How to upgrade a contract deployed with version 4.9.0 using 5.0.0 contracts?

Majd_TL51 · November 14, 2023, 3:35pm

I have an upgradable contract that uses OpenZeppelin version 4.9.0. This contract is deployed on Ethereum. OpenZeppelin version 5.0.0 has been released. My questions: Next time I upgrade the smart contract

Could I use new v5 contracts ?
Could I replace the v4 contracts with v5 contracts ?
Will the OpenZeppelin upgrade plugin identify errors/conflicts if they exists?

The following code to reproduce is only an example (would probably not cause a problem because it is simple). But my question is more general about upgrades between different breaking changes versions of OpenZeppelin and the recommendation of the developers ?

Thank you

Code to reproduce

The code of the deployed upgradable contract

// SPDX-License-Identifier: MIT
pragma solidity 0.8.19;

import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.0/contracts/token/ERC20/IERC20.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.0/contracts/token/ERC20/utils/SafeERC20.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v4.9.0/contracts/proxy/utils/Initializable.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v4.9.0/contracts/proxy/utils/UUPSUpgradeable.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v4.9.0/contracts/access/AccessControlUpgradeable.sol";

contract ExampleV1 is Initializable, UUPSUpgradeable, AccessControlUpgradeable {
  using SafeERC20 for IERC20;

  uint256 counter;

  constructor() {
      _disableInitializers();
  }

  function initialize(
    address admin
  ) public initializer {
    __UUPSUpgradeable_init();
    __AccessControl_init();
    _grantRole(DEFAULT_ADMIN_ROLE, admin);
  }

  function _authorizeUpgrade(
    address newContractAddress
  ) internal view override onlyRole(DEFAULT_ADMIN_ROLE) { }

  function doSomething() external {
    counter++;
  } 

  function getVersion() public pure returns (string memory) {
    return "Example Version 1";
  }
}

The new implementation contract that I would deploy and then set the proxy to:

// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;

import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v5.0.0/contracts/token/ERC20/IERC20.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v5.0.0/contracts/token/ERC20/utils/SafeERC20.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v5.0.0/contracts/proxy/utils/Initializable.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v5.0.0/contracts/proxy/utils/UUPSUpgradeable.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v5.0.0/contracts/access/AccessControlUpgradeable.sol";

contract ExampleV2 is UUPSUpgradeable, AccessControlUpgradeable {
  using SafeERC20 for IERC20;

  uint256 public counter;

  function _authorizeUpgrade(
    address newContractAddress
  ) internal view override onlyRole(DEFAULT_ADMIN_ROLE) { }

  function doSomething() external {
    counter = counter + 2;
  } 

  function getVersion() public pure returns (string memory) {
    return "Example Version 2";
  }
}

Environment

Hardhat / Remix

ericglau · November 14, 2023, 3:51pm

Could I use new v5 contracts ?

It is not safe to upgrade an existing deployment from 4.x to 5.x. See Contract upgrade failed because variables are deleted in openzepplin 5.0 - #2 by ericglau

Could I replace the v4 contracts with v5 contracts ?

If you do replace them (note there are some differences in usage), the new contract can only be used for new proxy deployments. As above, you cannot upgrade an existing deployment to a different major version of OpenZeppelin Contracts.

Will the OpenZeppelin upgrade plugin identify errors/conflicts if they exists?

Conflicts will definitely exist across major version changes. The upgrades plugin will identify them, but you should not even attempt this kind of upgrade because it is known to be unsafe.

Majd_TL51 · December 22, 2023, 2:21pm

@ericglau I wrote a small article about it https://medium.com/51nodes/why-upgrading-openzeppelin-smart-contracts-from-version-4-to-version-5-is-unsafe-e08be30efd8a

thanks for your help

Topic		Replies	Views
Which version of OpenZeppelin Contracts should be used for upgradeable contracts? Upgrades	7	2365	November 19, 2020
Is it safe to upgrade from contracts-ethereum-package to contracts-upgradeable on existing contract Upgrades	11	1373	March 20, 2021
OpenZeppelin Contracts Ethereum Package v3.0 Announcements	0	3039	May 14, 2020
Can we use OpenZeppelin Contracts 3.0 with upgradeable contracts? SDK	10	2022	May 18, 2020
First release of OpenZeppelin Contracts Upgradeable Announcements	1	4513	November 17, 2020

How to upgrade a contract deployed with version 4.9.0 using 5.0.0 contracts?

Code to reproduce

Environment

Related Topics