Currently, the Safe 1.3.0 to 1.4.1 migration contract checks the addresses of the "target" contract. It requires the migration to either end up on the expected addresses of the Safe or SafeL2.

However, this does not work with zkSync contracts - since the address of the Safe is different (because of zkSync things).

We have two options here:

1. Make a general "SafeMigration" library contract that does not check the target address matches a known copy.
2. Check the target contract by code hash instead of address $^1$
3. Add expected zkSync address and modify the address check to support it.

References

1. Sample code hash check:

   bytes32 constant SAFE_CODE_HASH = keccak256(type(Safe).runtimeCode);
   bytes32 constant SAFEL2_CODE_HASH = keccak256(type(SafeL2).runtimeCode);
   
   function migrate(address singleton) public {
       bytes32 codeHash = singleton.codehash;
       require(codeHash == SAFE_CODE_HASH || codeHash == SAFEL2_CODE_HASH);
       
       // ...
   }

Other Considerations

Potentially provide a migrateUnsafe escape hatch.