SAFE Manager

Smart contract code: ODSafeManager****

1. Summary

ODSafeManager is an abstraction around the SAFEEngine that allows anyone to easily manage their GEB positions. Additionally, it is integrated with Vault721, which equates safe ownership to NFT-Vault ownership, making the transferrence of safes as easy as transferring an NFT.

2. Contract Variables & Functions


  • safeEngine - address of the SAFEEngine
  • vault721 - contract interface of Vault721
  • safei - auto incrementing nonce
  • cdps[safeId: uint256] - mapping between SAFE ids and SAFE
  • cdpList[safeId: uint256] - double linked list indicating the previous and next SAFE ids of a provided SAFE
  • ownsCDP[cdpId: uint256] - indicates the owner of a SAFE
  • collateralTypes[cdpId: uint256] - the collateral type backing the SAFE with id safeId
  • firstSAFEID[owner: address] - the first safeId of an owner
  • lastSAFEID[owner: address] - the last safeId or an owner
  • safeCount[owner: address] - the amount of SAFEs and address has
  • safeCan[owner: address, safeId: uint256, allowedAddr: address] - whether an address is allowed to interact with a SAFE
  • handlerCan[safeHandler: address, allowedAddr: address] - whether an address is allowed to interact with a SAFE's handler

Data Structures

  • List - a struct containing the previous and the next SAFE ids of a specific SAFE. Contains:
    • prev - the previous SAFE id
    • next - the next SAFE id


  • allowSAFE(safe: uint256, usr: address, ok: uint256) - allow an address to interact with a SAFE with a specific id
  • allowHandler(usr: address, ok: uint256) - allow an address to interact with a SAFE handler
  • openSAFE(collateralType: bytes32, usr: address) - create a new SAFE id and handler, mint NFT-Vault where tokeId is safeId
  • transferSAFEOwnership(safe: uint256, dst: address) - transfer a SAFE and NFT-Vault to another user's proxy and account, respectively
  • modifySAFECollateralization(safe: uint256, deltaCollateral: int256, deltaDebt: int256) - add/remove collateral to and from a SAFE or generate/repay debt
  • transferCollateral(safe: uint256, dst: address, wad: uint256) - transfer collateral from a SAFE to another address
  • transferInternalCoins(safe: uint256, dst: address, rad: uint256) - transfer SAFEEngine.coinBalance system coins between addresses
  • quitSystem(safe: uint256, dst: address) - migrate the SAFE to a destination address
  • enterSystem(safe: address, src: uint256) - import a SAFE to the handler owned by an address
  • moveSAFE(safeSrc: uint256, safeDst: uint256) - move a position between SAFE handlers
  • protectSAFE(safe: uint256, liquidationEngine: address, saviour: address) - choose a SAFESaviour for a SAFE


  • AllowSAFE - emitted when allowSafe is called. Contains:
    • sender - the msg.sender
    • safe - the SAFE id
    • usr - the address of the user that is allowed/forbidden from managing the SAFE
    • ok - whether the usr is allowed or not to manage the SAFE
  • AllowHandler - emitted when allowHandler is called. Contains:
    • sender - the msg.sender
    • usr - the handler
    • ok - whether it is allowed or not
  • TransferSAFEOwnership - emitted when transferSAFEOwnership is called. Contains:
    • sender - the msg.sender
    • safe - the SAFE id
    • dst - the new owner
  • OpenSAFE - emitted when a new SAFE is created using openSAFE. Contains:
    • sender - the msg.sender
    • own - the SAFE owner
    • safe - SAFE id
  • ModifySAFECollateralization - emitted when modifySAFECollateralization is called. Contains:
    • sender - the msg.sender
    • safe - the SAFE id
    • deltaCollateral - the amount of collateral to add/remove
    • deltaDebt - the amount of debt to repay/withdraw
  • TransferCollateral - emitted when transferCollateral is called. Contains:
    • sender - the msg.sender
    • safe - the SAFE id
    • dst - the destination SAFE id
    • wad - amount of collateral to transfer
  • TransferInternalCoins - emitted when transferInternalCoins is called. Contains:
    • sender - the msg.sender
    • safe - the SAFE id
    • dst - destination for internal coins
    • rad - amount of internal coins to transfer
  • QuitSystem - emitted when quitSystem is called. Contains:
    • sender - the msg.sender
    • safe - the SAFE id
    • dst - the destination handler for the SAFE
  • EnterSystem - emitted when enterSystem is called. Contains:
    • sender - the msg.sender
    • src - the source handler for the SAFE
    • safe - the SAFE id
  • MoveSAFE - emitted when moveSAFE is called. Contains:
    • safe - the SAFE id
    • safeSrc - the source ID that has the current handler controlling the SAFE
    • safeDst - the destination SAFE id that has the handler which will control the safe from now on
  • ProtectSAFE - emitted when protectSAFE is called. Contains:
    • sender - the msg.sender
    • safe - the SAFE id
    • liquidationEngine - the LiquidationEngine where saviour is and that can liquidate safe
    • saviour - the saviour that will protect the SAFE

3. Risks

When openSAFE is executed, a new safeHandler is created and a safeId is assigned to it for a specific owner. If the user calls CollateralJoin.join to add collateral to the safeHandler immediately after the SAFE creation transaction is mined, there is a chance that a chain reorg occurs. This would result in the user losing the ownership of the safeHandler and therefore lose their collateral. Users can avoid this issue when using proxy actions.