Stack too deep when migrating Gnosis Safe

[sekisamu]

Description

Safe extensively uses the proxy pattern in its contract architecture, which easily triggers the maximum call stack depth limit. For example, the simulation feature for multi-sig transactions (essential for Safe usage) involves the following call stack:

SafeProxy 
  └─(delegatecall)→ SafeSingleton
      └─(call)→ CompatibilityFallbackHandler
          └─(call)→ SafeProxy
              └─(delegatecall)→ SafeSingleton
                  └─(delegatecall)→ SimulateTxAccessor
                      └─(call/delegatecall)→ targetContract

The current maximum call stack depth in Revive is insufficient to support this basic use case.

How to Reproduce

1. Clone and setup the repository

git clone https://github.com/papermoonio/safe-polkadot-poc
cd safe-polkadot-poc
pnpm install

2. Create .env file
   Create a .env file in the project root:

LOCAL_PRIV_KEY=0x5fb92d6e98884f76de468fa3f6278f8807c48bebc13595d45af5bdc4da702133
LOCAL_PRIV_KEY_2=0xxxx

3. Run the scripts

# 1. Deploy all contracts
USE_POLKAVM=true npx hardhat run scripts/deployAll.ts --network local
# 2. Execute simulation script
USE_POLKAVM=true npx hardhat run scripts/simulate.ts --network local

Error Messages

Hardhat reports:

ProviderError: execution reverted: 

Substrate node logs show:

2025-07-29 22:53:37.001 TRACE tokio-runtime-worker runtime::revive::strace: call(flags_and_callee: 34359935056, ref_time_limit: 18446744073709551615, proof_size_limit: 18446744073709551615, deposit_and_value: 18446172606835849216, input_data: 131312, output_data: 18446172465102192720) = Err(TrapReason::SupervisorError(Module(ModuleError { index: 80, error: [5, 0, 0, 0], message: Some("MaxCallDepthReached") }))) gas_consumed: Weight { ref_time: 554262959, proof_size: 9078 }

Impact

• Gnosis Safe cannot function properly on Polkadot
• Multi-sig wallets and DAOs using Safe infrastructure are blocked
• Any protocol using similar proxy patterns may face the same limitation

Proposed Solution

Increase the maximum call stack depth limit in Revive to support complex but legitimate contract patterns like those used in Gnosis Safe.

[athei]

Will be fixed with paritytech/polkadot-sdk#9267

[TorstenStueber]

@sekisamu can you confirm that this works now? The PR @athei linked to has been merged.

[sekisamu]

@TorstenStueber When using the latest revive-dev-node and run npx hardhat run scripts/deployAll.ts --network local (local network is also started with revive-dev-node), it will output below error:

Error: could not coalesce error (error={ "code": 1010, "message": "Invalid Transaction" }, payload={ "id": 76, "jsonrpc": "2.0", "method": "eth_sendRawTransaction", "params": [ "0x02f8af84190f1b440b81c88208988706adf2cadaf3f394c01ee7f10ea4af4673cfff62710e1d7792aba8f380b8401c287c774ba9f8f995e607329903a9731f1c3b83f906154fac384832f29cc41f64c518575dae3a5aaeffb65f5b061425481535d9c10863d2fe995b09bc98081cc080a0bca3d5261f05a72bf6c4d75ef92af0220d5c6510f11248a5b7c4b3f3ca356805a0770d700a4e1f64e3040cc3cffe62f8c2ca0547d5f873b687e549d30416db7ab6" ] }, code=UNKNOWN_ERROR, version=6.15.0)

similar issue: paritytech/hardhat-polkadot#281

[TorstenStueber]

@sekisamu so the original issue was resolved and now it shows another (unrelated?) error that is already reported in the linked issue?

[sekisamu]

@TorstenStueber Currently I'm blocked by the Invalid transaction issue so I can not verify that if the stack too deep error is resolved or not.

[TorstenStueber]

Okay, thanks for clarifying. As Alex said in the other issue, this is blocked until the proper gas handling is implemented (first half of September).

[pgherveou]

the call stack size is now 25, would be good to retry with latest master

[marian-radu]

The initially reported issue is fixed in the latest master.
After disabling caching of identical network requests for JsonRpcProvider (see patch below) to fix an InvalidTransaction error caused by an incorrect nonce, both deployAll.ts and sendSafeTx.ts run successfully.

diff --git a/scripts/utils.ts b/scripts/utils.ts
index 95c57cc..5ad57ae 100644
--- a/scripts/utils.ts
+++ b/scripts/utils.ts
@@ -31,7 +31,11 @@ export function buildDeployCalldata(codeHash: string, salt?: string): string {
  * @returns Array of wallets
  */
 export function getWallets(hre: HardhatRuntimeEnvironment, n: number): Wallet[] {
-  const provider = new JsonRpcProvider(hre.network.config.url);
+  const provider = new JsonRpcProvider(
+    hre.network.config.url,
+    undefined, // network (optional)
+    { cacheTimeout: 0 }
+  );
   const allWallets = (hre.network.config.accounts as string[]).map(
     (account: string) => new Wallet(account, provider)

radumarian@Radus-MacBook-Pro safe-polkadot-poc % npx hardhat run scripts/deployAll.ts --network local
Compiling 47 Solidity files
Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
--> contracts/interfaces/ViewStorageAccessible.sol


Warning: Function state mutability can be restricted to pure
  --> contracts/test/Storage.sol:14:5:
   |
14 |     function getValue() public view returns (uint256) {
   |     ^ (Relevant source part starts here and spans across multiple lines).


Warning: You are checking for 'tx.origin' in your code, which might lead to unexpected behavior.
Polkadot comes with native account abstraction support, and therefore the initiator of a
transaction might be different from the contract calling your code. It is highly recommended NOT
to rely on tx.origin, but use msg.sender instead.
    --> contracts/GnosisSafe.sol:204:73
     |
 204 |         address payable receiver = refundReceiver == address(0) ? payable(tx.origin) : refundReceiver;
     |                                                                           ^^^^^^^^^


Warning: It looks like you are using '<address payable>.send/transfer(<X>)'.
Using '<address payable>.send/transfer(<X>)' is deprecated and strongly discouraged!
The resolc compiler uses a heuristic to detect '<address payable>.send/transfer(<X>)' calls,
which disables call re-entrancy and supplies all remaining gas instead of the 2300 gas stipend.
However, detection is not guaranteed. You are advised to carefully test this, employ
re-entrancy guards or use the withdrawal pattern instead!
Learn more on https://docs.soliditylang.org/en/latest/security-considerations.html#reentrancy
and https://docs.soliditylang.org/en/latest/common-patterns.html#withdrawal-from-contracts
    --> contracts/GnosisSafe.sol:208:19
     |
 208 |             require(receiver.send(payment), "GS011");
     |                     ^^^^^^^^^^^^^^^^^^^^^^


Successfully compiled 47 Solidity files
Deploying contracts with the account: 0xf24FF3a9CF04c71Dbc94D0b566f7A27B94566cac
DeterministicDeploymentProxy deployed to: 0xE3eb65E561Dde7e9101eE5fA37F8998349Df4D2a
CreateCall deployed to: 0x8e3cDf9FaE52075fb29E916AFF92D08A12d324ba
MultiSend deployed to: 0xed6E8BB5Da47Fb5F68d6455A628c619a935a44b7
MultiSendCallOnly deployed to: 0x64F7A621306D8893cA1bb5B90A46c10Fade3b22E
DefaultCallbackHandler deployed to: 0x7e4Ca7049c02e51f7d9439D878D324cC93BbD463
CompatibilityFallbackHandler deployed to: 0x510668cEfa0F2b3e62748D18c6407844aB2dE749
SimulateTxAccessor deployed to: 0x2D90aeF089c389Cf9DC7165B69a7a02931A0973a

Deploying Safe contracts through DeterministicDeploymentProxy...
GnosisSafe deterministic deployment transaction: 0x9f17bcec34ec4dd55e7697fae82c3b8efde697ca731a167d953efc9747e7ca2e
GnosisSafe deterministic address: 0x2645D38122327eFd81a5259627B95e69d81F642E
GnosisSafeL2 deterministic deployment transaction: 0xd054880962ae1eda4b245e8c34820218995bd4e09b9beb7add6b2016d8a9cb32
GnosisSafeL2 deterministic address: 0xa98d52175364b376209904211700C822f808a258
GnosisSafeProxyFactory deterministic deployment transaction: 0xf5ab52e8563c1cd4d68bd8c7bf3f317c1948f8a0709ef97b5ef4a0447e9dbcce
GnosisSafeProxyFactory deterministic address: 0xEcC1eD9452d3Dd164476a36F9fEE346C04fa3Ef8

Deployment addresses saved to: /Users/radumarian/safe-polkadot-poc/deployment/local.json

All contracts deployed successfully!

[marian-radu]

@sekisamu

I'm closing the ticket based on the above comment. Please re-open it if the suggested patch does not work for you or does not fix the core issue.