So how does PWN Safe work altogether? To explain, we'll first look at the Gnosis Safe guard and module architecture and then the complete design of PWN Safe.
Safe Guard and Module
As shown in the diagram above, the Safe wallet can be extended by a guard and a module.
In its essence, a guard is a contract which checks every transaction before and after its execution. In the case of the ATR Guard, its purpose is to make sure an asset which has an ATR token minted cannot be transferred from the Safe wallet.
A module enables one to make a transaction without needing the Safe owners to sign it. The ATR Module leverages this feature so an ATR token holder can transfer an asset even though the holder isn't the Safe owner.
Deploys new PWN Safes. Users don't deploy new Safe contracts for each Safe, as that would be ineffective and expensive. Instead, they deploy a proxy contract.
PWN Safe Factory also provides a function isValidSafe to check if a Safe is valid.
The ATR Guard checks every transaction before and after its execution, making sure that an asset that has an ATR token minted cannot be transferred or have approved operators.
This contract is wrapped in a proxy contract so that it can be upgraded.
Can update the Guard contract so that users won't have to create new Safes in case of a new ERC standard. The owner can also update the whitelist to allow only selected assets to be used in the PWN Safe.
Please note: It's not possible for the owner to change the guard in a way that would allow him to transfer assets held in PWN Safes, but it is possible to make the ATR tokens behave in a malicious way. This is a trade-off for the upgradability of PWN Safes.
