I understand that once I deploy a contract with the deployProxy pattern there are three contracts that get created:
The implementation contract, a ProxyAdmin to be the admin for our projects proxies and the proxy. However, when I check the actual deployments I can only see the proxy (ERC1967 Proxy) and the implementation (MyContractLogic.sol). I am not able to see the actual Proxy Admin which I guess is the point of my question.
Is this ProxyAdmin contract an abstracted and under the hood layer that the proxy simply knows based on the data from the deployment? How do I know who is the ProxyAdmin or who owns a certain Proxy?
The reason I ask this is because the contract I am trying to upgrade has roles and I am trying to use gnosis safe to manage the upgrade. I granted the gnosis safe account the DEFAULT_ADMIN_ROLE in order to be able to make it the UPGRADER_ROLE eventually. Is this the right approach? How is it related to the ProxyAdmin. Sorry for the long list of questions, hope you guys can give me some guidance.
Only Transparent proxies use a ProxyAdmin, UUPS proxies do not use it.
How do I know who is the ProxyAdmin or who owns a certain Proxy?
This depends on the type of proxy. For Transparent proxies, use erc1967.getAdminAddress. For UUPS, this depends on the owner/roles and how your implementation handles the _authorizeUpgrade function.
I granted the gnosis safe account the DEFAULT_ADMIN_ROLE in order to be able to make it the UPGRADER_ROLE eventually. Is this the right approach?
If your _authorizeUpgrade function restricts access to UPGRADER_ROLE, then that is the role that you should assign to your Gnosis Safe (and revoke that role from other addresses if appropriate) - see AccessControl docs.