Using OpenZeppelin Upgrades plugins with an external library?

:computer: Environment

Not relevant for this questions


Hey, I was checking out the openzeppelin-upgrades package. It looks awesome, but I had a couple questions.

The README says, At the moment the plugins do not support upgradeable contracts linked to external libraries. This is because it's not known at compile time what implementation is going to be linked thus making very difficult to guarantee the safety of the upgrade operation.. My question is, does this mean the plugin won’t allow you to deploy a contract that uses an external library, or just that it’s unsafe?

I’m currently using a library for some math operations, and the library is rather long. If I include it directly in my contract, then the contract becomes too big. If I make it a library and link it to my contract, then it sounds like OZ won’t support this, and thus I can’t use OZ to write this as an upgradeable contract? Considering I control this library, it seems like I should be able to “force” OZ to use it as a linked library.

It seems like this restriction should be similar to the “custom structs” restriction which is that you have to pass a flag that says “unsafeUseLibrary” or something. But the docs don’t make that clear.

2.) Does this library support “regular” deployments? I’d love to use OZ for the project.json files it spits out, but I want it full programmatic control. It seems like my current options are to use the CLI (which gives project.json files, but is a bit hackier to use in a script, though not impossible), OR to use the contractLoader, which can deploy, but doesn’t save a project.json file OR use the upgrades library which is programmatic and creates a project.json, but doesn’t support regular deploys. Am I seeing all those options correctly, or am I missing something?


:1234: Code to reproduce

1 Like

Hi @blakewest,

There isn’t currenlty a way to link to an external library when using OpenZeppelin Upgrades plugins as far as I know. There is an open issue to support this:

No they don’t. The OpenZeppelin Upgrades plugins are for deploying and upgrading upgradeable contracts. You can use Truffle or Buidler to deploy regular contracts.

The current version doesn’t allow it, and there is no unsafeUseLibrary option, but I think it’s a good idea to have that until we implement full support. I’ve opened to track this.

To be clear, the Upgrades plugins do not create a project.json file, that file is a concept of the OpenZeppelin CLI. They do create network files like .openzeppelin/mainnet.json, which will store the implementation contracts in a network but not the proxies; this is again different from the OZ CLI.

The idea of the plugins is that you use them only to deploy proxies. That gives you back a contract with an address that you can store wherever you want. If you want to deploy a regular contract you can use either Buidler’s or Truffle’s regular APIs for contract deployment.

1 Like