UUPSUpgradeable and AccessManaged

Support Contracts
1

I am developing a contract that extends both UUPSUpgradeable and AccessManaged. I would like to restrict access to the upgrade function by overriding _authorizeUpgrade like so:

    function _authorizeUpgrade(address) internal override restricted {}

However, the documentation explicitly recommends against the use of restricted on internal functions:

The restricted modifier should never be used on internal functions, judiciously used in public functions, and ideally only used in external functions.

Are any recommendations or best practices for restricting access to _authorizeUpgrade in an AccessManaged contract? As far as I can tell, using restricted here DOES have the desired effect, but I would like to make sure that this is okay to do given the warnings in the documentation above.

1 Like
2

Hi @rjn3t,

You're right on this. We advice against using the modifier within internal functions because there might be more than 1 entry point to the internal function and only the selector of the entrypoint is evaluated.

Generally speaking, we advice against restricting internal functions because they don't have a selector. However, in the case of an UUPS Upgradeable contract, it only has 1 entry point and the AccessManager will set permissions for upgradeToAndCall, which is the original intention.

3

Thank you for your reply.
This makes sense, and I now understand better the reasoning behind recommending against the usage of restricted on internal functions.