I am attempting to create a permission system that will be used to give access to user resources off-chain where permissions cannot be manipulated by the deployer (me) where the user is the owner of the proxy contract but the logical contract can only be updated by the developer.
The reason being, if a proxy contract owner can update their implementation this will undermine the integrity of the app
These contracts will be deployed on a private gas free network so cost is not an issue
New user “proxy contracts” will be create pragmatically with JS
I would like to deploy a new proxy contract for each new user (and if possible have 1 logical contract they all delegate calls to although this is not essential is i’m using gas free network this)
Over the past few days i have read a mountain of resources (thanks for the hard work OpenZeppelin team) and although they have been helpful, ingesting so much information has left me a little confused.
From what i have read it seems to me OpenZeppelins approach is as follows (please correct me if i’m wrong)
As stated by the resources the admin proxy is
“responsible for upgrading our contracts”
Does this mean by default that only I (the developer/admin) can upgrade contracts (ie set the implementation address on the proxy contract) or is the proxy contract owner also able to also?
is there a scalability issue with my approach. say i had 1000 users (proxy contracts / logical contracts) how would one go about upgrading them all
Is there a possibility of some sort of minimal & upgradeable proxy pattern? like so (again not a big issue as network is gas free, so if the answer is to long feel free to skip)
- i cam across an article about contract factories is this implementation my silver bullet? (taking into consideration my questions above) Contract factories
Thanks so much for your time any sort of help would be appricated