🔨 contracts: add safe propose script

[itofarina]

Summary by CodeRabbit

• New Features

  • Add a script to propose transactions to Safe multisig wallets from JSON files.
  • Supports single-call and batched (multi-call) proposals; validates entries and sender consistency.
  • Automatically selects the correct Safe Transaction Service endpoint per chain and reports clear proposal errors.

• Chores

  • Updated spell-check wordlist with new terms.

---

[changeset-bot]

⚠️ No Changeset found

Latest commit: a60810e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new utility script designed to streamline the process of proposing transactions to Gnosis Safes. By reading transaction details from a JSON file, the script automates the creation and submission of single or batched transactions to the Safe Transaction Service API, enhancing efficiency and reducing manual effort for Safe operations across various EVM chains.

Highlights

• New Safe Propose Script: Added a new Solidity script, SafePropose.s.sol, designed to facilitate the proposal of transactions to Gnosis Safes.
• JSON Input for Transactions: The script reads transaction details from a specified JSON file, allowing for flexible and structured input of transaction data.
• Single and Batch Transaction Support: It supports proposing both individual transactions and batched transactions, utilizing the IMultiSend interface for batch operations.
• Safe Transaction Service API Integration: The script interacts with the Safe Transaction Service API to submit transaction proposals, handling the necessary signing and API calls.
• Multi-Chain Compatibility: The script includes logic to determine the correct Safe Transaction Service API endpoint based on the current chain ID, supporting Ethereum, Optimism, Polygon, Base, and Arbitrum.

Changelog

• contracts/script/SafePropose.s.sol
  • Implemented a new Solidity script for proposing transactions to Gnosis Safes.
  • Added functionality to parse transaction data from a JSON input file.
  • Integrated with the Safe Transaction Service API for submitting transaction proposals.
  • Included support for batching multiple transactions using the IMultiSend interface.
  • Provided chain-specific API endpoint resolution for supported networks.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds SafePropose, a Solidity script that parses Safe deployment JSON into calls, enforces a single Safe sender and CALL types, builds single or multisend proposals, signs Safe transaction hashes, and POSTs proposals to the Safe Transaction Service; also updates spellcheck words.

Changes

Cohort / File(s)	Summary
SafePropose script contracts/script/SafePropose.s.sol	New SafePropose contract with run(string) entry. Probes and parses .transactions[*], enforces CALL type and consistent .from, builds Call structs, handles single propose or packed multiSend batch (operation 1), computes safeTxHash via ISafe.getTransactionHash, signs via vm.sign, derives sender with ecrecover, constructs JSON body (_body) and POSTs to Safe Tx Service endpoint (selected via _chainPrefix()). Adds Call struct, ISafe and IMultiSendCallOnly interfaces, MULTISEND constant and custom errors (EmptyBroadcast, NotACall, SenderMismatch, ProposalFailed, UnsupportedChain).
Spelling dictionary cspell.json	Adds "MULTISEND" and "oeth" to the spellcheck words list.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant File as JSON File
    participant Script as SafePropose
    participant Safe as ISafe
    participant Multi as IMultiSend
    participant API as Safe Tx Service

    User->>Script: run(filePath)
    Script->>File: read & parse JSON -> Call[]
    Script->>Script: validate single sender & types

    alt single call
        Script->>Safe: nonce()
        Safe-->>Script: nonce
        Script->>Safe: getTransactionHash(to,value,data,op=0,...,nonce)
        Safe-->>Script: safeTxHash
        Script->>Script: vm.sign(safeTxHash) -> signature
        Script->>API: POST proposal (body with safeTxHash, signature, nonce, sender)
        API-->>Script: 201 / error
    else multisend
        Script->>Script: encode multisend payload (calls -> bytes)
        Script->>Multi: prepare multisend calldata
        Script->>Safe: nonce()
        Safe-->>Script: nonce
        Script->>Safe: getTransactionHash(MULTISEND,0,payload,op=1,...,nonce)
        Safe-->>Script: safeTxHash
        Script->>Script: vm.sign(safeTxHash) -> signature
        Script->>API: POST proposal (body with safeTxHash, signature, nonce, sender)
        API-->>Script: 201 / error
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: addition of a new SafePropose script contract in the contracts directory.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch safe-propose

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sentry]

Codecov Report

❌ Patch coverage is 0% with 49 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.24%. Comparing base (c75db9b) to head (a60810e).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
contracts/script/SafePropose.s.sol	0.00%	49 Missing ⚠️

Additional details and impacted files

@@              Coverage Diff               @@
##           redeployer     #883      +/-   ##
==============================================
- Coverage       71.80%   71.24%   -0.57%     
==============================================
  Files             227      228       +1     
  Lines            8290     8287       -3     
  Branches         2660     2651       -9     
==============================================
- Hits             5953     5904      -49     
- Misses           2109     2156      +47     
+ Partials          228      227       -1     

Flag	Coverage Δ
e2e	52.49% <ø> (-19.15%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[devin-ai-integration]

Devin Review found 4 potential issues.

View 4 additional findings in Devin Review.

[devin-ai-integration]

🔴 Explanatory comment violates AGENTS.md "no comments" rule

The inline comment // github.com/safe-global/safe-deployments v1.4.1 on line 16 is explanatory prose documenting the source of the MULTISEND address. AGENTS.md explicitly states: "this codebase does not use comments. the only exception is static analysis annotations (@ts-expect-error, eslint-disable, slither-disable, solhint-disable, cspell:ignore) and TODO/HACK/FIXME markers. everything else—jsdoc, explanatory prose, region markers, inline labels—is noise that masks unclear code." No other script in contracts/script/ has non-annotation // comments (confirmed via grep). This comment should either be removed or, if the address provenance must be tracked, placed in a commit message instead.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🔴 One-off identifiers added to global cspell dictionary instead of using inline cspell:ignore

MULTISEND (a Solidity constant name) and oeth (a chain prefix string literal) each appear only in contracts/script/SafePropose.s.sol and nowhere else in the codebase. Per AGENTS.md: "only add words to cspell.json when the term is a real project-relevant word that appears broadly (e.g., a protocol name, a library, a domain term)... one-off occurrences (variable names, company names, urls, hashes, identifiers) stay as inline cspell:ignore — never pollute the global dictionary with them." Solidity supports // comments, so both can use inline cspell:ignore annotations on the lines where they appear.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🟡 One-off chain prefix "oeth" added to global cspell dictionary instead of inline cspell:ignore

"oeth" is a Safe Transaction Service chain prefix string that only appears in contracts/script/SafePropose.s.sol:115. AGENTS.md states: "one-off occurrences (variable names, company names, urls, hashes, identifiers) stay as inline cspell:ignore — never pollute the global dictionary with them." This is a one-off identifier (Optimism's chain prefix abbreviation), not a broadly-used project domain term. An inline // cspell:ignore oeth annotation on contracts/script/SafePropose.s.sol:115 is the correct approach.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🚩 Safe API v2 URL format and chain prefixes should be verified

The URL pattern https://api.safe.global/tx-service/{prefix}/api/v2/safes/{safe}/multisig-transactions/ and the chain prefix mapping (eth=1, oeth=10, pol=137, base=8453, arb1=42161) at contracts/script/SafePropose.s.sol:113-120 correspond to the Safe Transaction Service's newer API format. These prefixes are not easily verifiable from the codebase alone. If Safe changes their API URL structure or chain prefixes, this would silently fail with a non-201 status (caught by the ProposalFailed revert). Worth verifying against current Safe API documentation.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 66bc0413-5e67-4e27-bd51-08fba140d16c

📥 Commits

Reviewing files that changed from the base of the PR and between 923d1e3 and be9c2af.

📒 Files selected for processing (2)

• contracts/script/SafePropose.s.sol
• cspell.json

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider validating ecrecover result.

ecrecover returns address(0) if the signature or hash is malformed. While unlikely in normal operation, adding a guard would provide a clearer error message than a downstream API failure.

🛡️ Proposed fix

     {
       (uint8 v, bytes32 r, bytes32 s) = vm.sign(safeTxHash);
       sender = ecrecover(safeTxHash, v, r, s);
+      require(sender != address(0), "Invalid signature");
       signature = abi.encodePacked(r, s, v);
     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{
	(uint8 v, bytes32 r, bytes32 s) = vm.sign(safeTxHash);
	sender = ecrecover(safeTxHash, v, r, s);
	signature = abi.encodePacked(r, s, v);
	}
	{
	(uint8 v, bytes32 r, bytes32 s) = vm.sign(safeTxHash);
	sender = ecrecover(safeTxHash, v, r, s);
	require(sender != address(0), "Invalid signature");
	signature = abi.encodePacked(r, s, v);
	}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 463722fb9a

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Use the next queued Safe nonce instead of safe.nonce()

When the target Safe already has a pending multisig transaction, safe.nonce() is still the last executed nonce, so this script will always propose a competing transaction for the current nonce instead of queueing the new action after the existing one. In that common multisig workflow, the generated contractTransactionHash is for the wrong slot and the proposal cannot be used as the next step in the queue.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Add chain prefixes for the repo's supported testnets

_chainPrefix() only recognizes mainnet chain IDs, but this repository already ships contract configs and broadcast artifacts for Base Sepolia (84532) and OP Sepolia (11155420) in contracts/deploy.json and contracts/broadcast/**. Running the new script on either staging network will always revert with UnsupportedChain(), which makes the tool unusable for the existing non-production deployment flow.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ff60f1ba-3a43-4ab2-8368-acf5b09938a0

📥 Commits

Reviewing files that changed from the base of the PR and between be9c2af and 463722f.

📒 Files selected for processing (2)

• contracts/script/SafePropose.s.sol
• cspell.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add "opbnb" to the words list for consistency.

Static analysis flags opbnb (opBNB chain prefix used in SafePropose.s.sol line 119) as an unknown word. Since oeth was added as a chain prefix, opbnb should be included as well for consistency.

🔧 Proposed fix

     "oeth",
     "offramp",
+    "opbnb",
     "oneline",

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bbf0f44b4c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Add the required Safe API key header

When this posts to the hosted https://api.safe.global/tx-service/... endpoint, the request only includes Content-Type. Safe's current docs for the default Transaction Service say hosted requests should be authenticated with Authorization: Bearer ..., and their API-key guide notes that missing keys are rejected with 401 Unauthorized. In other words, on the official service this script will always revert with ProposalFailed instead of creating the proposal, because there is no way here to send the API key or point at a custom/self-hosted tx-service.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f20de20fd5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Validate broadcast chain before building tx-service URL

run parses transactions from a broadcast file but never verifies that their .transaction.chainId matches the chain the script is currently connected to; propose always derives the endpoint from _chainPrefix() (current block.chainid). If someone accidentally feeds a run-latest.json from another network (easy in this repo because artifacts are stored per-chain), this can submit a proposal to the wrong Safe Transaction Service/network instead of failing fast. Add an explicit chain-id check before proposing.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cccdae6879

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Read Safe address from explicit input, not tx sender

run currently treats .transactions[i].transaction.from as the Safe address, but in standard Forge broadcast artifacts that field is the broadcasting EOA (for example, existing contracts/broadcast/**/run-latest.json files use a deployer EOA in from). In that common workflow safe is set to an EOA, so subsequent safe.nonce() / getTransactionHash(...) calls in propose revert or build an invalid proposal, making the script unusable for normal broadcast outputs.

Useful? React with 👍 / 👎.