This repo holds several Hats Protocol-enabled Zodiac contracts. Currently, this repo contains the following, referred to collectively as Hats Signer Gate (HSG):
A contract that grants multisig signing rights to addresses wearing a given Hat, enabling on-chain organizations (such as DAOs) to revocably delegate constrained signing authority and responsibility to individuals.
HatsSignerGate.sol is a Zodiac module that...
- Grants multisig signing rights to addresses based on whether they are wearing the appropriate Hat(s).
- Removes signers who are no long valid (i.e. no longer wearing the signer Hat)
- Manages the multisig threshold within the owner-specified range as new signers are added or removed.
Since Hat-wearing is dynamic — Hats can be programmatically revoked from wearers — this contract also services as a Zodiac guard to ensure that:
A) Only valid signers can execute transactions, i.e. only signatures made by accounts currently wearing a valid signer Hat count towards the threshold.
B) Signers cannot execute transactions that remove the constraint in (A). Specifically, this contract guards against signers...
- Removing the contract as a guard on the multisig
- Removing the contract as a module on the multisig — or removing/changing/adding any other modules,
- Changing the multisig threshold
- Changing the multisig owners
Warning Protections against (3) and (4) above only hold if the Safe does not have any authority over the signer Hat(s). If it does — e.g. it wears an admin Hat of the signer Hat(s) or is an eligibility or toggle module on the signer Hat(s) — then in some cases the signers may be able to change the multisig threshold or owners.
Proceed with caution if granting such authority to a Safe attached to HatsSignerGate.
Hats Signer Gate uses the HatsOwned mix-in to manage ownership via a specified ownerHat.
The wearer of the ownerHat can make the following changes to Hats Signer Gate:
- "Transfer" ownership to a new Hat by changing the
ownerHat - Set the acceptable multisig threshold range by changing
minThresholdandtargetThreshold - Add other Zodiac modules to the multisig
- In Multi-Hats Signer Gate, add other Hats as valid signer Hats
MultiHatsSignerGate.sol is a modification of Hats Signer Gate that supports setting multiple Hats as valid signer Hats.
HatsSignerGateFactory is a factory contract that enables users to deploy proxy instances of HatsSignerGate and MultiHatsSignerGate, either for an existing Safe or wired up to a new Safe deployed at the same time. It uses the Zodiac module proxy factory so that the deployments are tracked in the Zodiac subgraph.
This project has received the following security audits. See the audits directory for the detailed reports.
| Auditor | Report Date | Commit Hash | Notes |
|---|---|---|---|
| Trust Security | Feb 23, 2023 | b9b7fcf | Report also includes findings from Hats Protocol audit |
| Sherlock | May 3, 2023 | 9455c0 | Report also includes findings from Hats Protocol audit |
See Releases for deployments. Specific deployment parameters are stored here.