How to deploy new instances using beacon proxy from a factory when using @openzeppelin/hardhat-upgrades

Mylifechangefast.eth · May 31, 2024, 12:50pm

Please, take a look at this functiondeployeLptoken it uses CREATE opcode to deploy a new contract at the instance of sdexBeaconProxy contract. In the security aspect, I feel there can be reOrgs attacks due to creating a deployment of address with a deterministic nonce.

However is it possible for me to deploy my own Beacon proxy or the Beaconproxy here will be mine as soon as I make a deployment?

function deployLpToken(address base, address quote, uint256 poolIdx, address sdex) external returns(address) {
    address lpTokenAddress = address(new SdexBeaconProxy(lpTokenBeaconAddress, abi.encodeWithSignature(
        "initialize(address,address,uint256,address)",
        base,
        quote,
        poolIdx,
        sdex
    )));

    emit LpTokenCreated(base, quote, poolIdx, sdex, lpTokenAddress);
    return lpTokenAddress;
}

While the contract logic may be identical, the control of the contract address matters significantly. The key issue is not about the contract logic but who controls the contract at the expected address.

The argument is that even if Bob deploys the LP token contract after a reorg, the contract will still be a valid SdexBeaconProxy contract with the same logic as intended by Alice. is this true?

My issue now is who controls the valid Sdexbeacon proxy?

Wont it be the person who deploys the toke when the original contract is pending before it get re-included in the block to a new address and an increment in a nonce?

@ericglau

ericglau · May 31, 2024, 9:42pm

@Mylifechangefast.eth A few things to note:

There can be 3 different contracts with ownership or access control for your scenario:
1. the beacon itself has an owner who can upgrade the beacon's implementation,
2. the proxy (via your implementation code) can also have its own owner or access control,
3. the factory can also have its own owner or access control
For your example, anyone can call deployLpToken in your factory since that function does not have access control.
For the proxy's owner or access control, ensure that you set it in the initializer, and ensure you call the initializer at the same time as deploying the proxy. (I assume you are calling the initializer using the second parameter of your SdexBeaconProxy .) That prevents someone else from frontrunning the initialization of the proxy.

Akshansh_Modi · June 18, 2024, 2:26am

Hey check this out, implementation of beacon proxies that I built
Link : https://github.com/akshansh-modi/Upgredable_leaseContract

Lease contract system on Ethereum using beacon proxy, OpenZeppelin, and Hardhat. Factory creates lease proxies, dynamically upgradeable. - akshansh-modi/Upgredable_leaseContract

took a lot of effort to know nothing about upgradable contracts when started
if anybody needs help can contact me
technologies used: solidity , openzeppelin , hardhat

Topic		Replies	Views
Deploying Upgradeable Proxies and Proxy Admin from Factory contract Upgrades	41	10139	May 17, 2022
How to use BeaconProxy with UpgradeableBeacon Upgrades	3	3120	July 19, 2021
Upgradable ProxyFactory (No CLI) Upgrades	1	999	March 26, 2021
Upgradable Contracts Deployed By A Factory Contract Using BeaconProxy Review Wanted proxies	0	772	October 13, 2021
Using Beacon proxy pattern with API Contracts upgrades , upgrades-plugins	6	3254	May 31, 2022

How to deploy new instances using beacon proxy from a factory when using @openzeppelin/hardhat-upgrades

Related topics