1:38 - "this is done for a security reason which I will not discuss in this video" - I still don't get what security reason is here and which of your links should I check to know moree, could you please tell? Tbh I don't even understand WHAT is done for "a security reason". A smart contract acting as an Admin instead of an ordinary account? Or something else?
Functions selectors can be crafted to call upgrade instead of another function. forum.openzeppelin.com/t/beware-of-the-proxy-learn-how-to-exploit-function-clashing/1070 This is prevented by forwading function call either to the implementation or execute some code inside the proxy depending on msg.sender. If msg.sender is the admin, then it will execute the code inside the proxy contract. Otherwise it will execute the code inside the implementation via delegatecall. Having admin be an EOA is not ideal, since the EOA may need to call functions inside the implementation. Hence the admin is set to a AdminProxy contract.
One thing that is very confusing..... I thought that users are supposed to interact with the proxy contract? So shouldn't the proxy have all the functions the Box and Boxv2 contracts have? Users should be calling functions on the proxy contract which are getting routed to the implementation contract (box) via delegate call right? That date is then returned to the Proxy and the storage in proxy is used. It doesn't appear we set this up in a way that allows users to interact with the Proxy as it does not have the function to return the value.
Brother, thanks for your sharing. Maybe you could share with us a little bit on reasons behind why we need to upgrade existing smart contract? Reason I am asking. 1) Purpose of smart contract is do not change the logic once the code was uploaded to the blockchain. 2) Even if we really need to upgrade. We can directly upload a new smart contract and point the front end to the latest contract.(Like uniswap and pancakeswap). Right? I got no clue why we need to upgrade existing smart contract.
The reason we need upgradeable contracts are: - Deploying new contracts would not allow us to have history of old states ( eg, the token amount for addresses will be lost if we deploy a fresh new updated instance ) - In case of exploit discovery by white hats, we need patches/fixes too.
@@0ManishSharma0 But if we could easily modify a smart contract, the main purpose of a smart contract(unchangeble) is gone right? I think that is the reason why protocol like uniswap and pancakeswap come with v1 and v2 rather than v1.1xx.
Excellent! OpenZeppelin docs recommend shifting towards UUPS proxies. The same docs say that to use both UUPS and Transparent we call deployProxy and upgradeProxy functions. However, I haven't found how to distinguish when I want to follow UUPS pattern. Would you mind to make a video showing us how to follow the UUPS Proxy pattern?
In the upgrade script, you specify the address of the PROXY but what is actually executed first is function upgrade() of the PROXY ADMIN, right? If so, how does the script know the address of PROXY ADMIN?
Could proxy contracts be used to offload transaction gas costs from the implementation contract? For chains that have gas limits for transactions could proxies be used to take the costly gas function calls and encapsulate them in another contract that the proxy calls?
Thank you! If we want to initialize a new variable (as in create a new variable and assign it a default value) in our second version, how would we do that without the initialize function?
I don't think you can add a variable as it uses the storage of the proxy contract, not the implementation contract. And since the proxy is also immutable, we cannot make any changes to it
Hello, i got a question regarding the Ownabable Delegate Proxy contract… I cannot find my answer anywhere and opensea refers me to their discord (where i get no answer) So I accidentally sent eth funds to the “OwnableDelegateProxy”-contract of which i’m the owner. I just wonder if it is possible to get these funds back? And if so how it is done, or if anybody knows resources i should check out to solve it? Thank you in advance
Amazing video but im having trouble upgrading to V2. Once I set the PROXY constant of the verified proxy contract and run the upgrade script I am getting "Contract 0x... doesn't look like an administered ERC 1967 proxy" evethough everything looks fine on polygonscan... Help plz!
Hey bro! Amazing video. One question: I'm using a local network (not with ganache) and I don't have a block explorer. Is there any other way to get the proxy and proxy admin addresses?
@@smartcontractprogrammer yes but the only thing that differentiates the first and second deployment is the proxy address that we provide. Where is anything specific to proxy admin is being written? while deployment. Or am I missing something related to the env keys?
Please I’m stuck , what do I use as my PRI_API? What does that even mean??? Also in case of next time you are shooting a video that assume that we all know what’s going on, try to explain every line of code it’s necessary I’m still your biggest fan ✌️, watching through all your playlists
0:00 - Overview
1:44 - Project setup
4:28 - Deploy Box V1 script
7:10 - Execute deploy script
8:29 - Verify Box V1 on Etherscan
9:48 - Setup proxy / implementation on Etherscan
10:47 - Upgrade Box V2 script
11:49 - Execute upgrade script
13:21 - Upgrade demo - call inc()
Excellent - Learning smart contracts in depth now. Thanks for these awesome contents.
You have been my guardian angel in my process of learning solidity. Huge thanks to you for sharing the quality content for free
u are the reason why I get internships........Happy Teachers Day.........love from India
learnt that you can verify from CLI and how to enable reading as proxy on etherscan. Very useful!
Thanks for the video, the diagram made the whole pattern really easy to understand
Very helpful and super clear example 🤩 thank you so much!!
1:38 - "this is done for a security reason which I will not discuss in this video" - I still don't get what security reason is here and which of your links should I check to know moree, could you please tell? Tbh I don't even understand WHAT is done for "a security reason". A smart contract acting as an Admin instead of an ordinary account? Or something else?
Functions selectors can be crafted to call upgrade instead of another function.
forum.openzeppelin.com/t/beware-of-the-proxy-learn-how-to-exploit-function-clashing/1070
This is prevented by forwading function call either to the implementation or execute some code inside the proxy depending on msg.sender.
If msg.sender is the admin, then it will execute the code inside the proxy contract.
Otherwise it will execute the code inside the implementation via delegatecall.
Having admin be an EOA is not ideal, since the EOA may need to call functions inside the implementation. Hence the admin is set to a AdminProxy contract.
@@smartcontractprogrammer thank you!
12:23 on running this command I'm getting this error
TypeError: Cannot read properties of undefined (reading 'encodeDeploy')
at getDeployData (....node_modules\@openzeppelin\hardhat-upgrades\src\utils\deploy-impl.ts:49:45)
PLEASE HELP!
Here's my script:
const { ethers, upgrades } = require("hardhat");
const PROXY = "0xc25e45081aEB6075cc041b5346C351c820fD3306";
async function main() {
const BoxV2 = ethers.getContractFactory("BoxV2");
await upgrades.upgradeProxy(PROXY, BoxV2);
console.log("Box upgraded!");
}
main().catch((error) => {
console.error(error);
process.exitCode = 1;
});
One thing that is very confusing..... I thought that users are supposed to interact with the proxy contract? So shouldn't the proxy have all the functions the Box and Boxv2 contracts have? Users should be calling functions on the proxy contract which are getting routed to the implementation contract (box) via delegate call right? That date is then returned to the Proxy and the storage in proxy is used. It doesn't appear we set this up in a way that allows users to interact with the Proxy as it does not have the function to return the value.
Great video. Thx for creating it! Would love to see one also with OpenZeplin UUPS
Thank you very much for creating these contents.
Thank you very much for doing this, it has been very helpful!
Waiting for the next video 🥺
Brother, thanks for your sharing. Maybe you could share with us a little bit on reasons behind why we need to upgrade existing smart contract?
Reason I am asking.
1) Purpose of smart contract is do not change the logic once the code was uploaded to the blockchain.
2) Even if we really need to upgrade. We can directly upload a new smart contract and point the front end to the latest contract.(Like uniswap and pancakeswap). Right?
I got no clue why we need to upgrade existing smart contract.
i have the same doubt 🥶
The reason we need upgradeable contracts are:
- Deploying new contracts would not allow us to have history of old states ( eg, the token amount for addresses will be lost if we deploy a fresh new updated instance )
- In case of exploit discovery by white hats, we need patches/fixes too.
@@0ManishSharma0
But if we could easily modify a smart contract, the main purpose of a smart contract(unchangeble) is gone right?
I think that is the reason why protocol like uniswap and pancakeswap come with v1 and v2 rather than v1.1xx.
I am just showing you how to do it. Whether you need it or not is another question
Great video. Thanks for your sharing!!!!!
Excellent!
OpenZeppelin docs recommend shifting towards UUPS proxies. The same docs say that to use both UUPS and Transparent we call deployProxy and upgradeProxy functions. However, I haven't found how to distinguish when I want to follow UUPS pattern.
Would you mind to make a video showing us how to follow the UUPS Proxy pattern?
I haven't used UUPS yet
In the upgrade script, you specify the address of the PROXY but what is actually executed first is function upgrade() of the PROXY ADMIN, right? If so, how does the script know the address of PROXY ADMIN?
Everything would be the same if you substitute Hardhat for Truffle?
Not sure if Truffle has OZ upgradeable plugin
I have only one contract creation that's the proxy contract , why can't I see the other two contracts.
use etherscan - you will see 3 consecutive transactions
@@smartcontractprogrammer I mean I checked the etherscan and found only one. And I was trying to redeploy , is that the reason?
Ohh if i change the contract version i lost my data in contract storage? can you explain please?
Great content!! Keep it up.
Can you explain to me how you can let me make profits more than gas Fees for flash loans or flash minting
Could proxy contracts be used to offload transaction gas costs from the implementation contract? For chains that have gas limits for transactions could proxies be used to take the costly gas function calls and encapsulate them in another contract that the proxy calls?
A proxy increases gas cost
Thank you! If we want to initialize a new variable (as in create a new variable and assign it a default value) in our second version, how would we do that without the initialize function?
I don't think you can add a variable as it uses the storage of the proxy contract, not the implementation contract. And since the proxy is also immutable, we cannot make any changes to it
Can't we write upgradeable contracts using Remix IDE?
Yes, but for production use Open Zeppelin
What happened when you have funds in the v1 ?
funds will still be in v2
Does BoxV2 inherit all functionality from BoxV1 or do you need to recreate those functions in the BoxV2 contract completely?
Why would it inherit code from BoxV1?
Amazing video. If we want to change the storage variable, we have to redeploy the contract, am I right? Thanks!
Never change old storage layout. However it's safe to append new state variables
Hello, i got a question regarding the Ownabable Delegate Proxy contract…
I cannot find my answer anywhere and opensea refers me to their discord (where i get no answer)
So I accidentally sent eth funds to the “OwnableDelegateProxy”-contract of which i’m the owner.
I just wonder if it is possible to get these funds back? And if so how it is done, or if anybody knows resources i should check out to solve it?
Thank you in advance
You can if the contract has a function to withdraw the ETH
Does this come under diamond proxy or UUPS?
neither
Amazing video but im having trouble upgrading to V2. Once I set the PROXY constant of the verified proxy contract and run the upgrade script I am getting "Contract 0x... doesn't look like an administered ERC 1967 proxy" evethough everything looks fine on polygonscan... Help plz!
I've deployed on ETH testnet. Maybe polygon is a little different
Hey bro! Amazing video. One question: I'm using a local network (not with ganache) and I don't have a block explorer. Is there any other way to get the proxy and proxy admin addresses?
Look for contract creations from your account. There should be 3 (ProxyAdmin, Proxy, Implementation)
Please make a similar tutorial for Proxy using Foundry
How do you do this in remix?
Aweome and well explained.
Your videos are amazing! Can you explain pullPayments?
github link doesn't work
where did we use the admin proxy in here?
upgrade can only be called by ProxyAdmin
@@smartcontractprogrammer yes but the only thing that differentiates the first and second deployment is the proxy address that we provide.
Where is anything specific to proxy admin is being written? while deployment. Or am I missing something related to the env keys?
You are just awesome!!!!!!!!
Please I’m stuck , what do I use as my PRI_API?
What does that even mean???
Also in case of next time you are shooting a video that assume that we all know what’s going on, try to explain every line of code it’s necessary
I’m still your biggest fan ✌️, watching through all your playlists
Please what do I use for the PRI API???
your wallet private key in Ropsten.. make sure u have some test ethers in it in order for it to work..
good job !
Could you do one using a UUPS proxy?
Sure once I get an opportunity to use it
Great video
env $(cat .env) what does this please in the npx command?
Linux command to load environment variables inside .env file
AWESOME
Please erc20 waiting
nice nicenice
Diamond Standard pls
Over engineered. Stay away :D
@@smartcontractprogrammer might be the only way for contracts that exceed the 24KB size limit tho
Hi mate are you for hire? i can email you?
No I am not looking for a job
Walker Timothy Thompson Brian Lewis Ruth