UUPS Upgradable - vague documentation in FAQ

novaknole · September 11, 2022, 12:52pm

The documentation states:

This contract adds the required upgradeTo function, but also contains a built-in mechanism that will check on-chain, at the time of an upgrade, that the new implementation proposed preserves upgradeTo .

You can find this here:

Question 1: Though, It's so vague how it checks ON-CHAIN that new implementation contains upgradeTo ? all I can see is it calls proxiableUUID and that's it...

What am I missing ? Thank you.

Question 2: Documentation also mentions:

This prevents upgrades to an implementation contract that wouldn’t contain the necessary upgrade mechanism, as it would lock the upgradeability of the proxy forever. This security mechanism can be bypassed by either of:

Adding a flag mechanism in the implementation that will disable the upgrade function when triggered.

What do you mean by flag ? you mean overriding upgradeTo and adding revert statement in it ?

frangio · September 16, 2022, 1:52am

Your first quote refers to a mechanism that we later removed in favor of a simpler mechanism. The new one does not check for the existence of upgradeTo but it does check that the contract reports to be UUPS-compatible.

I will update the docs to reflect that.

By "flag" we mean something like this pseudocode

bool upgradesDisabled = false;

function upgradeTo(...) override {
    if (upgradesDisabled) {
        revert();
    } else {
        super.upgradeTo(...);
    }
}

Topic		Replies	Views
UUPSUpgradeable Vulnerability Post-mortem Announcements	13	14277	March 16, 2024
UUPS Upgradeable Upgrades	2	887	February 22, 2023
Problem in the docs of upgrade proxy Upgrades proxies	1	521	November 3, 2021
Upgradable contracts- UUPS- cannot upgrade enum Upgrades proxies , solidity	4	936	May 10, 2023
Logical organization of upgradeable contracts Upgrades upgrades	1	635	October 6, 2023

UUPS Upgradable - vague documentation in FAQ

Related Topics