# Shared Safety Module Functionality

A Shared Safety Module is an external module that allows many individual Safety Modules to coordinate, so they can share risk by pooling reserve assets.

When a Safety Module is part of a Shared Safety Module, its `ISharedSafetyModule sharedSafetyModule` storage variable will be a non-zero address that is the associated `SharedSafetyModule` contract. If `sharedSafetyModule == address(0)`, the Safety Module is not part of Shared Safety Module.

## Specifying A Shared Safety Module

Setting a Shared Safety Module follows a three-step process, where the last two steps are similar to configuration changes (see [Manage a Safety ](/developer-guides/manage-a-safety-module.md)Module):

1. The Safety Module `owner` first sets a `proposedSharedSafetyModule` by calling:

```solidity
/// @notice Used to set the proposed SharedSafetyModule.
/// @param proposedSharedSafetyModule_ The new proposed SharedSafetyModule.
/// @dev Only the owner can call this function.
function setProposedSharedSafetyModule(ISharedSafetyModule proposedSharedSafetyModule_) external onlyOwner {
```

2. The `proposedSharedSafetyModule` is allowed to queue itself by calling:

<pre class="language-solidity"><code class="lang-solidity"><strong>/// @notice Used to queue an update to this SafetyModule's SharedSafetyModule.
</strong>/// @dev Only the proposed SharedSafetyModule can call this function.
function queueSharedSafetyModule() external onlyProposedSharedSafetyModule;
</code></pre>

3. The queued `sharedSafetyModule` can get applied by the `proposedSharedSafetyModule` after the [config update delay](/developer-guides/creating-a-safety-module/define-safety-module-configuration.md#config-update-delay) has elapsed and within the [config update grace period](/developer-guides/creating-a-safety-module/define-safety-module-configuration.md#config-update-grace-period) with `SafetyModule.finalizeSharedSafetyModule`:

```solidity
/// @notice Finalizes an update SharedSafetyModule for the SafetyModule.
/// @dev Only the proposed SharedSafetyModule can call this function.
function finalizeSharedSafetyModule() external onlyProposedSharedSafetyModule;
```

The delay period allows Safety Module depositors to withdraw in case they do not wish to be part of the specified Shared Safety Module.

## Shared Safety Module Privileges

A Shared Safety Module is given certain privileges with respect to the Safety Module, explained below.

### Triggering the Safety Module

A **Shared Safety Module** is triggered indirectly via one of its child `SafetyModule` contracts. When a child `SafetyModule`’s `trigger()` function is called, it forwards the trigger to its parent `SharedSafetyModule` if one is configured. This is done by invoking `SharedSafetyModule.propagateTrigger()`.

> **Note:** The snippet below only shows the relevant portion of the child module’s `trigger()` function. It is not the complete implementation of the trigger flow.

```solidity
function trigger(bytes32 triggerEventId_) external {
  if (address(sharedSafetyModule) != address(0)) {
    sharedSafetyModule.propagateTrigger(controller_, triggerEventId_, expiresAt_);
  }
}
```

PropagateTrigger will then call sharedSafetyModuleTrigger on all of the sibling Safety Modules

```solidity
  function sharedSafetyModuleTrigger(
    bytes32 triggerEventId_,
    ISafetyModule originSafetyModule_,
    ISafetyModuleController originController_,
    uint256 expiresAt_
  ) external onlySharedSafetyModule {}
```

### Updating Safety Module Configurations

The Shared Safety Module assumes the traditional role of the `owner` in Safety Module update[ configurations](/developer-guides/manage-a-safety-module.md). Specifically, it is authorized to call `SafetyModule.updateConfigs`:

```solidity
/// @notice Signal an update to the safety module configs. Existing queued updates are overwritten.
/// @param configUpdates_ The new configs. Includes:
/// - reservePoolConfigs: The array of new reserve pool configs, sorted by associated ID. The array may also
/// include config for new reserve pools.
/// - controllerConfigUpdates: The array of controller config updates. It only needs to include configs for updates to
/// existing controllers or new controllers.
/// - delaysConfig: The new delays config.
/// @dev Only the SharedSafetyModule can call this function, if it is set. Else, only the owner can call this
/// function.
function updateConfigs(ConfigUpdateCalldataParams calldata configUpdates_)
    external
    onlySharedSafetyModuleIfSetElseOwner;
```

Configuration updates that occur while a Safety Module is part of a Shared Safety Module have two unique features:

* The Shared Safety Module's config update delay and config update grace period are used
* Only the `sharedSafetyModule` is authorized to call `SafetyModule.finalizeUpdateConfigs` instead of anyone

### Resetting The Shared Safety Module

The Shared Safety Module is the only address authorized to reset the `sharedSafetyModule` to `address(0)`:

```solidity
/// @notice Used to trigger the SafetyModule if it is part of a SharedSafetyModule.
/// @dev Only the SharedSafetyModule can call this function.
function resetSharedSafetyModule() external onlySharedSafetyModule;
```

This is intended to be used when the Safety Module leaves the Shared Safety Module.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://csm-docs.cozy.finance/developer-guides/shared-safety-module-functionality.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.