sky-ecosystem · 0xBasset · May 30, 2025 · Sep 17, 2025 · Sep 19, 2025 · Sep 19, 2025
diff --git a/.wordlist.txt b/.wordlist.txt
@@ -87,6 +87,9 @@ auth
 authed
 authing
 bytecode
+Calc
+CalcFab
+calldata
 casted
 checksummed
 collateralization
@@ -129,6 +132,11 @@ precomputed
 prepended
 redemptions
 repos
+RPC
+RWA
+RWAXXX
+RWAXYZ
+safeharbor
 setIlkAutoLineDebtCeiling
 setIlkAutoLineParameters
 setIlkDebtCeiling

diff --git a/spell/spell-crafter-mainnet-workflow.md b/spell/spell-crafter-mainnet-workflow.md
@@ -125,6 +125,20 @@ Repo: https://github.com/makerdao/spells-mainnet
     * [ ] Changes are tested via `testNewOrUpdatedChainlogValues`
   * [ ] Adjust system values, collateral values inside `config.sol`
   * [ ] Ensure every spell variable is declared as public/internal
+  * Bug Bounty Registry Updates
+    * [ ] Run `make safeharbor-generate` command in the `spells-mainnet` repo to check for bug bounty updates
+    * [ ] IF the command outputs a solidity snippet:
+      * [ ] Paste the generated code into the spell as is. The code should not be modified. You may adjust formatting.
+      * [ ] Import the `AGREEMENT_ADDRESS` from the `ChainLog`
-      * [ ] Import the `AGREEMENT_ADDRESS` from the `ChainLog`
+      * [ ] Fetch the agreement address from the `ChainLog`
-      * [ ] Import the `AGREEMENT_ADDRESS` from the `ChainLog`
+      * [ ] Fetch the agreement address from the `ChainLog`
+      * [ ] If not already present, add the helper function to perform the call:
+```solidity
+function _updateSafeHarbor(bytes[] memory calldatas) public {
+  for (uint256 i = 0; i < calldatas.length; i++) {
+    (bool success, ) = address(AGREEMENT_ADDRESS).call(calldatas[i]);
+    require(success, "SaferHarbor call failed");
+  }
+}
+```
-      * [ ] If not already present, add the helper function to perform the call:
-```solidity
-function _updateSafeHarbor(bytes[] memory calldatas) public {
-  for (uint256 i = 0; i < calldatas.length; i++) {
-    (bool success, ) = address(AGREEMENT_ADDRESS).call(calldatas[i]);
-    require(success, "SaferHarbor call failed");
-  }
-}
-```
+      * [ ] If not already present, add the helper function to perform the call, using the established archive pattern.
-      * [ ] If not already present, add the helper function to perform the call:
-```solidity
-function _updateSafeHarbor(bytes[] memory calldatas) public {
-  for (uint256 i = 0; i < calldatas.length; i++) {
-    (bool success, ) = address(AGREEMENT_ADDRESS).call(calldatas[i]);
-    require(success, "SaferHarbor call failed");
-  }
-}
-```
+      * [ ] If not already present, add the helper function to perform the call, using the established archive pattern.
 * Add specific tests in `DssSpell.t.sol` to have sufficient test coverage for every spell action
   * [ ] Test new collaterals
   * [ ] Test new ilk registry values
@@ -139,6 +153,8 @@ Repo: https://github.com/makerdao/spells-mainnet
     * [ ] Sanity checks of the constructor arguments
     * [ ] Sanity checks of all values added/updated by the spell function
     * [ ] End-to-end "happy path" interaction with the module
+  * IF bug bounty updates are present
+    * [ ] Test that all bug bounty registry calls execute successfully
   * [ ] Tests PASS via `make test`
 * [ ] Ensure `DssExecLib` address used in current spell (`DssExecLib.address`) matches `dss-exec-lib` [Latest Release Tag](https://github.com/makerdao/dss-exec-lib/releases/latest)
 * [ ] Push committed content to already opened PR
@@ -217,6 +233,7 @@ Repo: https://github.com/makerdao/spells-mainnet
   * [ ] Create testnet and cast deployed spell there using `make cast-on-tenderly spell=0x...` command
   * [ ] Check that returned `public explorer url` is publicly accessible (e.g. using incognito browser mode)
   * [ ] IF `cast-on-tenderly` command is executed several times for the same spell, delete all testnets of the same name except the last one
+* [ ] Verify `make safeharbor-generate` returns empty diff in the casted environment after spell execution.
 * [ ] Archive Spell via `make archive-spell` for the current date (or `make archive-spell date="YYYY-MM-DD"`) using Target Date inside the Exec Doc
 * [ ] Commit & push changes for review
 * [ ] Wait for CI to PASS

diff --git a/spell/spell-reviewer-mainnet-checklist.md b/spell/spell-reviewer-mainnet-checklist.md
@@ -272,6 +272,11 @@
   * [ ] Target contract is not upgradable
   * [ ] Target Contract is included in the ChainLog
   * [ ] Test Coverage is comprehensive
+* IF bug bounty registry updates are present
+  * [ ] Run `make safeharbor-generate` command passing the calldata in the spell to check for it's validity.
+  * [ ] Verify that the generated code exactly matches the generated code in the spell.
+  * [ ] Ensure that `AGREEMENT_ADDRESS` is imported from the ChainLog.
+  * [ ] Ensure that the helper function to perform the call is present and is implemented correctly.
 * IF spell interacts with ChainLog
   * [ ] ChainLog version is incremented based on update type
     * Major -> New Vat (++.0.0)
@@ -383,6 +388,7 @@ _Insert your local test logs here_
   * [ ] All actions are executed in the transaction trace
   * [ ] No reverts are present that block execution
   * [ ] No out-of-gas errors are present
+  * [ ] Confirm `make safeharbor-generate` returns "no updates"
 * Archive checks
   * [ ] `make diff-archive-spell` for current date or `make diff-archive-spell date="YYYY-MM-DD"`
   * [ ] Ensure date corresponds to target Exec Doc date