ADVANCED◈ Solidity4-5hMattia+Milan
Safe Module Spending Policy
Build a Safe Module that enforces spending policies: daily limits per token, allowlisted recipients, and time-locked large transfers. This mirrors Gnosis Pay's core card spending policy architecture using Safe{Core} modules.
Tech Stack
SoliditySafe Module InterfaceFoundryOpenZeppelin (EnumerableSet, SafeERC20)
What You'll Learn
- →Safe Module architecture and IModule interface
- →Spending limit enforcement with rolling windows
- →Role-based access within a Safe context
- →Time-lock patterns for high-value transactions
- →Foundry testing with Safe mocks
Milestones (0/5)
Architecture Hints
Architecture
Maps to Gnosis Pay:
- Authorized spenders = card payment processor addresses
- Daily limits = card spending limits (Visa compliance)
- Allowlist = approved merchant categories
- Time-lock = fraud prevention for unusual transactions
Safe (Multisig)
│
├── owners[] ──── can enable/configure module
│
▼
SpendingPolicy (Module)
│
├── authorizedSpenders[] ── card/relayer addresses
│
├── dailyLimits[token] ──── per-token daily caps
│
├── allowlist[recipient] ── approved merchants
│
├── timeLock ──── queue for large transfers
│ ├── queueTransfer() → delay
│ ├── executeQueued() → after delay
│ └── cancelQueued() → owner only
│
└── spend() ──── main entry point
├── Check spender authorized
├── Check recipient allowlisted
├── Check daily limit
├── If > threshold → time-lock queue
└── execTransactionFromModule()Interview Talking Points
- ▸Explain the Safe Module pattern and why it's superior to direct multisig for programmable spending
- ▸Discuss how daily limits map to Visa's spending limit compliance requirements
- ▸Talk about the time-lock as a fraud prevention mechanism — how Gnosis Pay likely uses similar patterns
- ▸Explain gas optimization choices and their impact on per-transaction cost for card payments
- ▸Discuss how the Roles module (zodiac) compares to a custom spending policy module