Gnosis Safe 1.3.0 and $1M Bug Bounty

A new version of the Gnosis Safe contracts is released alongside a bug bounty program paying up to $1M per bug.

Lukas Schor

Published in

GnosisDAO

3 min readMay 12, 2021

Tl;dr

A new Gnosis Safe contract version 1.3.0. are released and audited
The 1.3.0 version makes Gnosis Safe more secure, flexible and ready for Layer 2 / sidechain deployments
A bug bounty program is launched with a max bug bounty reward of up to $1M per critical bug found

At the end of 2019, we released version 1.1.1 of the Gnosis Safe smart contracts, followed in mid-2020 by version 1.2.0. As of today, there are more than 15,000 Gnosis Safe instances deployed, which combined hold over 32B USD in ETH and ERC20 tokens.

Gnosis Safe Contracts 1.3.0.

As our product matures, we are updating the Gnosis Safe smart contracts to version 1.3.0. This update adds greater functionality to the core contracts and releases a special version designed for Gnosis Safe on Layer 2 networks.

Here are some highlights of this update, with a full list of changes available on Github (release and changelog).

🌟 L2 version

This extended version of the core contracts will emit an event with all the information related to the Safe transaction to be executed. As emitting events is quite gas expensive, it is only expected that this version will be used on Layer 2 (L2) networks with low gas prices. The L2 version of the Gnosis Safe contracts will enable a wider roll-out on layer 2 networks and sidechains.

⛓️ chainId

The chainId has been added to the EIP-712 domain. In case of a change of the chainId (e.g. hardfork related) the new chainId will automatically be used for future signature checks. This is a security improvement that’s crucial for our Layer 2 rollout plan.

💂 Transaction guard

It is possible to add a transaction guard to a Safe. Transaction guards can be configured to perform additional validation checks for a Safe transaction. It can be used to implement access control mechanisms beyond the basic n-out-of-m validation check.

📡 Events for Safe setup and for incoming ETH

The Safe now emits an event that contains all setup information that influences the state of the newly setup Safe. Furthermore, an event is emitted for incoming ETH transfers.

Find bugs, get rewarded. Earn up to $1,000,000 reported bugs.

Together with the new contract version 1.3.0, we are also updating our bug bounty program and even increasing the maximum bounty payout to $1,000,000. Please refer to the Safe developer portal for details about the bug bounty program and how you can participate.