-
Notifications
You must be signed in to change notification settings - Fork 983
Upgradeability Checks
slither-check-upgradability is meant to help to review contracts using the delegatecall proxy pattern.
The tool checks that:
- There is no function id collision
- The order of variables is the same
- The initialization is correct
slither-check-upgradability proxy.sol ProxyName implem.sol ContractName
proxy.sol/implem.sol can be a Truffle directory. If your proxy and your implementation are in different directories and the solc compilation is complex, you can first compile the contract to its ast compact json output (solc file.sol --ast-compact-json > file.json), and use the generated json file (instead of file.sol).
If a second version of the contract is to be checked, use:
slither-check-upgradability proxy.sol ProxyName implem.sol ContractName implem_v2.sol ContractNameV2
Contracts based on delegatecallproxy cannot be initialized through constructors. As a result, init functions must be used. These functions do not benefitfrom:
- The Solidity C3 linearization. As a result, an init function can be called multiple times, or never.
- The init functions must be calleable only once.
- Race conditions can occur during deployement.
If the contract uses the zos library (and the Initializable contract), the util checks that:
- All the
initalizefunctions call theinitializermodifier - All the inherits
initalizefunctions are called -
initalizefunctions are never called twice
If the contract uses another schema, no check is performed. In that case, the tool warns:
Initializable contract not found, the contract does not follow a standard initalization schema.