feat: add config checker for multisig/DAO info (#101)

* feat: add checker script for evm multisigs and aragon dao

* feat: add solana multisig support to checker script

* feat: add docs and update deps for multisig checker

- Added `get-multisig-info` script to report owners and thresholds for Gnosis Safe multisigs, Aragon DAO plugins, and Solana Squads.
- Updated `.env.example` with new environment variables for multisig addresses.
- Included `@sqds/multisig` package in dependencies and updated `package-lock.json`.
- Enhanced README with usage instructions for the new script.

* fix: trigger ci

* feat: enhance multisig checker with Gateway Safe AdminModule support

- Added functionality to retrieve and verify the AdminModule information for the Gateway Safe.
- Updated README to include details about the new AdminModule environment variable and its usage.
- Modified the `get-multisig-info` script to check for enabled modules and validate the AdminModule's configuration.

* docs: clarify SOLANA_SQUADS_MULTISIG_ACCOUNT usage in README and .env.example

- Updated README to differentiate between the Squads multisig account PDA and the vault ID, providing clear instructions on where to find each.
- Enhanced .env.example with additional comments to prevent confusion regarding the multisig account's purpose.
- Added notes in the get-multisig-info script to emphasize the distinction and avoid potential errors when retrieving multisig data.

Author: Seth-Schmidt

contracts/chains-config-checker/.env.example

@@ -11,6 +11,19 @@ ZAMA_OFT_GATEWAY="0xcE762c7FDaac795D31a266B9247F8958c159c6d4"
 ZAMA_OFT_BSC="0x6907A5986C4950Bdaf2F81828Ec0737ce787519f"
 ZAMA_OFT_HYPEREVM="0x43cdd2cCbeB38Eb62fDf54e17aFBabf450ebBB01"
 
+# get-multisig-info.js — Gnosis Safe multisigs & Aragon DAO (mainnet)
+ZAMA_SAFE_GATEWAY="0x5f0F86BcEad6976711C9B131bCa5D30E767fe2bE"
+ZAMA_SAFE_ADMIN_MODULE_GATEWAY="0x57f866b5E7Fb82Fb812Ed3D3C79cdB35E9e91518"
+ZAMA_SAFE_BSC="0xa40939fDe3883D2e7Cd5C32f53AB241804d2779B"
+ZAMA_SAFE_HYPEREVM="0x0d66642a5Bc6E32e013f47E08f9db9bDb1268827"
+ZAMA_ARAGON_DAO="0xB6D69D5F334d8B97B194617B53c6aB62f8681Ef3"
+
 # Solana
 SOLANA_RPC_URL="https://api.mainnet-beta.solana.com"
 SOLANA_OFT_MINT="4Zp52aF4hZi9fzH19xpbWKYKQvgLyCN67KFbrQDqeTKh"
+# NOT the Squads vault id listed in docs/addresses/mainnet/solana.md
+# (G9jXsKZ2...TUVf5, the one shown on app.squads.so and used everywhere as
+# "the multisig"). This is the separate Squads multisig account PDA that
+# stores members and threshold state. Find it on solscan.io under the vault's
+# "Multisig" tab, or on app.squads.so under Settings.
+SOLANA_SQUADS_MULTISIG_ACCOUNT="HB3boZwyCUmjCo2uPWfVS2WKYmdgGv2XVpRgUaX5CkxC"

contracts/chains-config-checker/README.md

@@ -29,6 +29,7 @@ Currently, most useful scripts are:
 [*] get-current-pausers
 [*] get-token-roles
 [*] get-oft-owners
+[*] get-multisig-info
 ```
 ### getCurrentPausers
 
@@ -225,3 +226,103 @@ Example output:
 Admin, Upgrade Authority, and Delegate should be IDENTICAL on Solana,
 and it should be a Squads multisig wallet owned by Zama FB_i operators
 ```
+
+### getMultisigInfo
+
+Reports owners and thresholds for all deployed multisig wallets (EVM Safes, Aragon DAO plugins, Solana Squads).
+
+#### Usage
+
+```bash
+npm run get-multisig-info
+```
+
+The script will:
+1. Query each configured **Gnosis Safe** (Gateway, BSC, HyperEVM) for `getOwners()` and `getThreshold()`, then cross-check that owners and threshold are identical across all chains.
+2. On the **Gateway Safe**, list every enabled module via `getModulesPaginated(SENTINEL, 100)` and verify that the only enabled module is the configured `AdminModule`. The `AdminModule` is also queried for its `ADMIN_ACCOUNT()` and `SAFE_PROXY()`; the latter must match `ZAMA_SAFE_GATEWAY`.
+3. Detect active **Aragon DAO plugins** by scanning `Granted`/`Revoked` events for `EXECUTE_PERMISSION` on the DAO, filtering out uninstalled plugins. A sanity check calls `hasPermission()` on-chain to verify the event-derived state.
+4. Query the **Solana Squads** multisig account for members and threshold.
+
+**Environment variables:**
+
+| Variable | Description |
+|---|---|
+| `RPC_GATEWAY` | Gateway RPC endpoint |
+| `RPC_BSC` | BSC RPC endpoint |
+| `RPC_HYPEREVM` | HyperEVM RPC endpoint |
+| `RPC_ETHEREUM` | Ethereum RPC endpoint (for Aragon) |
+| `ZAMA_SAFE_GATEWAY` | Safe address on Gateway |
+| `ZAMA_SAFE_ADMIN_MODULE_GATEWAY` | AdminModule address enabled on the Gateway Safe |
+| `ZAMA_SAFE_BSC` | Safe address on BSC |
+| `ZAMA_SAFE_HYPEREVM` | Safe address on HyperEVM |
+| `ZAMA_ARAGON_DAO` | Aragon DAO address on Ethereum |
+| `SOLANA_RPC_URL` | Solana RPC endpoint |
+| `SOLANA_SQUADS_MULTISIG_ACCOUNT` | Squads multisig account PDA** |
+
+> **⚠️ `SOLANA_SQUADS_MULTISIG_ACCOUNT` is NOT the Squads vault ID.**
+>
+> The address listed as "Squads Multisig" in `docs/addresses/mainnet/solana.md`
+> (`G9jXsKZ2...TUVf5`, shown on `app.squads.so` and used everywhere as "the
+> multisig") is the vault account: the PDA that holds funds and signs transactions.
+>
+> `SOLANA_SQUADS_MULTISIG_ACCOUNT` is a different PDA: the Squads **multisig**
+> **account** that stores the members list and signing threshold.
+>
+> Find it on `solscan.io` under the vault's **Multisig** tab, or on
+> `app.squads.so` under `Settings`.
+
+#### Example Output
+
+```
+=== Safe Multisig Wallets ===
+
+[Gateway]
+  Safe address : 0x5f0F...2bE
+  Threshold    : 3 of 5
+  Owners:
+    1. 0x9b82...9B71
+    2. 0xf299...fBBE
+    3. 0x6dd4...5874
+    4. 0x8edF...8CB8
+    5. 0x7053...02b3
+
+[BSC]
+  ...
+
+[HyperEVM]
+  ...
+
+All Safe wallets have IDENTICAL owners and threshold (3 of 5)
+
+=== Gateway Safe AdminModule ===
+
+[Gateway AdminModule]
+  Module address : 0x57f866b5E7Fb82Fb812Ed3D3C79cdB35E9e91518
+  Admin account  : 0x...
+  Safe proxy     : 0x5f0F86BcEad6976711C9B131bCa5D30E767fe2bE
+
+[Gateway Safe enabled modules]
+  Safe address  : 0x5f0F86BcEad6976711C9B131bCa5D30E767fe2bE
+  Total enabled : 1
+    1. 0x57f866b5E7Fb82Fb812Ed3D3C79cdB35E9e91518
+
+Only the AdminModule is enabled on the Gateway Safe, and its SAFE_PROXY matches.
+
+=== Aragon DAO Plugins ===
+  DAO: 0xB6D6...Ef3
+  ...
+
+Detected 2 active plugin address(es):
+    https://etherscan.io/address/0x...
+    https://etherscan.io/address/0x...
+
+=== Solana Squads Multisig ===
+
+[Solana Squads]
+  Multisig account : HB3bo...CkxC
+  Threshold        : 4 of 6
+  Members:
+    1. ...
+    2. ...
+    ...
+```

contracts/chains-config-checker/package-lock.json

@@ -8,7 +8,8 @@
     "get-token-roles": "node utils/get-token-roles.js",
     "get-oft-owners-evm": "node utils/get-oft-owners-evm.js",
     "get-oft-owners-solana": "node utils/get-oft-owners-solana.js",
-    "get-oft-owners": "node utils/get-oft-owners-evm.js && node utils/get-oft-owners-solana.js"
+    "get-oft-owners": "node utils/get-oft-owners-evm.js && node utils/get-oft-owners-solana.js",
+    "get-multisig-info": "node utils/get-multisig-info.js"
   },
   "dependencies": {
     "@layerzerolabs/lz-solana-sdk-v2": "^3.0.136",
@@ -18,6 +19,7 @@
     "@metaplex-foundation/umi-bundle-defaults": "^0.9.2",
     "@metaplex-foundation/umi-web3js-adapters": "^0.9.2",
     "@solana/web3.js": "~1.95.8",
+    "@sqds/multisig": "^2.1.4",
     "dotenv": "^16.0.0",
     "ethers": "^6.0.0"
   },