https://github.com/safe-global/safe-modules/blob/main/modules/4337/docs/v0.2.0/audit-report-openzeppelin.pdf | | https://github.com/safe-global/safe-modules/tree/main/modules/4337 | v0.3.0 | Safe4337Module | https://github.com/safe-global/safe-modules/blob/main/modules/4337/docs/v0.3.0/audit.md | https://github.com/safe-global/safe-modules/blob/main/modules/4337/docs/v0.3.0/audit-report-v3.0.pdf | | https://github.com/safe-global/safe-locking | | SafeTokenLock | | https://github.com/safe-global/safe-locking/blob/main/docs/audits/Safe - Certora security report.pdf
The changes introduced in Safe contracts v1.4.1 were not audited on top of the Safe v1.4.0 audit, as the contract changes were deemed to not have security implications worth re-auditing for. The full diff can be found on Github, but the only change to the contract logic was:
diff --git a/contracts/Safe.sol b/contracts/Safe.sol
index bef58b7..3bd2ed9 100644
--- a/contracts/Safe.sol
+++ b/contracts/Safe.sol
@@ -44,7 +44,7 @@ contract Safe is
{
using SafeMath for uint256;
- string public constant VERSION = "1.4.0";
+ string public constant VERSION = "1.4.1";
// keccak256(
// "EIP712Domain(uint256 chainId,address verifyingContract)"
diff --git a/contracts/base/ModuleManager.sol b/contracts/base/ModuleManager.sol
index f260c08..ecc3938 100644
--- a/contracts/base/ModuleManager.sol
+++ b/contracts/base/ModuleManager.sol
@@ -35,7 +35,7 @@ abstract contract ModuleManager is SelfAuthorized, Executor {
if (to != address(0)) {
require(isContract(to), "GS002");
// Setup has to complete successfully or transaction fails.
- require(execute(to, 0, data, Enum.Operation.DelegateCall, gasleft()), "GS000");
+ require(execute(to, 0, data, Enum.Operation.DelegateCall, type(uint256).max), "GS000");
}
}
This was a small change to allow Safes to work with ERC-4337 bundler rules. For more information, see https://github.com/safe-global/safe-smart-account/issues/568.