# Shared Safety Module Functionality

A Shared Safety Module is an external module that allows many individual Safety Modules to coordinate, so they can share risk by pooling reserve assets.

When a Safety Module is part of a Shared Safety Module, its `ISharedSafetyModule sharedSafetyModule` storage variable will be a non-zero address that is the associated `SharedSafetyModule` contract. If `sharedSafetyModule == address(0)`, the Safety Module is not part of Shared Safety Module.

## Specifying A Shared Safety Module

Setting a Shared Safety Module follows a three-step process, where the last two steps are similar to configuration changes (see [Manage a Safety ](https://csm-docs.cozy.finance/developer-guides/manage-a-safety-module)Module):

1. The Safety Module `owner` first sets a `proposedSharedSafetyModule` by calling:

```solidity
/// @notice Used to set the proposed SharedSafetyModule.
/// @param proposedSharedSafetyModule_ The new proposed SharedSafetyModule.
/// @dev Only the owner can call this function.
function setProposedSharedSafetyModule(ISharedSafetyModule proposedSharedSafetyModule_) external onlyOwner {
```

2. The `proposedSharedSafetyModule` is allowed to queue itself by calling:

<pre class="language-solidity"><code class="lang-solidity"><strong>/// @notice Used to queue an update to this SafetyModule's SharedSafetyModule.
</strong>/// @dev Only the proposed SharedSafetyModule can call this function.
function queueSharedSafetyModule() external onlyProposedSharedSafetyModule;
</code></pre>

3. The queued `sharedSafetyModule` can get applied by the `proposedSharedSafetyModule` after the [config update delay](https://csm-docs.cozy.finance/creating-a-safety-module/define-safety-module-configuration#config-update-delay) has elapsed and within the [config update grace period](https://csm-docs.cozy.finance/creating-a-safety-module/define-safety-module-configuration#config-update-grace-period) with `SafetyModule.finalizeSharedSafetyModule`:

```solidity
/// @notice Finalizes an update SharedSafetyModule for the SafetyModule.
/// @dev Only the proposed SharedSafetyModule can call this function.
function finalizeSharedSafetyModule() external onlyProposedSharedSafetyModule;
```

The delay period allows Safety Module depositors to withdraw in case they do not wish to be part of the specified Shared Safety Module.

## Shared Safety Module Privileges

A Shared Safety Module is given certain privileges with respect to the Safety Module, explained below.

### Triggering the Safety Module

A **Shared Safety Module** is triggered indirectly via one of its child `SafetyModule` contracts. When a child `SafetyModule`’s `trigger()` function is called, it forwards the trigger to its parent `SharedSafetyModule` if one is configured. This is done by invoking `SharedSafetyModule.propagateTrigger()`.

> **Note:** The snippet below only shows the relevant portion of the child module’s `trigger()` function. It is not the complete implementation of the trigger flow.

```solidity
function trigger(bytes32 triggerEventId_) external {
  if (address(sharedSafetyModule) != address(0)) {
    sharedSafetyModule.propagateTrigger(controller_, triggerEventId_, expiresAt_);
  }
}
```

PropagateTrigger will then call sharedSafetyModuleTrigger on all of the sibling Safety Modules

```solidity
  function sharedSafetyModuleTrigger(
    bytes32 triggerEventId_,
    ISafetyModule originSafetyModule_,
    ISafetyModuleController originController_,
    uint256 expiresAt_
  ) external onlySharedSafetyModule {}
```

### Updating Safety Module Configurations

The Shared Safety Module assumes the traditional role of the `owner` in Safety Module update[ configurations](https://csm-docs.cozy.finance/developer-guides/manage-a-safety-module). Specifically, it is authorized to call `SafetyModule.updateConfigs`:

```solidity
/// @notice Signal an update to the safety module configs. Existing queued updates are overwritten.
/// @param configUpdates_ The new configs. Includes:
/// - reservePoolConfigs: The array of new reserve pool configs, sorted by associated ID. The array may also
/// include config for new reserve pools.
/// - controllerConfigUpdates: The array of controller config updates. It only needs to include configs for updates to
/// existing controllers or new controllers.
/// - delaysConfig: The new delays config.
/// @dev Only the SharedSafetyModule can call this function, if it is set. Else, only the owner can call this
/// function.
function updateConfigs(ConfigUpdateCalldataParams calldata configUpdates_)
    external
    onlySharedSafetyModuleIfSetElseOwner;
```

Configuration updates that occur while a Safety Module is part of a Shared Safety Module have two unique features:

* The Shared Safety Module's config update delay and config update grace period are used
* Only the `sharedSafetyModule` is authorized to call `SafetyModule.finalizeUpdateConfigs` instead of anyone

### Resetting The Shared Safety Module

The Shared Safety Module is the only address authorized to reset the `sharedSafetyModule` to `address(0)`:

```solidity
/// @notice Used to trigger the SafetyModule if it is part of a SharedSafetyModule.
/// @dev Only the SharedSafetyModule can call this function.
function resetSharedSafetyModule() external onlySharedSafetyModule;
```

This is intended to be used when the Safety Module leaves the Shared Safety Module.