Well, I can think of a few options:
- If you know the deployment address in advance, you could go as far as hardcoding it in the contract, adding a
require(msg.sender == DEPLOYER) in the contract code.
- If you are not using the OZ CLI (or any CLI for that matter) for the deployment, you could write a small factory contract with a
deployEverything method that creates all three proxies and then initializes them. Since this would all happen in the same tx, there is no risk of someone calling the initializer before you.
- If you are feeling particularly hacky, you could take advantage of the fact that deployment addresses can be known in advance (they are a hash of the deployer account and an increasing nonce), precompute them, and initialize the proxies using addresses that still have not been deployed.
- Just ignore the problem. If someone does manage to call initialize before you do, then the
initialize transaction would just fail, in which case you just discard the current set of proxies and deploy a new set.
Unless you expect some particularly nasty people being after you, I’d go with the last one.