EIP for deterministic multisig (safe) addresses

We already have a concept to deterministically derive a safe address based on (owner list; threshold)
Turning this into a proper EIP would enable a lot of use-cases:

  1. Easier access for DAPPs to assets in proxy SKD (1/1 Safe)
    Dapps like Omen are using the proxy SDK and are holding assets (e.g. conditional tokens) in the proxy Safe. When logging into another DAPP (with the EOA) (e.g. Conditional Token Explorer) this dapp just checks for assets on the EOA - with this EIP dapps could check by default for assets in such a user-controlled Safe

  2. For privacy reasons people are using different accounts derived from the same seed phrase.
    Today it is a very high effort to create different safes without creating obvious links.
    With the proposal above it would be fairly easy to create a tool that lets you import the first n EOA addresses derived from e.g. 3 different seed phrases and then generate the addresses for n 2/3 Safes.
    Once gas can be paid from the safe with a relay service it increases the practicality tremendously.

  3. It makes all kinds of nested Safe setups more practical.
    E.g. the proxykit can be used with a 1/2 setup instead where 1 owner is the EOA can the second owner is a not yet deployed safe with also 1/2 with again 1 owner the EOA and the other some recovery logic.
    More: https://twitter.com/VitalikButerin/status/1297389220252639234

  4. Such a EIP can allow block explorer to enrich data.

  5. many use-cases we have not yet thought of.

One open quesion are multiple networks. Is it desirable to be able to create the same Safe on multiple networks (e.g. Ethereum/ dDAI) - or should we even actively try to prevent this?

5 Likes

While the default behaviour of bridge UIs is to send tokens to the same address on the other network, I think it is desirable to be able to generate the same address.
The old nonce based approach was obviously not ideal for this, since there was very little chance that the user controlled the address on both networks. The new deterministic method is an improvement because you can generate the same address with the same starting conditions. But it is still not ideal as can’t account for changes in owners and threshold. Not sure if/how it would be possible, but if you could replicate an existing safe address, along with the current owners and threshold, on a multiple networks, that would be ideal. Even this has potential complications though, for example, if a safe is owned by a contract deployed on one nework then it’s unlikely that contract exists at the same address on the other network.

Being able to deterministically derive multisig addresses, given the list of owner accounts, a threshold, (+ potentially a mastercopy and / or a network/chain id), would for sure be nice!
This could be used for recovery without exposing owner accounts beforehand. Or more generally for deferred deployments of Safes.

I think it is desirable to create the same Safe on multiple networks due to the reasons Auryn mentioned above.
However, currently, there is no network/chain id part of the execution function (and signatures) of a Safe. That’s required in my opinion since otherwise transactions could be easily replayed which is not desirable.

The mastercopy or proxy of a Safes could potentially change in the future. I think this has to be considered as well.

A more general question though: Why does this need to be an EIP? Is it “just” for documentation purposes and to get visibility or am I missing anything?
We already have the tools to create a simple proof of concept for this. This seems like a more pragmatic first step than to start off with putting together an EIP since we would get results faster.

Because ideally it will be adopted by as many as possible in the Ethereum ecosystem.

  • wallets
  • block explorer
  • developer tools
  • other smart contracts

An EIP just dramatically increases visibility and it should be our goal to make this visible.