Can no longer deploy contracts via Safe because "Delegate call is disabled" #2805
Description
Describe the bug
The Safe UI prevents deploying contracts from a Safe.
This is because the safe-transaction-service rejects transactions that use delegateCall to the CreateCall contract, blocking legitimate contract deployment operations. The error message "Delegate call is disabled" appears after attempting to sign a transaction, even when calling Safe's own verified CreateCall contract.
To Reproduce
Steps to reproduce the behavior:
- Do
POSTonhttps://safe-client.safe.global/v1/chains/11155111/transactions/0x9C44C2B07380DA62a5ea572b886048410b0c44fd/propose. make sure the transaction includes a call to the CreateCall contract
Body (full data omitted because it pushes this issue over the character limit):
{
"to": "0xA238CBeb142c10Ef7Ad8442C6D1f9E89e07e7761",
"value": "0",
"data": "0x8d..000",
"nonce": "21",
"operation": 1,
"safeTxGas": "0",
"baseGas": "0",
"gasPrice": "0",
"gasToken": "0x0000000000000000000000000000000000000000",
"refundReceiver": "0x0000000000000000000000000000000000000000",
"safeTxHash": "0x585902e09f04c0d377be6848f5945a11f1c737615c16d6a481c9e4dc8aba4dee",
"sender": "0x27b08aD52cb8a64543d58120bA9EB5a8638E8C60",
"signature": "0x9fb6dbeccccaf367b0f6b4a97ba3bba71303ac3b212304b4270625e0abbfa91855bb07fa049dd33439f437cd573e9bb5a8db67c3490319c34689f804c4668bca1b3d9049d750c1f61fbce0e7bb2f7ce0f443cde7e196440b37409fd6ecdb24816d011c57c16ba646ac0c78c7b913d6846fbbcb8365c72c4d9db8137348e5c74c361c"
}
- Note error response:
{"message":"Delegate call is disabled","statusCode":422}
Expected behavior
The transaction should be signable via the Safe UI when using delegateCall to Safe's own verified CreateCall contracts. These contracts are:
Deployed and verified by Safe Global
Listed in the official safe-deployments repository
Specifically designed for safe contract deployment operations
Example verified CreateCall contracts that should be whitelisted:
v1.3.0: 0x7cbB62EaA69F79e6873cD1ecB2392971036cFAa4 (source)
v1.4.1: 0x9b35Af71d77eaf8d7e40252370304687390A1A52 (source)
v1.5.0: 0x2Ef5ECfbea521449E4De05EDB1ce63B75eDA90B4 (source)
I see there is a notion of a whitelist here, and here, which should help.
Alternatively, an API parameter (driven by a "Yes, I'm sure" checkbox in the UI) could be added to support overriding of the delegateCall checks
Environment (please complete the following information):
- Staging or production?
- Which chain?
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Additional context
- The transaction was successfully signed via command line, but non-technical co-signers need to sign through the UI
- This restriction impacts legitimate use cases where delegateCall is necessary and safe (e.g., contract deployment via CreateCall)
Please help we have contracts to deploy. Thank you!