This document lists every trust assumption SafeLens makes today.
SafeLens classifies each source as:
consensus-verified(legacy): backward-compatibility enum value for older exports; new reports use mode-specific consensus levelsconsensus-verified-beacon: state root verified with beacon light-client BLS checksconsensus-verified-opstack: OP Stack envelope integrity verified (not beacon-equivalent)consensus-verified-linea: Linea envelope integrity verified (not beacon-equivalent)proof-verified: validated against cryptographic Merkle proofsself-verified: validated locally with deterministic coderpc-sourced: accepted from an RPC endpoint (e.g., generation-time simulation/witness inputs)api-sourced: accepted from remote API responsesuser-provided: accepted from local operator input or local files
Each section of the evidence package carries its own trust classification,
allowing progressive trust upgrades (e.g., api-sourced to proof-verified,
or rpc-sourced to consensus-verified-beacon)
as proof infrastructure is added.
| Source | Trust | Assumption | Mitigation |
|---|---|---|---|
| Safe URL input | user-provided | Operator pasted the intended Safe URL and safeTxHash | Review URL before generating evidence |
| Safe Transaction Service response | api-sourced | Safe API returned correct payload for safeTxHash | Re-verify package offline and compare with independent tooling if required |
packagedAt timestamp |
user-provided | Generator host clock is accurate | Use controlled system clock on generator machine |
Exported evidence.json |
self-verified | Local runtime writes generated bytes faithfully | Hash/sign exported artifact in your own pipeline if needed |
| Source | Trust | Assumption | Mitigation |
|---|---|---|---|
| Evidence package integrity | self-verified | JSON/schema parser and runtime are trustworthy | Keep binaries reproducible and verified |
| Safe tx hash recomputation | self-verified | Local hash implementation is correct | Cross-check hashes with independent implementation for critical flows |
| Signature recovery checks | self-verified | Signatures are matched to claimed owners for safeTxHash |
Treat invalid/unsupported signatures as hard stop |
| Signature scheme coverage | api-sourced when unsupported signatures exist | Contract signatures / pre-approved hashes are not fully verified locally | Use on-chain or Safe-native validation when unsupported signatures appear |
| Safe owners and threshold | api-sourced (upgradable to proof-verified) | confirmations and confirmationsRequired in evidence reflect on-chain state |
Include onchainPolicyProof to upgrade to proof-verified |
| On-chain policy proof | proof-verified when present, disabled otherwise | Merkle storage proofs for owners, threshold, nonce, modules, guard, fallback handler, singleton are valid against provided state root | Verify state root against finalized beacon chain consensus (Phase 4) |
| Transaction simulation | rpc-sourced | Generation-time RPC simulation/witness inputs may be wrong until witness and local replay checks pass | Include simulationWitness and run desktop replay verification to prove deterministic consistency against provided witness inputs. Trust remains rpc-sourced until replay world-state accounts are fully state-root proven |
| Decoded calldata metadata | api-sourced | Human-readable decode (dataDecoded) may be incorrect |
Treat raw calldata + hash as canonical; decode independently when needed |
| Local settings labels | user-provided | Address/contract labels are accurate | Keep settings under change control and review diffs |
The evidence package schema accepts versions 1.0, 1.1, and 1.2, each with optional sections carrying an embedded trust classification:
| Section | Trust field | Description |
|---|---|---|
| Core transaction data | - (always present) | EIP-712 fields, confirmations, hash, self-verified on parse |
onchainPolicyProof |
.trust |
Merkle storage proofs for Safe policy state (Phase 2) |
simulation |
.trust |
Transaction simulation result envelope (success, returnData, gasUsed, etc). When simulationWitness.witnessOnly=true, packaged simulation effects are retained for comparison but must be re-derived from local replay during verification. See docs/architecture/verification-source-contract.md for the full witness-only verification matrix. |
simulationWitness |
(implicit) | Replay inputs (world-state accounts, block environment) for offline simulation verification |
consensusProof |
(implicit) | Beacon light client data or OP Stack/Linea execution envelope for consensus state-root verification (Phase 4) |
Sections are independent and can be enabled progressively. A v1.0 package without these sections is fully supported and behaves identically to before.
From highest to lowest assurance:
- consensus-verified-beacon: State root verified with beacon BLS sync committee checks
- consensus-verified-opstack: OP Stack envelope integrity checks (not beacon-equivalent)
- consensus-verified-linea: Linea envelope integrity checks (not beacon-equivalent)
- consensus-verified (legacy): Backward-compatibility label from older exports, superseded by mode-specific consensus labels in current output
- proof-verified: Validated against cryptographic Merkle proofs
- self-verified: Validated locally with deterministic code (EIP-712 hash, ECDSA recovery)
- rpc-sourced: Accepted from an RPC endpoint (including generation-time simulation/witness inputs without full local replay confirmation)
- api-sourced: Accepted from a remote API (Safe Transaction Service)
- user-provided: Accepted from local operator input (URLs, settings, timestamps)
SafeLens desktop is intended to run in a fully airgapped environment after install:
- Production CSP sets
connect-src ipc: http://ipc.localhost(Tauri IPC only, no external network origins). - No
shell-opencapability is enabled in Tauri allowlist or Rust features. - Desktop frontend source contains no network API calls.
These are enforced by automated tests in apps/desktop/tests/airgap-config.test.ts.