Increase robustness of confirm safe tx script

[0xDEnYO]

Which Jira task belongs to this PR?

Why did I implement it this way?

Checklist before requesting a review

• I have performed a self-review of my code
• This pull request is as small as possible and only tackles one problem
• I have added tests that cover the functionality / test the bug
• I have updated any required documentation

Checklist for reviewer (DO NOT DEPLOY and contracts BEFORE CHECKING THIS!!!)

• I have checked that any arbitrary calls to external contracts are validated and or restricted
• I have checked that any privileged calls (i.e. storage modifications) are validated and or restricted
• I have ensured that any new contracts have had AT A MINIMUM 1 preliminary audit conducted on by <company/auditor>

[coderabbitai]

Walkthrough

The pull request introduces a new key, safeWebUrl, to various blockchain network configurations in the config/networks.json file, enhancing the structure without removing existing keys. Additionally, the safeAddress for the opbnb network is updated to a valid address. Changes are also made to the lib/openzeppelin-contracts directory by updating the commit hash. Furthermore, the confirm-safe-tx.ts script is modified to improve error handling and network processing logic, while the viemScriptHelpers.ts file sees the addition of new properties and functions for better console message logging.

Changes

File	Change Summary
config/networks.json	Added safeWebUrl for multiple networks; updated safeAddress for opbnb from "" to a valid address.
lib/openzeppelin-contracts	Updated commit hash from e50c24f5839db17f46991478384bfda14acfb830 to 54b3f14346da01ba0d159114b399197fea8b7cda.
script/deploy/safe/confirm-safe-tx.ts	Enhanced error handling; updated function signatures for signTransaction and executeTransaction to include safeWebUrl.
script/utils/viemScriptHelpers.ts	Added safeWebUrl to Network type; introduced printError and printSuccess functions for console logging.

Possibly related PRs

• Update networks.json #817: Updates the config/networks.json file, directly related to the addition of the safeWebUrl key.
• adds gasZipChainIds & opbnb to networks.json #825: Modifies config/networks.json by adding a new field gasZipChainId, relevant to network configurations.
• Update Cronos deployment #846: Introduces a new entry for the "Cronos" network in config/networks.json, related to the same file.
• activates git action to protect security-critical code #853: Activates a GitHub Actions workflow for security-critical code, indirectly related to network configurations.

Suggested reviewers

• ezynda3

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 22fba84 and 5cec453.

📒 Files selected for processing (2)

• script/deploy/safe/confirm-safe-tx.ts (8 hunks)
• script/utils/viemScriptHelpers.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• script/deploy/safe/confirm-safe-tx.ts
• script/utils/viemScriptHelpers.ts

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[lifi-action-bot]

Test Coverage Report

Line Coverage: 76.20% (1685 / 2211 lines)
Function Coverage: 82.94% ( 355 / 428 functions)
Branch Coverage: 35.67% ( 193 / 541 branches)
Test coverage (76.20%) is above min threshold (74%). Check passed.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (3)

script/utils/viemScriptHelpers.ts (1)

28-32: Consider enhancing the colors implementation

While the color constant is a good addition for consistent terminal output, consider these improvements:

-const colors = {
-  reset: '\x1b[0m',
-  red: '\x1b[31m',
-  green: '\x1b[32m',
-}
+// ANSI escape sequences for terminal colors
+const supportsColor = process.stdout.hasColors?.();
+const colors = {
+  reset: supportsColor ? '\x1b[0m' : '',
+  red: supportsColor ? '\x1b[31m' : '',
+  green: supportsColor ? '\x1b[32m' : '',
+  yellow: supportsColor ? '\x1b[33m' : '', // Additional colors as needed
+} as const;

This implementation:

1. Adds documentation
2. Handles terminals without color support
3. Uses const assertion for type safety

config/networks.json (1)

Line range hint 444-449: Complete the opbnb network configuration

The opbnb network configuration appears incomplete:

• safeAddress is set but safeApiUrl is empty
• explorerApiUrl is missing
• Network is marked as "inactive"

This might affect the functionality of safe-related operations on the opbnb network.

Please provide the missing API URLs or document why they are intentionally left empty.

script/deploy/safe/confirm-safe-tx.ts (1)

64-67: Consider using getAllActiveNetworks to avoid duplication

The logic used here to filter active networks duplicates the functionality of the getAllActiveNetworks function imported from viemScriptHelpers. To adhere to the DRY (Don't Repeat Yourself) principle and improve maintainability, consider using getAllActiveNetworks() directly.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between c2c412f and 0026145.

📒 Files selected for processing (4)

• config/networks.json (34 hunks)
• lib/openzeppelin-contracts (1 hunks)
• script/deploy/safe/confirm-safe-tx.ts (8 hunks)
• script/utils/viemScriptHelpers.ts (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• lib/openzeppelin-contracts

🔇 Additional comments (11)

script/utils/viemScriptHelpers.ts (1)

23-23: LGTM! Verify network configurations include safeWebUrl

The new safeWebUrl property is properly typed and aligns with the PR's objective of improving safe transaction handling.

Let's verify that all active networks have this property configured:

✅ Verification successful

All active networks have safeWebUrl configured correctly

After verifying the networks.json file, all active networks (status: "active") have the safeWebUrl property properly configured with valid URLs pointing to their respective Safe transaction queues. The property is consistently present and follows the expected format across all active chains.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if all active networks have safeWebUrl configured
# Expected: All active networks should have a valid safeWebUrl

jq -r '
  to_entries[] | 
  select(.value.status == "active") | 
  select(.value.safeWebUrl == null or .value.safeWebUrl == "") | 
  .key
' config/networks.json

Length of output: 162

---

Script:

#!/bin/bash
# Let's first check if the networks.json file exists and see its content
fd -t f "networks.json" --exec cat {}

Length of output: 27387

config/networks.json (1)

286-287: Verify the reuse of safeAddress across networks

Multiple networks are using the same safeAddress: 0xa89a87986e8ee1Ac8fDaCc5Ac91627010Ec9f772
This appears in configurations for:

• immutablezkevm
• kaia
• fraxtal
• cronos
• taiko

Please verify if this address reuse is intentional and document the reason if it is.

Also applies to: 304-305

✅ Verification successful

Let me gather more context about the network configurations to understand if this is a pattern or an isolated case.

---

From the output, I can now see a clear pattern. There are actually two groups of networks sharing the same safeAddress:

1. 0xa89a87986e8ee1Ac8fDaCc5Ac91627010Ec9f772: Used by celo, cronos, fraxtal, immutablezkevm, kaia, mantle, and taiko
2. 0xdf61270fDC1A892874Fd3C0143A0A4CBA74F4EF1: Used by blast, linea, mode, rootstock, scroll, and sei

Let me check if there's any configuration or deployment related code that might explain this pattern.

---

Based on the findings from the codebase, I can now provide a conclusive response:

Safe address reuse appears to be intentional for newer/emerging networks

The shared safe addresses represent two distinct deployment groups:

• 0xa89a87986e8ee1Ac8fDaCc5Ac91627010Ec9f772: Used for newer L2/emerging networks (celo, cronos, fraxtal, immutablezkevm, kaia, mantle, taiko)
• 0xdf61270fDC1A892874Fd3C0143A0A4CBA74F4EF1: Used for another group of emerging networks (blast, linea, mode, rootstock, scroll, sei)

While established networks (mainnet, arbitrum, polygon, etc.) have their unique safe addresses, this pattern of address reuse appears to be a deliberate deployment strategy for newer networks, as evidenced by the deployment scripts and configuration in the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Find all networks sharing the same safeAddress

# Search for the repeated safeAddress
echo "Networks sharing safeAddress 0xa89a87986e8ee1Ac8fDaCc5Ac91627010Ec9f772:"
rg -B 2 -A 1 '"safeAddress": "0xa89a87986e8ee1Ac8fDaCc5Ac91627010Ec9f772"' config/networks.json

Length of output: 2484

---

Script:

#!/bin/bash
# Let's examine the overall structure of networks.json and look for other safeAddress patterns
echo "Analyzing all safeAddress configurations:"
jq -r 'to_entries[] | select(.value.safeAddress != null) | "\(.key): \(.value.safeAddress)"' config/networks.json | sort

echo -e "\nChecking if there's any documentation about safe addresses:"
rg -i "safe.*(address|config)" --type md

Length of output: 2102

---

Script:

#!/bin/bash
# Look for any deployment scripts or configuration logic related to safe addresses
echo "Searching for safe address related code:"
rg -i "safeAddress|safe.*deploy" --type ts --type js -C 2

echo -e "\nChecking for any environment variables related to safe:"
rg -i "SAFE.*ADDRESS" --type env --type ts --type js

Length of output: 6600

script/deploy/safe/confirm-safe-tx.ts (9)

110-121: Good practice: Enhanced error handling when initializing SafeApiKit

Adding a try-catch block around the initialization of safeService improves the robustness of the script by gracefully handling potential errors and preventing crashes.

---

139-153: Good practice: Enhanced error handling when setting up ProtocolKit

The inclusion of a try-catch block during the setup of protocolKit ensures that any initialization errors are properly caught and handled, enhancing the script's stability.

---

155-167: Good practice: Improved error handling when fetching pending transactions

Wrapping the call to safeService.getPendingTransactions in a try-catch block effectively handles API errors and prevents the script from terminating unexpectedly.

---

171-189: Enhanced error handling in signTransaction function

Passing safeWebUrl as a parameter allows error messages to include a direct link for users to troubleshoot issues via the SAFE web interface. The updated error handling enhances user experience and guidance.

---

195-213: Improved error handling in executeTransaction function

Incorporating safeWebUrl into the error messages provides users with immediate access to the relevant SAFE web page in case of execution failures. This makes troubleshooting more efficient.

---

304-306: Correctly updated function call in 'Sign' action

The signTransaction function now correctly includes safeWebUrl as an argument, ensuring that enhanced error messages are available during the sign action.

---

310-313: Correctly updated function calls in 'Sign & Execute Now' action

Both signTransaction and executeTransaction are called with safeWebUrl, maintaining consistency and ensuring enhanced error handling during the combined action.

---

317-319: Correctly updated function call in 'Execute Now' action

The executeTransaction function is invoked with safeWebUrl, aligning with the updated function signature and ensuring helpful error messaging.

---

101-101: Verify that safeWebUrl is defined for all active networks

To prevent potential runtime errors when accessing safeWebUrl, ensure that this property is defined for all active networks in networks.json.

Run the following script to check for active networks missing safeWebUrl:

✅ Verification successful

safeWebUrl is defined for all active networks

After examining the networks.json file, I can confirm that all networks with "status": "active" have a properly defined safeWebUrl property. The only networks missing or having empty safeWebUrl are those marked as "status": "inactive", such as "gravity", "immutablezkevm", "opbnb", and "localanvil", which are not relevant to this verification since they are not active networks.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for active networks without 'safeWebUrl' defined in 'networks.json'.

# Expected result: No active network should be missing 'safeWebUrl'.

jq -r '. | to_entries[] | select(.value.status=="active" and (.value.safeWebUrl == null or .value.safeWebUrl == "")) | .key' config/networks.json

Length of output: 147

---

Script:

#!/bin/bash
# First, let's check if the networks.json file exists and see its content
cat config/networks.json 2>/dev/null || find . -type f -name "networks.json" | xargs cat

Length of output: 27374