Change governance owner of Polygon deployment #1990

d10r · 2024-07-17T15:14:59Z

d10r
Jul 17, 2024
Maintainer

Legacy Gnosis Multisig Wallet

Superfluid historically used the legacy Gnosis Multisig Wallet as owner for the framework governance contract.
Despite it having been deprecated, it's still considered a simple and reliable Multisig with impeccable security record.
Because it just works, Superfluid still uses it as governance owner on most chains.

Interaction with such Multisig wallets usually takes place via scripted onchain transactions (create gov proposals) or - for signing - via a simple UI which works with any wallet-connected chain. A self-hosted instance of this UI is deployed at https://gnosis-wallet.dev.superfluid.dev/.
Since creating proposals and signing are done onchain, no dedicated offchain infrastructure is needed.

(Gnosis) Safe

Safe (prev. Gnosis Safe) has established itself as the default Multisig Wallet in the EVM ecosystem.
It's much more flexible and extensible than the legacy Multisig.
Having become the default, there's a constantly growing ecosystem of infrastructure using and integrating with Safe.
Superfluid has first added tooling support for Safe as governance owner in #1472. The deployment on Base Mainnet has used a Safe as governance owner from the start.

A major difference between the legacy Multisig and Safe is that Safe heavily relies on offchain infrastructure.
Creating and signing proposals are offchain operations. Only the actual execution happens as an onchain transaction, providing the collected signatures as calldata.
This has advantages like not requiring signers to pay for signing (or to even have any onchain assets) and smoother UX.
But it also implies reliance on offchain infra.

Pro's and Con's

While Safe is clearly the safe bet (pun intended) going forward, it's not better than the legacy Multisig wallet in all aspects.

Security: While the Safe contracts are more systematically audited, the Multisig contracts make up for that by simplicity and time in use without incident
Availability: The Multisig contract can be easily deployed to any EVM chain and doesn't rely on any off-chain infra. Meanwhile, adding Safe support to a chain not supported by the canonical Safe App itself is a major undertaking because of its reliance on stateful offchain infra, also involving ongoing maintenance cost after deployment. Superfluid doesn't want to make this effort and also doesn't want availability of a canonical Safe deployment being a prerequisite for Superfluid protocol deployment. That's why support for the legacy Multisig is kept in place.
Ecosystem: Safe, being the default EVM multisig for a while now, has integrations growing by the day. One of this integrations relevant for Superfluid is https://app.onchainden.com/, which makes it much easier to make pending governance actions human readable. Because of that, a switch-over to Safe for all chains with a canonical Safe deployment may eventually take place.

Switching over Polygon

There's an imminent reason for switching Polygon PoS governance ownership to a Safe, which is that the Multisig UI can't handle the governance actions for batch updating SuperToken logic well. That's because on Polygon the batches are quite large, resulting in the rendering process to stall. You can check by yourself by navigating to https://gnosis-wallet.dev.superfluid.dev/#/wallet/0x1EB3FAA360bF1f093F5A18d21f21f13D769d044A and connecting a wallet pointed to Polygon.

Thus a Safe with the same owner configuration as the current governance owner was created at https://app.safe.global/home?safe=matic:0xf0aCd3efFd0ca4c84239eFcD664723C6feab403F
The governance action 349 (which will be the last one) of the legacy Multisig at 0x1EB3FAA360bF1f093F5A18d21f21f13D769d044A will invoke the method transferOwnership() of the governance contract, handing over ownership to the Safe.