I'd like to ask what is your recommendation for preventing malicious actors from interacting with logic (implementation) contracts in the proxied pattern.
We recommend that clients adopt the following approach:
- Make sure that once the logic contract is constructed, its initialization function cannot be called.
- Ensure that no function on the logic contract can be called until its initialization function is called.
(1) can be achieved by adding the
initializer modifier to the constructor.
(2) is more difficult. We currently recommend adding
initialized = true to an initialize function, and protecting every non-view public entrypoint (
external function) with
require (initialized). Note that this is a work-around since
My question is: do you recommend a different way for dealing with this scenario, and if not, would you consider making
internal in future package versions, to be able to protect logic functions? Thank you.