Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Smart contracts benefit from being mostly immutable but need to be updateable in the case of software patches. From Open Zeppelin, there is a standard for this called the proxy pattern.

There is a wrapper (proxy) around the implementation contract. So, the wrapper stays at the same address but the implementation can be changed. This allows consistency while maintaining the ability to update.

Typically, this is done by putting code in a fallback function that can call the main implementation. This will copy the incoming call data, forward the call to the proxy via delegateCall and handle the return value.

The delegateCall is of particular importance. This means that the proxy contract holds the state of the implementation contract. Does this have any security implications?

The implementation contract needs to ensure that the storage state of the previous contract is extended upon and does not overwrite anything important. Maintaining the order of variables is very complicated but has catastrophic consequences when done incorrectly. For instance, what if the contract had a variable named owner then on the update the first slot became lastContributor. A collision has occurred!

Collisions can overwrite unintended data in crazy ways. In the Open Zeppelin contract, this is prevented for the proxy address by doing a SHA256 hash and using this as the storage location.

Traditional constructors don't work with this pattern, since the contract implementation won't have the proper state at the time of deployment. Instead an initialize function should be used on the new contract, which can be called from the proxy with the proper state.

An additional caveat is function clashing. If an implementation in the proxy and implementation have the same name, which one is called? For Open Zeppelin, it depends on who called it. If the admin calls it, then the requests are NOT forwarded to the proxy. Otherwise, for users, they are forwarded to the next contract.

Overall, interesting concept - updating on the blockchain. Function clashing, lack of constructor and storage collisions are all issues that have been found in the wild.