Gnosis Safe Integration

[rndquu]

We can't fully rely on Uniswap's permit2 payouts for large rewards. Partners should be able to manually approve transactions for large rewards. We can intergrate Gnosis Safe for such cases.

We can add a autoPayThreshold parameter to the bot's config. If autoPayThreshold is set to 100, then if a payment reward amount < 100$ then permit2 URL is generated (the same way the bot is making it now) else the bot should call gnosis safe API which creates a payout transaction.

Each partner should have a 2/2 safe (2 signatures required to transfer funds from a particular safe):

Signature 1 => bot's private key
Signature 2 => partner's private key

How it works under the hood:

1. When PR is merged and issue is closed the bot checks if the payout >= autoPayThreshold
2. If payout >= autoPayThreshold then the bot calls gnosis safe API and proposes a new safe transaction to transfer reward to a bounty hunter's address (example script to propose tx: https://github.com/rndquu/play-with-gnosis-safe/blob/main/js/proposeTx.ts)
3. The bot posts a URL to the proposed transaction (example: https://app.safe.global/transactions/queue?safe=matic:0xfDA61Db9CD7358DC4A3b828E5A5597e275C348ee)
4. Partner admin opens the proposed transaction URL and signs it with his private key
5. On some bot's event (new PR, new comment, whatever...) the bot:
   a) Finds all signed (by 2 parties: bot + admin) transactions from the Gnosis Safe via Gnosis Safe API
   b) Packs them together to be used by the MultiSendCallOnly contract (so that we could send only 1 transaction for all payouts)
   c) Relays a single meta transaction with all payouts via the gelato network. (gnosis safe has an API for transaction relaying but under the hood it simply uses the gelato network so I found it easier to work directly with the gelato SDK). Example script for relaying multiple safe transactions: https://github.com/rndquu/play-with-gnosis-safe/blob/main/js/relayMultipleTxs.ts

Notice that gas fees are paid by bounty hunters from their rewards in DAI. So for us it is completely free.

How it works from a bounty hunter's view:

1. PR is merged and issue is closed
2. Bounty hunter sees an unsigned safe transaction proposal to transfer rewards (example: https://app.safe.global/transactions/queue?safe=matic:0xfDA61Db9CD7358DC4A3b828E5A5597e275C348ee)
3. After some time a partner signs the proposal, the bot relays all signed safe transactions and reward is automatically transfered to bounty hunter's address (reward minus gelato gas fees)

How it works from a partner's view:

1. Once a day open safe's web page
2. Check and sign proposed transactions
3. Wait when the bot automatically relays them

In the end we should add 2 parameters to the bot's config:

1. autoPayThreshold: threshold in dollars after which the bot should generate gnosis safe transactions intead of permit2 URLs
2. safeAddress: partner's safe address

How to demo in polygon network:

1. git clone https://github.com/rndquu/play-with-gnosis-safe
2. set .env variables (DM me to get ready to use env variables for the polygon network)
3. Run npx tsx js/proposeTx.ts 3 times. This will create 3 signed (by the bot's private key) proposals to transfer 0.2 DAI (minus gelato fees) to a bounty hunter's address 0xB52e2e8ED4C4B57ddD41FA5b62e721b90e77A36b
4. Using partner's private key (2nd account from the test mnemonic) sign 2 out of 3 transactions in Gnosis Safe web interface
5. Run npx tsx js/relayMultipleTxs.ts
6. At this step 2 signed transactions should be relayed by the gelato network in a single transaction

[rndquu]

Perhaps it is better to have a 2/3 (2 confirmations required to transfer funds) safe for a partner:

Signature 1 => bot's private key
Signature 2 => partner's private key
Signature 3 => partner's private key (backup)

So if partner loses one of his private keys at least we can recover funds from a safe

[0x4007]

Perhaps it is better to have a 2/3 (2 confirmations required to transfer funds) safe for a partner:

We could certainly propose it to our partners but fortunately this is all configurable from the Safe UI so we don't necessarily have to plan for this feature.

[0x4007]

perhaps it makes more sense to do the following in case of a manual approval:

1. the bounty hunter completes the task (their pull request is merged in and the issue is closed as completed)
2. the bot posts a comment saying something like “this bounty is above the automatic payment threshold of 1000 usd and requires manual approval on safe.”
3. would be cool if somehow the bot could post a new comment (sending a notification to the bounty hunter via github) that the payment is ready to be claimed.

Source: https://t.me/UbiquityDAO/29361/31054

[rndquu]

would be cool if somehow the bot could post a new comment (sending a notification to the bounty hunter via github) that the payment is ready to be claimed

There is an API for this case