Safe is a decentralized custody protocol allowing multi-signature (multi-sig) wallets to be used as a single account. Businesses and individuals can use multi-sig wallets for safe collective management, perform sensitive transactions, and achieve redundancy. The protocol is widely used across the Ethereum and EVM ecosystems.

Safe engaged Ackee Blockchain to perform a security review of the Safe contracts version 1.4.0 with a total time donation of 10 engineering days in a period between February 27 and March 10, 2023. 


We began our review using static analysis tool Wake. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we have involved Wake testing framework where we simulated deployment of the Safe and focused on the correctness of signature and owner handling.

During the review, we paid particular attention to:

  • signature validation
  • malicious owner actions
  • modules handling
  • owners handling
  • guard handling
  • fallback handler logic
  • access controls
  • delegate call risks
  • data validation.


The audit has been performed on the commit eb93dbb, and the scope was the following contracts with all imports (recursively):

  • SafeL2.sol
  • proxies/SafeProxyFactory.sol
  • handler/CompatibilityFallbackHandler.sol • libraries/MultiSendCallOnly.sol
  • libraries/SignMessageLib.sol

The review was done on March 28 on the given commit cb4b2b1.


Here we present our findings.

Critical severity 

No critical severity issues were found. 

High severity 

No high severity issues were found. 

Medium severity

M1: Broken guard can cause DoS 

M2: Lack of contract check  

Low severity

L1: Error-prone proxy constructor 

Warning severity

W1: Usage of delegatecalls

W2: Fallback handler can be set to address(this)

W3: Removed owner’s stored hash

W4: Singleton address at slot 0

W5: Call to disableModule can be frontrun 

W6: Threshold can be set too high

Informational severity

I1: Code and comment inconsistency 

I2: Require should be assert


Our review resulted in 11 findings, ranging from Info to Medium severity. The quality of the code is exceptional. NatSpec in-code documentation is part of every contract and function. General documentation still needs to be created, but Safe team provided a few documents describing the most crucial part – signatures. 

We recommended Safe to:

  • change guard management logic,
  • mitigate impacts of malicious deployer,
  • address all other reported issues. 

Ackee Blockchain’s full Safe audit report with a more detailed description of all findings and recommendations can be found here.

We were delighted to audit Safe and look forward to working with them again.