https://github.com/safe-global/safe-modules/blob/main/modules/4337/docs/v0.2.0/audit-report-openzeppelin.pdf | | Safe 4337 Module | v0.3.0 | Safe4337Module | https://github.com/safe-global/safe-modules/blob/main/modules/4337/docs/v0.3.0/audit.md | https://github.com/safe-global/safe-modules/blob/main/modules/4337/docs/v0.3.0/audit-report-v3.0.pdf | | Safe Token Lock | | SafeTokenLock | | https://github.com/safe-global/safe-locking/blob/main/docs/audits/Safe - Certora security report.pdf
https://github.com/safe-global/safe-locking/blob/main/docs/audits/ackee-blockchain-safe-token-locking-report-1.1.pdf |
The changes introduced in Safe contracts v1.4.1 were not audited on top of the Safe v1.4.0 audit, as the contract changes were deemed to not have security implications worth re-auditing for. The full diff can be found on Github, but the only change to the contract logic was:
diff --git a/contracts/Safe.sol b/contracts/Safe.sol
index bef58b7..3bd2ed9 100644
--- a/contracts/Safe.sol
+++ b/contracts/Safe.sol
@@ -44,7 +44,7 @@ contract Safe is
{
using SafeMath for uint256;
- string public constant VERSION = "1.4.0";
+ string public constant VERSION = "1.4.1";
// keccak256(
// "EIP712Domain(uint256 chainId,address verifyingContract)"
diff --git a/contracts/base/ModuleManager.sol b/contracts/base/ModuleManager.sol
index f260c08..ecc3938 100644
--- a/contracts/base/ModuleManager.sol
+++ b/contracts/base/ModuleManager.sol
@@ -35,7 +35,7 @@ abstract contract ModuleManager is SelfAuthorized, Executor {
if (to != address(0)) {
require(isContract(to), "GS002");
// Setup has to complete successfully or transaction fails.
- require(execute(to, 0, data, Enum.Operation.DelegateCall, gasleft()), "GS000");
+ require(execute(to, 0, data, Enum.Operation.DelegateCall, type(uint256).max), "GS000");
}
}
This was a small change to allow Safes to work with ERC-4337 bundler rules. For more information, see https://github.com/safe-global/safe-smart-account/issues/568.