Hello Smart People,
I have a contract that uses SafeToken library from one of the codebase thats not a part of OZ. But the auditors asked us to use SafeERC20Library from OZ. But the problem is we already have deployed our contracts, so my question is, is it safe to change from SafeToken to SafeERC20Library, provided thats the only change we do in our upgrade ie, no storage manipulation at all.
Plus, we are using Transparent Upgradeable Proxy Pattern for the upgrades
I did use hardhat plugin and it shows blank when I do validateUpgrade, which I think means its okay
But I want to be sure, so could you give me a proper reason if it is okay or not okay to be done?
Thanks in Advance
Should be safe; changing a library is equivalent to changing code only (like you said - "no storage manipulation at all").
BTW, "no storage manipulation at all" is not exactly accurate, since a library function CAN in fact take a storage variable (pointer if you will) as input, and change the contents of the pointed storage-slot.
But a library cannot declare additional storage variables, hence, it cannot impact the storage layout of the contract which uses that library (and that's what matters in the context of upgrading the contract).
This is also available in the official documentation:
I'd wonder about why you have deployed the contract before receiving the auditor's report, but that's a different story I suppose...
1 Like