Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@gnosis.pm/safe-contracts
Advanced tools
yarn
yarn build
yarn test
A collection of the different Safe contract deployments and their addresses can be found in the Safe deployments repository.
To add support for a new network follow the steps of the Deploy
section and create a PR in the Safe deployments repository.
:warning: Make sure to use the correct commit when deploying the contracts. Any change (even comments) within the contract files will result in different addresses. The tagged versions that are used by the Gnosis Safe team can be found in the releases.
This will deploy the contracts deterministically and verify the contracts on etherscan using Solidity 0.7.6 by default.
Preparation:
MNEMONIC
in .env
INFURA_KEY
in .env
yarn deploy-all <network>
This will perform the following steps
yarn build
yarn hardhat --network <network> deploy
yarn hardhat --network <network> etherscan-verify
yarn hardhat --network <network> local-verify
It is possible to use the NODE_URL
env var to connect to any EVM based network via an RPC endpoint. This connection then can be used with the custom
network.
E.g. to deploy the Safe contract suite on that network you would run yarn deploy-all custom
.
The resulting addresses should be on all networks the same.
Note: Address will vary if contract code is changed or a different Solidity version is used.
This command will use the deployment artifacts to compile the contracts and compare them to the onchain code
yarn hardhat --network <network> local-verify
This command will upload the contract source to Etherescan
yarn hardhat --network <network> etherscan-verify
All contracts are WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
All smart contracts are released under LGPL-3.0
FAQs
Ethereum multisig contract
The npm package @gnosis.pm/safe-contracts receives a total of 3,572 weekly downloads. As such, @gnosis.pm/safe-contracts popularity was classified as popular.
We found that @gnosis.pm/safe-contracts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.