An ownable contract is not a cloneable contract

maxareo · May 29, 2021, 12:51pm

Hi there, I did a little experiment to testify my hypothesis that an ownable contract is not a cloneable contract. Here is what I found and what I did.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.4;

import "@openzeppelin/contracts/proxy/Clones.sol";
import "openzeppelin-solidity/contracts/access/Ownable.sol";

contract Template is Ownable {

}

contract CheckOwnerableAndClone {

    address private templateAddr;

    function setTemplate(address addr) public {
        templateAddr = addr;
    }
    
    function getTemplate() public view returns(address) {
        return templateAddr;
    }

    function makeClone() public returns(address) {
        address newAddr = Clones.clone(templateAddr);
        return newAddr;
    }

}

interface IOwnable {
    function owner() external returns(address);
    function transferOwnership(address newOwner) external;
}

contract callContract {
    
    function checkOwner(address addr) public returns(address) {
        return IOwnable(addr).owner();
    }
    
    function transferOwner(address addr, address newOwner) public {
        IOwnable(addr).transferOwnership(newOwner);
    }
}

Basically the result is, the newly created contract by cloning cannot have the owner changed. The reason is once a contract is cloned and created, the new owner is 0x0000000000000000000000000000000000000000 and I believe there is no way to change it, since the function transferOwnership is onlyOwner modified.

Not the greatest discovery in the world, but this does have my concern verified. When cloning a contract, the template contract should not be a child of Ownable.

frangio · May 29, 2021, 9:55pm

It goes further than this. Clones have to follow the same rules than upgradeable contracts. See Writing Upgradeable Contracts.

Notice the part about constructors vs initializers. Ownable is a contract that has a constructor. owner is a storage variable, and the constructor will initialize the storage of the "template", and not of the clone.

If you will Clone, you can't use any contract that relies on constructors. You shouldn't be using the @openzeppelin/contracts package for clonable contracts. You should be using our alternative package @openzeppelin/contracts-upgradeable, which has initializer functions instead of constructors. Read about it here.

maxareo · May 30, 2021, 3:52am

The motivation behind this work is 1 verifying my concern that an ownable contract should not be cloned directly and 2 getting a practical example on how clone actually works.

If possible, I would suggest adding this example as an illustration to the quoted paragraph below. The plain text is understandable and having an accompanying example would work better.

In Solidity, code that is inside a constructor or part of a global variable declaration is not part of a deployed contract’s runtime bytecode. This code is executed only once, when the contract instance is deployed. As a consequence of this, the code within a logic contract’s constructor will never be executed in the context of the proxy’s state. To rephrase, proxies are completely oblivious to the existence of constructors. It’s simply as if they weren’t there for the proxy.

Skyge · May 30, 2021, 4:17am

Good question.

I think there is some basic knowledge before using the Clone. Actually, there are two kinds of code in the contract: Creation Code and Runtime Code. As for Runtime Code, they are the real logic to use in contract, and for Creation Code, it contains Runtime Code and Initialization

For Clone contract. It actually clones a contract’s runtime code. So just like frangio mentioned above, if you want to clone a contract has constructor, you should rewrite the contracts with the initializer functions or maybe you can also change all the variables that need to be assigned to constant.

As for example, I am not sure, I only know Uniswap uses the factory pattern to generate pair contract for each pair, each pair contract has the same code, but it seems like not the clones, maybe some multisig wallets use it, I am not sure.

maxareo · May 30, 2021, 4:31am

@Skyge @frangio These explanations are great. For a non-CS guy like myself, I definitely would appreciate more if the why part can be explained in a more intuitive way. Even the example by Uniswap give below is hard to digest. They actually use create2 to create a new contract with a deterministic address. (A side question, is it possible to achieve the same with Clones?)

Toy examples with reproducible results are much more friendly, can illustrate the why component more vividly and can capture your audience quickly if thinking from a publisher’s perspective.

By the way, is there a good source of reference for more information about Runtime Code and Creation Code?

    function createPair(address tokenA, address tokenB) external returns (address pair) {
        require(tokenA != tokenB, 'Pancake: IDENTICAL_ADDRESSES');
        (address token0, address token1) = tokenA < tokenB ? (tokenA, tokenB) : (tokenB, tokenA);
        require(token0 != address(0), 'Pancake: ZERO_ADDRESS');
        require(getPair[token0][token1] == address(0), 'Pancake: PAIR_EXISTS'); // single check is sufficient
        bytes memory bytecode = type(PancakePair).creationCode;
        bytes32 salt = keccak256(abi.encodePacked(token0, token1));
        assembly {
            pair := create2(0, add(bytecode, 32), mload(bytecode), salt)
        }
        IPancakePair(pair).initialize(token0, token1);
        getPair[token0][token1] = pair;
        getPair[token1][token0] = pair; // populate mapping in the reverse direction
        allPairs.push(pair);
        emit PairCreated(token0, token1, pair, allPairs.length);
    }

Skyge · May 30, 2021, 2:00pm

Not sure, but you can have a look at this article:

https://blog.openzeppelin.com/deconstructing-a-solidity-contract-part-ii-creation-vs-runtime-6b9d60ecb44c/

frangio · May 30, 2021, 10:34pm

Yes! Clones has a function called cloneDeterministic that uses create2 under the hood.

fabianorodrigo · March 22, 2022, 9:24am

Guys,

What about if the cloneable contract had a parameter "owner" at initialize function and call _transferOwnership. Wouln't it work?

contract CheckOwnerableAndClone is   Initializable, Ownable {

 constructor() Ownable() {}

 function initialize(address payable _owner) public initializer {
    _transferOwnership(_owner);
 }
}

frangio · March 25, 2022, 1:00pm

See this issue for prior discussion:

github.com/OpenZeppelin/openzeppelin-contracts

Ownable should support setting the initial owner through its constructor

opened 07:28AM - 23 Apr 21 UTC

wighawag

breaking change

**🧐 Motivation** Currently Ownable force you to set the initial owner to be the… msg sender. This brings a dependence on the account that deploy the contract, which is often not the same as the expected owner of the contract. For security it is often better to ensure the account making deployment do not have any responsibility. it also brings issue when you need to deploy the contract through a factory where the factory become the defacto owner of the contract. While contracts using `Ownable` could call `transferOwnership` this would trigger another event. It would be better if Ownable constructor had a `owner` parameter so contract using Ownable can decide whose address is going to be the initial owner

Topic		Replies	Views
TransferOwnership when creating a Clone not working ("Ownable: caller is not the owner") - EIP-1167 Smart Contracts	4	563	January 16, 2023
Ownable contract inheritance General	6	2241	May 9, 2021
Using proxy and Ownable implementation Upgrades proxies	2	941	April 30, 2022
Assigning owner to upgradeable contract Upgrades	5	2129	January 22, 2022
Create3 deployement with proxy contract- ownership? Upgrades proxies , solidity	16	1189	September 4, 2023

An ownable contract is not a cloneable contract

Related topics