Safe and EIP-7702
EIP-7702 doesn't specify how to initialise the storage of the account but only gives a way to set the code of the account. This means that the account will be created with an empty storage, and the user will have to set the storage manually.
Existing Safe contracts cannot be used with EIP-7702, because of following reasons:
- Delegating to Safe Singleton or the Safe Proxy contract will expose the EOA account to the risk of front-running during setup.
- In its current implementation, the Safe Singleton contract doesn't let itself to become an owner meaning that after delegating to the Safe Singleton, the EOA account cannot sign Safe transactions and will need to keep another private key to do so.
Possible approaches
Modified Safe Proxy
This approach uses the SafeEIP7702Proxy (opens in a new tab), a proxy contract derived from the Safe Proxy (opens in a new tab) with the following changes:
- The constructor of the
SafeEIP7702Proxy
contract has the additionalsetupDataHash
parameter, which is the hash of thesetup
function call data. Thus, the address of the proxy contract also depends on thesetupDataHash
and not just the Safe Singleton contract address. The proxy contract uses this hash to verify that thesetup
function parameter values are unchanged during the initialization of storage. - The proxy implements the
setup
function, which calls thesetup
function of the Safe Singleton contract and has additional logic:- Set the storage slot 0, that is, the address of the Safe Singleton in the EOA storage.
- Verify that the
setupDataHash
equals the hash of thesetup
function call data.
This approach has a gas overhead as a new proxy contract has to be deployed for each EOA account, as the setupDataHash
may be unique for each user. However, using this approach, users can use Safe{Wallet} with minor modifications and import the EOA account as a Safe account.
Follow the instructions here to use this approach to set code in EOA: https://github.com/5afe/safe-eip7702/tree/main/safe-eip7702-contracts#execute-scripts (opens in a new tab)
Modified Safe Singleton
This approach uses the SafeEIP7702 (opens in a new tab) contract, a derived version of Safe Singleton that overrides the setup
function and reverts when called. Instead, the contract's new setupEIP7702
function has a signature
parameter. The default owner will be set to the address of the EOA account that delegates to this Safe Singleton contract with a threshold of 1.
Because this approach doesn't use a proxy contract, storage slot 0 remains unused. The Safe Transaction Service and other services that depend on the value at storage slot 0 will not work with this approach.
SafeLite
SafeLite (opens in a new tab) is a lite version of Safe that is compatible with EIP-7702. The contract does not have a proxy and doesn't need initialization.
SafeLite supports ERC-4337 and can use features such as sponsored transactions and batch transactions. SafeLite also supports ERC-1271 for contract-based signatures.
SafeLite is not compatible with Safe{Wallet} as it doesn't use the same storage layout as the existing Safe contracts.
It doesn't have the features of the existing Safe contracts such as Modules, Fallback Handler, and Guards.
All the above approaches are experimental and the contracts are not yet audited. Use them at your own risk.