it would require a major reworking of the Roles contracts. Therefore, in the interest of making progress toward identified outcomes and the overall strategy, we reprioritized to focus additional resources on:

a) Advancing the Roles SDK to be functionally equivalent to a Safe{Core} Kit, ready to be integrated and used to power the {Wallet} integration.
b) Development of a “Permissions as Code” approach through tools and templates for programmatic management of permissions, making it easier for developers and technical users to get started with Roles: GitHub - gnosisguild/permissions-starter-kit: Out of the box starting point for managing Zodiac Roles permissions
c) Phase 2 Safe{Wallet} integration — research into a more extensive Phase 2 Roles Wallet integration, with mockups and review from the Wallet team.

Original Proposed Scope:

Revised Scope: