├── .gitattributes ├── .gitignore ├── .gitmodules ├── Makefile ├── .github └── PULL_REQUEST_TEMPLATE.md ├── contracts ├── interfaces │ ├── IDefaultImplementationBeacon.sol │ └── IProxied.sol ├── SlotManipulatable.sol ├── ProxiedInternals.sol ├── Proxy.sol ├── test │ ├── SlotManipulatable.t.sol │ ├── mocks │ │ └── Mocks.sol │ └── ProxyFactory.t.sol └── ProxyFactory.sol ├── config ├── prod.json ├── ci.json └── dev.json ├── .circleci └── config.yml ├── test.sh ├── README.md └── LICENSE /.gitattributes: -------------------------------------------------------------------------------- 1 | *.sol linguist-language=Solidity 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /out 2 | hevm* 3 | .vscode/* 4 | artifacts/* 5 | docs/* 6 | metadata.json 7 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "modules/contract-test-utils"] 2 | path = modules/contract-test-utils 3 | url = https://github.com/maple-labs/contract-test-utils 4 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | prod :; ./build.sh -c ./config/prod.json 2 | dev :; ./build.sh -c ./config/dev.json 3 | ci :; ./build.sh -c ./config/ci.json 4 | clean :; dapp clean 5 | test :; ./test.sh 6 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | # Integrations Checklist 4 | 5 | - [ ] Have any function signatures changed? If yes, outline below. 6 | - [ ] Have any features changed or been added? If yes, outline below. 7 | - [ ] Have any events changed or been added? If yes, outline below. 8 | - [ ] Has all documentation been updated? 9 | 10 | # Changelog 11 | ## Function Signature Changes 12 | 13 | ## Features 14 | 15 | ## Events 16 | 17 | -------------------------------------------------------------------------------- /contracts/interfaces/IDefaultImplementationBeacon.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | /// @title An beacon that provides a default implementation for proxies, must implement IDefaultImplementationBeacon. 5 | interface IDefaultImplementationBeacon { 6 | 7 | /// @dev The address of an implementation for proxies. 8 | function defaultImplementation() external view returns (address defaultImplementation_); 9 | 10 | } 11 | -------------------------------------------------------------------------------- /contracts/SlotManipulatable.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | abstract contract SlotManipulatable { 5 | 6 | function _getReferenceTypeSlot(bytes32 slot_, bytes32 key_) internal pure returns (bytes32 value_) { 7 | return keccak256(abi.encodePacked(key_, slot_)); 8 | } 9 | 10 | function _getSlotValue(bytes32 slot_) internal view returns (bytes32 value_) { 11 | assembly { 12 | value_ := sload(slot_) 13 | } 14 | } 15 | 16 | function _setSlotValue(bytes32 slot_, bytes32 value_) internal { 17 | assembly { 18 | sstore(slot_, value_) 19 | } 20 | } 21 | 22 | } 23 | -------------------------------------------------------------------------------- /config/prod.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "Solidity", 3 | "sources": { 4 | "contracts/ProxyFactory.sol": { 5 | "urls": ["contracts/ProxyFactory.sol"] 6 | } 7 | }, 8 | "settings": { 9 | "optimizer": { 10 | "enabled": true, 11 | "runs": 200 12 | }, 13 | "outputSelection": { 14 | "*": { 15 | "*": [ 16 | "abi", 17 | "devdoc", 18 | "userdoc", 19 | "metadata", 20 | "evm.bytecode", 21 | "evm.deployedBytecode", 22 | "evm.gasEstimates" 23 | ], 24 | "": ["ast"] 25 | } 26 | }, 27 | "metadata": { 28 | "bytecodeHash": "none" 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | 3 | jobs: 4 | dapp_test: 5 | docker: 6 | - image: bakii0499/dapptools:0.48.0-solc-0.8.7 7 | steps: 8 | - run: 9 | name: Checkout proxy-factory 10 | command: | 11 | GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git clone git@github.com:maple-labs/proxy-factory.git . 12 | git checkout $CIRCLE_BRANCH 13 | - run: 14 | name: Build and test contracts 15 | command: | 16 | GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git submodule update --init --recursive 17 | ./test.sh -c ./config/ci.json 18 | 19 | workflows: 20 | version: 2 21 | test_all: 22 | jobs: 23 | - dapp_test: 24 | context: seth 25 | -------------------------------------------------------------------------------- /config/ci.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "Solidity", 3 | "sources": { 4 | "contracts/ProxyFactory.sol": { 5 | "urls": ["contracts/ProxyFactory.sol"] 6 | }, 7 | "contracts/test/ProxyFactory.t.sol": { 8 | "urls": ["contracts/test/ProxyFactory.t.sol"] 9 | }, 10 | "contracts/test/SlotManipulatable.t.sol": { 11 | "urls": [ 12 | "contracts/test/SlotManipulatable.t.sol" 13 | ] 14 | } 15 | }, 16 | "settings": { 17 | "optimizer": { 18 | "enabled": true, 19 | "runs": 200 20 | }, 21 | "outputSelection": { 22 | "*": { 23 | "*": [ 24 | "abi", 25 | "evm.bytecode", 26 | "evm.deployedBytecode" 27 | ], 28 | "": ["ast"] 29 | } 30 | }, 31 | "metadata": { 32 | "bytecodeHash": "none" 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /config/dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "Solidity", 3 | "sources": { 4 | "contracts/ProxyFactory.sol": { 5 | "urls": ["contracts/ProxyFactory.sol"] 6 | }, 7 | "contracts/test/ProxyFactory.t.sol": { 8 | "urls": ["contracts/test/ProxyFactory.t.sol"] 9 | }, 10 | "contracts/test/SlotManipulatable.t.sol": { 11 | "urls": [ 12 | "contracts/test/SlotManipulatable.t.sol" 13 | ] 14 | } 15 | }, 16 | "settings": { 17 | "optimizer": { 18 | "enabled": true, 19 | "runs": 200 20 | }, 21 | "outputSelection": { 22 | "*": { 23 | "*": [ 24 | "abi", 25 | "metadata", 26 | "evm.bytecode", 27 | "evm.deployedBytecode", 28 | "evm.gasEstimates" 29 | ], 30 | "": ["ast"] 31 | } 32 | }, 33 | "metadata": { 34 | "bytecodeHash": "none" 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | while getopts t:r:b:v:c: flag 5 | do 6 | case "${flag}" in 7 | t) test=${OPTARG};; 8 | r) runs=${OPTARG};; 9 | b) build=${OPTARG};; 10 | c) config=${OPTARG};; 11 | esac 12 | done 13 | 14 | runs=$([ -z "$runs" ] && echo "1" || echo "$runs") 15 | build=$([ -z "$build" ] && echo "1" || echo "$build") 16 | config=$([ -z "$config" ] && echo "./config/dev.json" || echo "$config") 17 | skip_build=$([ "$build" == "0" ] && echo "1" || echo "0") 18 | 19 | export DAPP_SOLC_VERSION=0.8.7 20 | export DAPP_SRC="contracts" 21 | export DAPP_LINK_TEST_LIBRARIES=0 22 | export DAPP_STANDARD_JSON=$config 23 | export DAPP_TEST_ADDRESS="0xd00d00d00d00d00d00d00d00d00d00d00d00d00d" 24 | 25 | if [ "$skip_build" = "1" ]; then export DAPP_SKIP_BUILD=1; fi 26 | 27 | if [ -z "$test" ]; then match="[contracts/test/*.t.sol]"; dapp_test_verbosity=1; else match=$test; dapp_test_verbosity=2; fi 28 | 29 | echo LANG=C.UTF-8 dapp test --match "$match" --verbosity $dapp_test_verbosity --fuzz-runs $runs 30 | 31 | LANG=C.UTF-8 dapp test --match "$match" --verbosity $dapp_test_verbosity --fuzz-runs $runs 32 | -------------------------------------------------------------------------------- /contracts/interfaces/IProxied.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | /// @title An implementation that is to be proxied, must implement IProxied. 5 | interface IProxied { 6 | 7 | /** 8 | * @dev The address of the proxy factory. 9 | */ 10 | function factory() external view returns (address factory_); 11 | 12 | /** 13 | * @dev The address of the implementation contract being proxied. 14 | */ 15 | function implementation() external view returns (address implementation_); 16 | 17 | /** 18 | * @dev Modifies the proxy's implementation address. 19 | * @param newImplementation_ The address of an implementation contract. 20 | */ 21 | function setImplementation(address newImplementation_) external; 22 | 23 | /** 24 | * @dev Modifies the proxy's storage by delegate-calling a migrator contract with some arguments. 25 | * Access control logic critical since caller can force a selfdestruct via a malicious `migrator_` which is delegatecalled. 26 | * @param migrator_ The address of a migrator contract. 27 | * @param arguments_ Some encoded arguments to use for the migration. 28 | */ 29 | function migrate(address migrator_, bytes calldata arguments_) external; 30 | 31 | } 32 | -------------------------------------------------------------------------------- /contracts/ProxiedInternals.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | import { SlotManipulatable } from "./SlotManipulatable.sol"; 5 | 6 | /// @title An implementation that is to be proxied, will need ProxiedInternals. 7 | abstract contract ProxiedInternals is SlotManipulatable { 8 | 9 | /// @dev Storage slot with the address of the current factory. `keccak256('eip1967.proxy.factory') - 1`. 10 | bytes32 private constant FACTORY_SLOT = bytes32(0x7a45a402e4cb6e08ebc196f20f66d5d30e67285a2a8aa80503fa409e727a4af1); 11 | 12 | /// @dev Storage slot with the address of the current factory. `keccak256('eip1967.proxy.implementation') - 1`. 13 | bytes32 private constant IMPLEMENTATION_SLOT = bytes32(0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc); 14 | 15 | /// @dev Delegatecalls to a migrator contract to manipulate storage during an initialization or migration. 16 | function _migrate(address migrator_, bytes calldata arguments_) internal virtual returns (bool success_) { 17 | uint256 size; 18 | 19 | assembly { 20 | size := extcodesize(migrator_) 21 | } 22 | 23 | if (size == uint256(0)) return false; 24 | 25 | ( success_, ) = migrator_.delegatecall(arguments_); 26 | } 27 | 28 | /// @dev Sets the factory address in storage. 29 | function _setFactory(address factory_) internal virtual returns (bool success_) { 30 | _setSlotValue(FACTORY_SLOT, bytes32(uint256(uint160(factory_)))); 31 | return true; 32 | } 33 | 34 | /// @dev Sets the implementation address in storage. 35 | function _setImplementation(address implementation_) internal virtual returns (bool success_) { 36 | _setSlotValue(IMPLEMENTATION_SLOT, bytes32(uint256(uint160(implementation_)))); 37 | return true; 38 | } 39 | 40 | /// @dev Returns the factory address. 41 | function _factory() internal view virtual returns (address factory_) { 42 | return address(uint160(uint256(_getSlotValue(FACTORY_SLOT)))); 43 | } 44 | 45 | /// @dev Returns the implementation address. 46 | function _implementation() internal view virtual returns (address implementation_) { 47 | return address(uint160(uint256(_getSlotValue(IMPLEMENTATION_SLOT)))); 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /contracts/Proxy.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | import { IDefaultImplementationBeacon } from "./interfaces/IDefaultImplementationBeacon.sol"; 5 | 6 | import { SlotManipulatable } from "./SlotManipulatable.sol"; 7 | 8 | /// @title A completely transparent, and thus interface-less, proxy contract. 9 | contract Proxy is SlotManipulatable { 10 | 11 | /// @dev Storage slot with the address of the current factory. `keccak256('eip1967.proxy.factory') - 1`. 12 | bytes32 private constant FACTORY_SLOT = bytes32(0x7a45a402e4cb6e08ebc196f20f66d5d30e67285a2a8aa80503fa409e727a4af1); 13 | 14 | /// @dev Storage slot with the address of the current factory. `keccak256('eip1967.proxy.implementation') - 1`. 15 | bytes32 private constant IMPLEMENTATION_SLOT = bytes32(0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc); 16 | 17 | /** 18 | * @dev The constructor requires at least one of `factory_` or `implementation_`. 19 | * If an implementation is not provided, the factory is treated as an IDefaultImplementationBeacon 20 | * to fetch the default implementation. 21 | * @param factory_ The address of a proxy factory, if any. 22 | * @param implementation_ The address of the implementation contract being proxied, if any. 23 | */ 24 | constructor(address factory_, address implementation_) { 25 | _setSlotValue(FACTORY_SLOT, bytes32(uint256(uint160(factory_)))); 26 | 27 | // If the implementation is empty, fetch it from the factory, which can act as a beacon. 28 | address implementation = implementation_ == address(0) 29 | ? IDefaultImplementationBeacon(factory_).defaultImplementation() 30 | : implementation_; 31 | 32 | require(implementation != address(0)); 33 | 34 | _setSlotValue(IMPLEMENTATION_SLOT, bytes32(uint256(uint160(implementation)))); 35 | } 36 | 37 | fallback() payable external virtual { 38 | bytes32 implementation = _getSlotValue(IMPLEMENTATION_SLOT); 39 | 40 | require(address(uint160(uint256(implementation))).code.length != uint256(0)); 41 | 42 | assembly { 43 | calldatacopy(0, 0, calldatasize()) 44 | 45 | let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0) 46 | 47 | returndatacopy(0, 0, returndatasize()) 48 | 49 | switch result 50 | case 0 { 51 | revert(0, returndatasize()) 52 | } 53 | default { 54 | return(0, returndatasize()) 55 | } 56 | } 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /contracts/test/SlotManipulatable.t.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | import { TestUtils } from "../../modules/contract-test-utils/contracts/test.sol"; 5 | 6 | import { SlotManipulatable } from "../SlotManipulatable.sol"; 7 | 8 | contract StorageContract is SlotManipulatable { 9 | 10 | bytes32 private constant REFERENCE_SLOT = bytes32(0x1111111111111111111111111111111111111111111111111111111111111111); 11 | 12 | function setSlotValue(bytes32 slot_, bytes32 value_) external { 13 | _setSlotValue(slot_, value_); 14 | } 15 | 16 | function setReferenceValue(bytes32 key_, bytes32 value_) external { 17 | _setSlotValue(_getReferenceTypeSlot(REFERENCE_SLOT, bytes32(key_)), value_); 18 | } 19 | 20 | function getSlotValue(bytes32 slot_) external view returns (bytes32 value_) { 21 | value_ = _getSlotValue(slot_); 22 | } 23 | 24 | function getReferenceValue(bytes32 key_) external view returns (bytes32 value_) { 25 | value_ = _getSlotValue(_getReferenceTypeSlot(REFERENCE_SLOT, key_)); 26 | } 27 | 28 | function getReferenceSlot(bytes32 slot_, bytes32 key) external pure returns (bytes32 referenceSlot_) { 29 | return _getReferenceTypeSlot(REFERENCE_SLOT, _getReferenceTypeSlot(slot_, key)); 30 | } 31 | 32 | } 33 | 34 | contract SlotManipulatableTests is TestUtils { 35 | 36 | StorageContract storageContract; 37 | 38 | function setUp() external { 39 | storageContract = new StorageContract(); 40 | } 41 | 42 | function test_setAndRetrieve_uint256(uint256 value_) external { 43 | storageContract.setSlotValue(bytes32(0), bytes32(value_)); 44 | 45 | assertEq(uint256(storageContract.getSlotValue(bytes32(0))), value_); 46 | } 47 | 48 | function test_setAndRetrieve_address(address value_) external { 49 | storageContract.setSlotValue(bytes32(0), bytes32(uint256(uint160(value_)))); 50 | 51 | assertEq(address(uint160(uint256(storageContract.getSlotValue(bytes32(0))))), value_); 52 | } 53 | 54 | function test_setAndRetrieve_bytes32(bytes32 value_) external { 55 | storageContract.setSlotValue(bytes32(0), value_); 56 | 57 | assertEq(storageContract.getSlotValue(bytes32(0)), value_); 58 | } 59 | 60 | function test_setAndRetrieve_uint8(uint8 value_) external { 61 | storageContract.setSlotValue(bytes32(0), bytes32(uint256(value_))); 62 | 63 | assertEq(uint8(uint256(storageContract.getSlotValue(bytes32(0)))), value_); 64 | } 65 | 66 | function test_setAndRetrieve_bytes4(bytes4 value_) external { 67 | storageContract.setSlotValue(bytes32(0), bytes32(value_)); 68 | 69 | assertEq(bytes4(storageContract.getSlotValue(bytes32(0))), value_); 70 | } 71 | 72 | function test_referenceType(bytes32 key_, bytes32 value_) external { 73 | storageContract.setReferenceValue(key_, value_); 74 | 75 | assertEq(storageContract.getReferenceValue(key_), value_); 76 | } 77 | 78 | function test_doubleReferenceType(bytes32 key_, bytes32 index_, bytes32 value_) external { 79 | bytes32 slot = storageContract.getReferenceSlot(key_, index_); 80 | 81 | storageContract.setReferenceValue(slot, value_); 82 | 83 | assertEq(storageContract.getReferenceValue(slot), value_); 84 | } 85 | 86 | } 87 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Proxy Factory 2 | 3 | [![CircleCI](https://circleci.com/gh/maple-labs/proxy-factory/tree/main.svg?style=svg)](https://circleci.com/gh/maple-labs/proxy-factory/tree/main) [![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0) 4 | 5 | **DISCLAIMER: Please do not use in production without taking the appropriate steps to ensure maximum security.** 6 | 7 | ## Overview 8 | 9 | Set of base contracts to deploy and manage proxied contracts and implementation versions on chain, designed to be minimally opinionated, extensible and gas-efficient. These contracts were built to provide the necessary features to be reused across multiple projects, both within Maple and externally. 10 | 11 | See [`maple-labs/maple-proxy-factory`](https://github.com/maple-labs/maple-proxy-factory) for an example on how to inherit and use for custom applications for factories and proxies. 12 | 13 | ### Features 14 | - **No interfaces:** Contracts only define internal functionality and do not expose any external interfaces. Implementers are encouraged to mix and match the internal functions to cater to their specific needs. 15 | 16 | - **Opt-In Upgrades:** Proxy contracts were designed to be upgraded individually. 17 | 18 | - **CREATE2:** Contracts can be deployed with CREATE or CREATE2 opcodes, allowing the option for Proxy contracts to be deployed with deterministic addresses. 19 | 20 | - **Migration Contracts:** Architecture allows for intermediary contracts that can perform storage migration operations between two versions on upgrade, as well as perform initialize functionality on Proxy instantiation. 21 | 22 | ### Contracts 23 | 24 | `ProxyFactory.sol` 25 | 26 | Responsible for deploying new Proxy instances and triggering initialization and migration logic atomically. 27 | **NOTE: All factories that inherit ProxyFactory MUST also inherit IDefaultImplementationBeacon and implement `defaultImplementation` if the CREATE2 functionality of `_newInstance` is to be used.** 28 | 29 | ```js 30 | contract ProxyFactory { 31 | 32 | /// @dev Deploys a new proxy for some version, with some initialization arguments, using `create` (i.e. factory's nonce determines the address). 33 | function _newInstance(uint256 version_, bytes memory arguments_) internal virtual returns (bool success_, address proxy_); 34 | 35 | /// @dev Deploys a new proxy, with some initialization arguments, using `create2` (i.e. salt determines the address). 36 | /// This factory needs to be IDefaultImplementationBeacon, since the proxy will pull its implementation from it. 37 | function _newInstance(bytes memory arguments_, bytes32 salt_) internal virtual returns (bool success_, address proxy_); 38 | 39 | /// @dev Registers an implementation for some version. 40 | function _registerImplementation(uint256 version_, address implementation_) internal virtual returns (bool success_); 41 | 42 | /// @dev Registers a migrator for between two versions. If `fromVersion_ == toVersion_`, migrator is an initializer. 43 | function _registerMigrator(uint256 fromVersion_, uint256 toVersion_, address migrator_) internal virtual returns (bool success_); 44 | 45 | /// @dev Upgrades a proxy to a new version of an implementation, with some migration arguments. 46 | /// Inheritor should revert on `success_ = false`, since proxy can be set to new implementation, but failed to migrate. 47 | function _upgradeInstance(address proxy_, uint256 toVersion_, bytes memory arguments_) internal virtual returns (bool success_); 48 | 49 | /// @dev Returns the deterministic address of a proxy given some salt. 50 | function _getDeterministicProxyAddress(bytes32 salt_) internal virtual view returns (address deterministicProxyAddress_); 51 | 52 | /// @dev Returns whether the account is currently a contract. 53 | function _isContract(address account_) internal view returns (bool isContract_); 54 | 55 | } 56 | ``` 57 | 58 | `SlotManipulatable.sol` 59 | 60 | Helper contract that can manually modify storage when necessary (i.e., during a initialization/migration process) 61 | 62 | ```js 63 | contract SlotManipulatable { 64 | 65 | /// @dev Returns the value stored at the given slot. 66 | function _getSlotValue(bytes32 slot_) internal view returns (bytes32 value_); 67 | 68 | /// @dev Sets the value stored at the given slot. 69 | function _setSlotValue(bytes32 slot_, bytes32 value_) internal; 70 | 71 | // @dev Returns the storage slot for a reference type. 72 | function _getReferenceTypeSlot(bytes32 slot_, bytes32 key_) internal pure returns (bytes32 value_); 73 | 74 | } 75 | ``` 76 | 77 | `Proxied.sol` 78 | 79 | Contract that must be inherited by all implementation contracts in order for them to function properly with proxies. 80 | 81 | 82 | ```js 83 | contract Proxied { 84 | 85 | /// @dev Delegatecalls to a migrator contract to manipulate storage during an initialization or migration. 86 | function _migrate(address migrator_, bytes calldata arguments_) internal virtual returns (bool success_); 87 | 88 | /// @dev Sets the factory address in storage. 89 | function _setFactory(address factory_) internal virtual returns (bool success_); 90 | 91 | /// @dev Sets the implementation address in storage. 92 | function _setImplementation(address implementation_) internal virtual returns (bool success_); 93 | 94 | /// @dev Returns the factory address. 95 | function _factory() internal view virtual returns (address factory_); 96 | 97 | /// @dev Returns the implementation address. 98 | function _implementation() internal view virtual returns (address implementation_) 99 | 100 | } 101 | ``` 102 | 103 | ## Setup 104 | 105 | This project was built using [dapptools](https://github.com/dapphub/dapptools). 106 | 107 | ```sh 108 | git clone git@github.com:maple-labs/proxy-factory.git 109 | cd proxy-factory 110 | dapp update 111 | ``` 112 | 113 | ## Running Tests 114 | 115 | - To run all tests: `make test` (runs `./test.sh`) 116 | - To run a specific test function: `./test.sh -t ` (e.g. `./test.sh test_composability`) 117 | 118 | ## Security 119 | 120 | The code is designed to be highly flexible and extensible, meaning that logic that is usually part of these functions (e.g., access controls) was not included. Therefore **it is strongly advised that these contracts be implemented with proper sanity checks, access controls and any extra logic necessary for security.** 121 | 122 | ## Audit Reports 123 | 124 | | Auditor | Report link | 125 | |---|---| 126 | | Trail of Bits | [ToB - Dec 28, 2021](https://docs.google.com/viewer?url=https://github.com/maple-labs/maple-core/files/7847684/Maple.Finance.-.Final.Report_v3.pdf) | 127 | | Code 4rena | [C4 - Jan 5, 2022](https://code4rena.com/reports/2021-12-maple/) | 128 | 129 | ## Bug Bounty 130 | 131 | For all information related to the ongoing bug bounty for these contracts run by [Immunefi](https://immunefi.com/), please visit this [site](https://immunefi.com/bounty/maple/). 132 | 133 | ## About Maple 134 | Maple is a decentralized corporate credit market. Maple provides capital to institutional borrowers through globally accessible fixed-income yield opportunities. 135 | 136 | For all technical documentation related to the Maple protocol, please refer to the GitHub [wiki](https://github.com/maple-labs/maple-core-v2/wiki). 137 | 138 | --- 139 | 140 |

141 | 142 |

143 | -------------------------------------------------------------------------------- /contracts/ProxyFactory.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | import { IProxied } from "./interfaces/IProxied.sol"; 5 | 6 | import { Proxy } from "./Proxy.sol"; 7 | 8 | /// @title A factory for Proxy contracts that proxy Proxied implementations. 9 | abstract contract ProxyFactory { 10 | 11 | mapping(uint256 => address) internal _implementationOf; 12 | 13 | mapping(address => uint256) internal _versionOf; 14 | 15 | mapping(uint256 => mapping(uint256 => address)) internal _migratorForPath; 16 | 17 | /// @dev Returns the implementation of `proxy_`. 18 | function _getImplementationOfProxy(address proxy_) private view returns (bool success_, address implementation_) { 19 | bytes memory returnData; 20 | // Since `_getImplementationOfProxy` is a private function, no need to check `proxy_` is a contract. 21 | ( success_, returnData ) = proxy_.staticcall(abi.encodeWithSelector(IProxied.implementation.selector)); 22 | implementation_ = abi.decode(returnData, (address)); 23 | } 24 | 25 | /// @dev Initializes `proxy_` using the initializer for `version_`, given some initialization arguments. 26 | function _initializeInstance(address proxy_, uint256 version_, bytes memory arguments_) private returns (bool success_) { 27 | // The migrator, where fromVersion == toVersion, is an initializer. 28 | address initializer = _migratorForPath[version_][version_]; 29 | 30 | // If there is no initializer, then no initialization is necessary, so long as no initialization arguments were provided. 31 | if (initializer == address(0)) return arguments_.length == uint256(0); 32 | 33 | // Call the migrate function on the proxy, passing any initialization arguments. 34 | // Since `_initializeInstance` is a private function, no need to check `proxy_` is a contract. 35 | ( success_, ) = proxy_.call(abi.encodeWithSelector(IProxied.migrate.selector, initializer, arguments_)); 36 | } 37 | 38 | /// @dev Deploys a new proxy for some version, with some initialization arguments, 39 | /// using `create` (i.e. factory's nonce determines the address). 40 | function _newInstance(uint256 version_, bytes memory arguments_) internal virtual returns (bool success_, address proxy_) { 41 | address implementation = _implementationOf[version_]; 42 | 43 | if (implementation == address(0)) return (false, address(0)); 44 | 45 | proxy_ = address(new Proxy(address(this), implementation)); 46 | success_ = _initializeInstance(proxy_, version_, arguments_); 47 | } 48 | 49 | /// @dev Deploys a new proxy, with some initialization arguments, using `create2` (i.e. salt determines the address). 50 | /// This factory needs to be IDefaultImplementationBeacon, since the proxy will pull its implementation from it. 51 | function _newInstance(bytes memory arguments_, bytes32 salt_) internal virtual returns (bool success_, address proxy_) { 52 | proxy_ = address(new Proxy{ salt: salt_ }(address(this), address(0))); 53 | 54 | // Fetch the implementation from the proxy. Don't care about success, 55 | // since the version of the implementation will be checked in the next step. 56 | ( , address implementation ) = _getImplementationOfProxy(proxy_); 57 | 58 | // Get the version of the implementation. 59 | uint256 version = _versionOf[implementation]; 60 | 61 | // Successful if version is nonzero (i.e. implementation fetched successfully from proxy) and initializing the instance succeeds. 62 | success_ = (version != uint256(0)) && _initializeInstance(proxy_, version, arguments_); 63 | } 64 | 65 | /// @dev Registers an implementation for some version. 66 | function _registerImplementation(uint256 version_, address implementation_) internal virtual returns (bool success_) { 67 | // Version 0 is not allowed since its the default value of all _versionOf[implementation_]. 68 | // Implementation cannot already be registered and cannot be empty account (and thus also not address(0)). 69 | if ( 70 | version_ == uint256(0) || 71 | _implementationOf[version_] != address(0) || 72 | _versionOf[implementation_] != uint256(0) || 73 | !_isContract(implementation_) 74 | ) return false; 75 | 76 | // Store in two-way mappings. 77 | _implementationOf[version_] = implementation_; 78 | _versionOf[implementation_] = version_; 79 | 80 | return true; 81 | } 82 | 83 | /// @dev Registers a migrator for between two versions. If `fromVersion_ == toVersion_`, migrator is an initializer. 84 | function _registerMigrator(uint256 fromVersion_, uint256 toVersion_, address migrator_) internal virtual returns (bool success_) { 85 | // Version 0 is invalid. 86 | if (fromVersion_ == uint256(0) || toVersion_ == uint256(0)) return false; 87 | 88 | // Migrator must either be zero (clearing) or a contract (setting). 89 | if (migrator_ != address(0) && !_isContract(migrator_)) return false; 90 | 91 | _migratorForPath[fromVersion_][toVersion_] = migrator_; 92 | 93 | return true; 94 | } 95 | 96 | /// @dev Upgrades a proxy to a new version of an implementation, with some migration arguments. 97 | /// Inheritor should revert on `success_ = false`, since proxy can be set to new implementation, but failed to migrate. 98 | function _upgradeInstance(address proxy_, uint256 toVersion_, bytes memory arguments_) internal virtual returns (bool success_) { 99 | // Check that the proxy is currently a contract, just once, ahead of the 3 times it will be low-level-called. 100 | if (!_isContract(proxy_)) return false; 101 | 102 | address toImplementation = _implementationOf[toVersion_]; 103 | 104 | // The implementation being migrated must have been registered (which also implies that `toVersion_` was not 0). 105 | if (toImplementation == address(0)) return false; 106 | 107 | // Fetch the implementation from the proxy. 108 | address fromImplementation; 109 | ( success_, fromImplementation ) = _getImplementationOfProxy(proxy_); 110 | 111 | if (!success_) return false; 112 | 113 | // Set the proxy's implementation. 114 | ( success_, ) = proxy_.call(abi.encodeWithSelector(IProxied.setImplementation.selector, toImplementation)); 115 | 116 | if (!success_) return false; 117 | 118 | // Get the version of the `fromImplementation`, then get the `migrator` of the upgrade path to `toVersion_`. 119 | address migrator = _migratorForPath[_versionOf[fromImplementation]][toVersion_]; 120 | 121 | // If there is no migrator, then no migration is necessary, so long as no migration arguments were provided. 122 | if (migrator == address(0)) return arguments_.length == uint256(0); 123 | 124 | // Call the migrate function on the proxy, passing any migration arguments. 125 | ( success_, ) = proxy_.call(abi.encodeWithSelector(IProxied.migrate.selector, migrator, arguments_)); 126 | } 127 | 128 | /// @dev Returns the deterministic address of a proxy given some salt. 129 | function _getDeterministicProxyAddress(bytes32 salt_) internal virtual view returns (address deterministicProxyAddress_) { 130 | // See https://docs.soliditylang.org/en/v0.8.7/control-structures.html#salted-contract-creations-create2 131 | return address( 132 | uint160( 133 | uint256( 134 | keccak256( 135 | abi.encodePacked( 136 | bytes1(0xff), 137 | address(this), 138 | salt_, 139 | keccak256(abi.encodePacked(type(Proxy).creationCode, abi.encode(address(this), address(0)))) 140 | ) 141 | ) 142 | ) 143 | ) 144 | ); 145 | } 146 | 147 | /// @dev Returns whether the account is currently a contract. 148 | function _isContract(address account_) internal view returns (bool isContract_) { 149 | return account_.code.length != uint256(0); 150 | } 151 | 152 | } 153 | -------------------------------------------------------------------------------- /contracts/test/mocks/Mocks.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | import { IDefaultImplementationBeacon } from "../../interfaces/IDefaultImplementationBeacon.sol"; 5 | import { IProxied } from "../../interfaces/IProxied.sol"; 6 | 7 | import { ProxiedInternals } from "../../ProxiedInternals.sol"; 8 | import { ProxyFactory } from "../../ProxyFactory.sol"; 9 | import { SlotManipulatable } from "../../SlotManipulatable.sol"; 10 | 11 | contract MockFactory is IDefaultImplementationBeacon, ProxyFactory { 12 | 13 | address public override defaultImplementation; 14 | 15 | function implementation(uint256 version_) external view returns (address implementation_) { 16 | return _implementationOf[version_]; 17 | } 18 | 19 | function migratorForPath(uint256 fromVersion_, uint256 toVersion_) external view returns (address migrator_) { 20 | return _migratorForPath[fromVersion_][toVersion_]; 21 | } 22 | 23 | function versionOf(address proxy_) external view returns (uint256 version_) { 24 | return _versionOf[proxy_]; 25 | } 26 | 27 | function registerImplementation(uint256 version_, address implementation_) external { 28 | require(_registerImplementation(version_, defaultImplementation = implementation_)); 29 | } 30 | 31 | function newInstance(uint256 version_, bytes calldata initializationArguments_) external returns (address proxy_) { 32 | bool success; 33 | ( success, proxy_ ) = _newInstance(version_, initializationArguments_); 34 | require(success); 35 | } 36 | 37 | function newInstance(bytes calldata initializationArguments_, bytes32 salt_) external returns (address proxy_) { 38 | bool success; 39 | ( success, proxy_ ) = _newInstance(initializationArguments_, salt_); 40 | require(success); 41 | } 42 | 43 | function registerMigrator(uint256 fromVersion_, uint256 toVersion_, address migrator_) external { 44 | require(_registerMigrator(fromVersion_, toVersion_, migrator_)); 45 | } 46 | 47 | function upgradeInstance(address proxy_, uint256 toVersion_, bytes calldata migrationArguments_) external { 48 | require(_upgradeInstance(proxy_, toVersion_, migrationArguments_)); 49 | } 50 | 51 | function getDeterministicProxyAddress(bytes32 salt_) external view returns (address proxyAddress_) { 52 | return _getDeterministicProxyAddress(salt_); 53 | } 54 | 55 | } 56 | 57 | // Used to initialize V1 contracts ("constructor") 58 | contract MockInitializerV1 is SlotManipulatable { 59 | 60 | event Initialized(uint256 beta, uint256 charlie, uint256 delta15); 61 | 62 | bytes32 private constant DELTA_SLOT = 0x1111111111111111111111111111111111111111111111111111111111111111; 63 | 64 | function _setDeltaOf(uint256 key_, uint256 delta_) internal { 65 | _setSlotValue(_getReferenceTypeSlot(DELTA_SLOT, bytes32(key_)), bytes32(delta_)); 66 | } 67 | 68 | fallback() external { 69 | // Set beta (in slot 0) to 1313 70 | _setSlotValue(bytes32(0), bytes32(uint256(1313))); 71 | 72 | // Set charlie (in slot 1) to 1717 73 | _setSlotValue(bytes32(uint256(1)), bytes32(uint256(1717))); 74 | 75 | // Set deltaOf[15] to 4747 76 | _setDeltaOf(15, 4747); 77 | 78 | emit Initialized(1313, 1717, 4747); 79 | } 80 | 81 | } 82 | 83 | interface IMockImplementationV1 is IProxied { 84 | 85 | function alpha() external view returns (uint256 alpha_); 86 | 87 | function beta() external view returns (uint256 beta_); 88 | 89 | function charlie() external view returns (uint256 charlie_); 90 | 91 | function getLiteral() external pure returns (uint256 literal_); 92 | 93 | function getConstant() external pure returns (uint256 constant_); 94 | 95 | function getViewable() external view returns (uint256 viewable_); 96 | 97 | function setBeta(uint256 beta_) external; 98 | 99 | function setCharlie(uint256 charlie_) external; 100 | 101 | function deltaOf(uint256 key_) external view returns (uint256 delta_); 102 | 103 | function setDeltaOf(uint256 key_, uint256 delta_) external; 104 | 105 | // Composability 106 | 107 | function getAnotherBeta(address other_) external view returns (uint256 beta_); 108 | 109 | function setAnotherBeta(address other_, uint256 beta_) external; 110 | 111 | } 112 | 113 | contract MockImplementationV1 is IProxied, IMockImplementationV1, ProxiedInternals { 114 | 115 | // Some "Nothing Up My Sleeve" Slot 116 | bytes32 private constant DELTA_SLOT = 0x1111111111111111111111111111111111111111111111111111111111111111; 117 | 118 | uint256 public constant override alpha = 1111; 119 | 120 | uint256 public override beta; 121 | uint256 public override charlie; 122 | 123 | // NOTE: This is implemented manually in order to support upgradeability and migrations 124 | // mapping(uint256 => uint256) public override deltaOf; 125 | 126 | function getLiteral() external pure override returns (uint256 literal_) { 127 | return 2222; 128 | } 129 | 130 | function getConstant() external pure override returns (uint256 constant_) { 131 | return alpha; 132 | } 133 | 134 | function getViewable() external view override returns (uint256 viewable_) { 135 | return beta; 136 | } 137 | 138 | function setBeta(uint256 beta_) external override { 139 | beta = beta_; 140 | } 141 | 142 | function setCharlie(uint256 charlie_) external override { 143 | charlie = charlie_; 144 | } 145 | 146 | function deltaOf(uint256 key_) public view override returns (uint256 delta_) { 147 | return uint256(_getSlotValue((_getReferenceTypeSlot(DELTA_SLOT, bytes32(key_))))); 148 | } 149 | 150 | function setDeltaOf(uint256 key_, uint256 delta_) public override { 151 | _setSlotValue(_getReferenceTypeSlot(DELTA_SLOT, bytes32(key_)), bytes32(delta_)); 152 | } 153 | 154 | // Composability 155 | 156 | function getAnotherBeta(address other_) external view override returns (uint256 beta_) { 157 | return IMockImplementationV1(other_).beta(); 158 | } 159 | 160 | function setAnotherBeta(address other_, uint256 beta_) external override { 161 | IMockImplementationV1(other_).setBeta(beta_); 162 | } 163 | 164 | // Proxied 165 | 166 | function migrate(address migrator_, bytes calldata arguments_) external override { 167 | require(msg.sender == _factory(), "MI:M:NOT_FACTORY"); 168 | require(_migrate(migrator_, arguments_), "MI:M:FAILED"); 169 | } 170 | 171 | function setImplementation(address newImplementation_) external override { 172 | require(msg.sender == _factory(), "MI:SI:NOT_FACTORY"); 173 | require(_setImplementation(newImplementation_), "MI:SI:FAILED"); 174 | } 175 | 176 | function factory() public view override returns (address factory_) { 177 | return _factory(); 178 | } 179 | 180 | function implementation() public view override returns (address implementation_) { 181 | return _implementation(); 182 | } 183 | 184 | } 185 | 186 | // Used to initialize V2 contracts ("constructor") 187 | contract MockInitializerV2 is SlotManipulatable { 188 | 189 | event Initialized(uint256 charlie, uint256 echo, uint256 derby15); 190 | 191 | bytes32 private constant DERBY_SLOT = 0x1111111111111111111111111111111111111111111111111111111111111111; 192 | 193 | function _setDerbyOf(uint256 key_, uint256 delta_) internal { 194 | _setSlotValue(_getReferenceTypeSlot(DERBY_SLOT, bytes32(key_)), bytes32(delta_)); 195 | } 196 | 197 | fallback() external { 198 | uint256 arg = abi.decode(msg.data, (uint256)); 199 | 200 | // Set charlie (in slot 0) to 3434 201 | _setSlotValue(bytes32(0), bytes32(uint256(3434))); 202 | 203 | // Set echo (in slot 1) to 3333 204 | _setSlotValue(bytes32(uint256(1)), bytes32(uint256(3333))); 205 | 206 | // Set derbyOf[15] based on arg 207 | _setDerbyOf(15, arg); 208 | 209 | emit Initialized(3434, 3333, arg); 210 | } 211 | 212 | } 213 | 214 | interface IMockImplementationV2 is IProxied { 215 | 216 | function axiom() external view returns (uint256 axiom_); 217 | 218 | function charlie() external view returns (uint256 charlie_); 219 | 220 | function echo() external view returns (uint256 echo_); 221 | 222 | function getLiteral() external pure returns (uint256 literal_); 223 | 224 | function getConstant() external pure returns (uint256 constant_); 225 | 226 | function getViewable() external view returns (uint256 viewable_); 227 | 228 | function setCharlie(uint256 charlie_) external; 229 | 230 | function setEcho(uint256 echo_) external; 231 | 232 | function derbyOf(uint256 key_) external view returns (uint256 derby_); 233 | 234 | function setDerbyOf(uint256 key_, uint256 derby_) external; 235 | 236 | } 237 | 238 | contract MockImplementationV2 is IProxied, IMockImplementationV2, ProxiedInternals { 239 | 240 | // Same "Nothing Up My Sleeve" Slot as in V1 241 | bytes32 private constant DERBY_SLOT = 0x1111111111111111111111111111111111111111111111111111111111111111; 242 | 243 | uint256 public constant override axiom = 5555; 244 | 245 | uint256 public override charlie; // Same charlie as in V1 246 | uint256 public override echo; 247 | 248 | // NOTE: This is implemented manually in order to support upgradeability and migrations 249 | // mapping(uint256 => uint256) public override derbyOf; 250 | 251 | function getLiteral() external pure override returns (uint256 literal_) { 252 | return 4444; 253 | } 254 | 255 | function getConstant() external pure override returns (uint256 constant_) { 256 | return axiom; 257 | } 258 | 259 | function getViewable() external view override returns (uint256 viewable_) { 260 | return echo; 261 | } 262 | 263 | function setCharlie(uint256 charlie_) external override { 264 | charlie = charlie_; 265 | } 266 | 267 | function setEcho(uint256 echo_) external override { 268 | echo = echo_; 269 | } 270 | 271 | function derbyOf(uint256 key_) public view override returns (uint256) { 272 | return uint256(_getSlotValue(_getReferenceTypeSlot(DERBY_SLOT, bytes32(key_)))); 273 | } 274 | 275 | function setDerbyOf(uint256 key_, uint256 derby_) public override { 276 | _setSlotValue(_getReferenceTypeSlot(DERBY_SLOT, bytes32(key_)), bytes32(derby_)); 277 | } 278 | 279 | // Proxied 280 | 281 | function migrate(address migrator_, bytes calldata arguments_) external override { 282 | require(msg.sender == _factory(), "MI:M:NOT_FACTORY"); 283 | require(_migrate(migrator_, arguments_), "MI:M:FAILED"); 284 | } 285 | 286 | function setImplementation(address newImplementation_) external override { 287 | require(msg.sender == _factory(), "MI:SI:NOT_FACTORY"); 288 | require(_setImplementation(newImplementation_), "MI:SI:FAILED"); 289 | } 290 | 291 | function factory() public view override returns (address factory_) { 292 | return _factory(); 293 | } 294 | 295 | function implementation() public view override returns (address implementation_) { 296 | return _implementation(); 297 | } 298 | 299 | } 300 | 301 | // Used to migrate V1 contracts to v2 (may contain initialization logic as well) 302 | contract MockMigratorV1ToV2 is SlotManipulatable { 303 | 304 | event Migrated(uint256 charlie, uint256 echo, uint256 derby15, uint256 derby4); 305 | 306 | bytes32 private constant DERBY_SLOT = 0x1111111111111111111111111111111111111111111111111111111111111111; 307 | 308 | function _setDerbyOf(uint256 key_, uint256 delta_) internal { 309 | _setSlotValue(_getReferenceTypeSlot(DERBY_SLOT, bytes32(key_)), bytes32(delta_)); 310 | } 311 | 312 | function _getDerbyOf(uint256 key_) public view returns (uint256 derby_) { 313 | return uint256(_getSlotValue(_getReferenceTypeSlot(DERBY_SLOT, bytes32(key_)))); 314 | } 315 | 316 | fallback() external { 317 | uint256 arg = abi.decode(msg.data, (uint256)); 318 | 319 | // NOTE: It is possible to do this specific migration more optimally, but this is just a clear example 320 | 321 | // Delete beta from V1 322 | _setSlotValue(0, 0); 323 | 324 | // Move charlie from V1 up a slot (slot 1 to slot 2) 325 | _setSlotValue(bytes32(0), _getSlotValue(bytes32(uint256(1)))); 326 | _setSlotValue(bytes32(uint256(1)), bytes32(0)); 327 | 328 | // Double value of charlie from V1 329 | uint256 newCharlie = uint256(_getSlotValue(bytes32(0))) * 2; 330 | _setSlotValue(bytes32(0), bytes32(newCharlie)); 331 | 332 | // Set echo (in slot 1) to 3333 333 | _setSlotValue(bytes32(uint256(1)), bytes32(uint256(3333))); 334 | 335 | // Set derbyOf[15] based on arg 336 | _setDerbyOf(15, arg); 337 | 338 | // If derbyOf[2] is set, set derbyOf[4] to 18 339 | uint256 newDerby4 = _getDerbyOf(4); 340 | if (_getDerbyOf(2) != 0) { 341 | _setDerbyOf(4, newDerby4 = 1188); 342 | } 343 | 344 | emit Migrated(newCharlie, 3333, arg, newDerby4); 345 | } 346 | 347 | } 348 | 349 | contract MockMigratorV1ToV2WithNoArgs is SlotManipulatable { 350 | 351 | event Migrated(uint256 charlie, uint256 echo, uint256 derby4); 352 | 353 | bytes32 private constant DERBY_SLOT = 0x1111111111111111111111111111111111111111111111111111111111111111; 354 | 355 | function _setDerbyOf(uint256 key_, uint256 delta_) internal { 356 | _setSlotValue(_getReferenceTypeSlot(DERBY_SLOT, bytes32(key_)), bytes32(delta_)); 357 | } 358 | 359 | function _getDerbyOf(uint256 key_) public view returns (uint256 derby_) { 360 | return uint256(_getSlotValue(_getReferenceTypeSlot(DERBY_SLOT, bytes32(key_)))); 361 | } 362 | 363 | fallback() external { 364 | // NOTE: It is possible to do this specific migration more optimally, but this is just a clear example 365 | 366 | // Delete beta from V1 367 | _setSlotValue(0, 0); 368 | 369 | // Move charlie from V1 up a slot (slot 1 to slot 2) 370 | _setSlotValue(bytes32(0), _getSlotValue(bytes32(uint256(1)))); 371 | _setSlotValue(bytes32(uint256(1)), bytes32(0)); 372 | 373 | // Double value of charlie from V1 374 | uint256 newCharlie = uint256(_getSlotValue(bytes32(0))) * 2; 375 | _setSlotValue(bytes32(0), bytes32(newCharlie)); 376 | 377 | // Set echo (in slot 1) to 3333 378 | _setSlotValue(bytes32(uint256(1)), bytes32(uint256(3333))); 379 | 380 | // Set derbyOf[15] based on arg 381 | _setDerbyOf(15, 15); 382 | 383 | // If derbyOf[2] is set, set derbyOf[4] to 18 384 | uint256 newDerby4 = _getDerbyOf(4); 385 | if (_getDerbyOf(2) != 0) { 386 | _setDerbyOf(4, newDerby4 = 1188); 387 | } 388 | 389 | emit Migrated(newCharlie, 3333, newDerby4); 390 | } 391 | 392 | } 393 | 394 | contract MaliciousImplementation is SlotManipulatable { 395 | 396 | bytes32 private constant IMPLEMENTATION_SLOT = bytes32(0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc); 397 | fallback() external { 398 | _setSlotValue(IMPLEMENTATION_SLOT, bytes32(uint256(uint160(222)))); 399 | } 400 | } 401 | 402 | contract ProxyWithIncorrectCode { 403 | 404 | address public factory; 405 | address public implementation; 406 | 407 | constructor(address factory_, address implementation_) { 408 | factory = factory_; 409 | implementation = implementation_; 410 | } 411 | 412 | } 413 | -------------------------------------------------------------------------------- /contracts/test/ProxyFactory.t.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: AGPL-3.0-only 2 | pragma solidity ^0.8.7; 3 | 4 | import { TestUtils } from "../../modules/contract-test-utils/contracts/test.sol"; 5 | 6 | import { Proxy } from "../Proxy.sol"; 7 | 8 | import { 9 | IMockImplementationV1, 10 | IMockImplementationV2, 11 | MaliciousImplementation, 12 | MockFactory, 13 | MockImplementationV1, 14 | MockImplementationV2, 15 | MockInitializerV1, 16 | MockInitializerV2, 17 | MockMigratorV1ToV2, 18 | MockMigratorV1ToV2WithNoArgs 19 | } from "./mocks/Mocks.sol"; 20 | 21 | contract ProxyFactoryTests is TestUtils { 22 | 23 | /**************************************************************************************************************************************/ 24 | /*** `registerImplementation` Tests ***/ 25 | /**************************************************************************************************************************************/ 26 | 27 | function test_registerImplementation() external { 28 | MockFactory factory = new MockFactory(); 29 | MockImplementationV1 implementation = new MockImplementationV1(); 30 | 31 | assertEq(factory.implementation(1), address(0)); 32 | assertEq(factory.migratorForPath(1, 1), address(0)); 33 | assertEq(factory.versionOf(address(implementation)), 0); 34 | 35 | factory.registerImplementation(1, address(implementation)); 36 | 37 | assertEq(factory.implementation(1), address(implementation)); 38 | assertEq(factory.migratorForPath(1, 1), address(0)); 39 | assertEq(factory.versionOf(address(implementation)), 1); 40 | } 41 | 42 | function test_registerImplementation_fail_overwriteImplementation() external { 43 | MockFactory factory = new MockFactory(); 44 | MockImplementationV1 implementation1 = new MockImplementationV1(); 45 | MockImplementationV1 implementation2 = new MockImplementationV1(); 46 | 47 | factory.registerImplementation(1, address(implementation1)); 48 | 49 | // Try reusing the same version 50 | try factory.registerImplementation(1, address(implementation2)) { assertTrue(false, "Able to overwrite implementation"); } catch { } 51 | } 52 | 53 | function testFail_registerImplementation_zeroImplementation() external { 54 | MockFactory factory = new MockFactory(); 55 | factory.registerImplementation(1, address(0)); 56 | } 57 | 58 | function testFail_registerImplementation_nonContract() external { 59 | MockFactory factory = new MockFactory(); 60 | factory.registerImplementation(1, address(22)); 61 | } 62 | 63 | function test_registerImplementation_fail_duplicateImplementation() external { 64 | MockFactory factory = new MockFactory(); 65 | MockImplementationV1 implementation = new MockImplementationV1(); 66 | 67 | factory.registerImplementation(1, address(implementation)); 68 | 69 | try factory.registerImplementation(2, address(implementation)) { assertTrue(false, "Able to register duplicate implementation"); } catch { } 70 | } 71 | 72 | /**************************************************************************************************************************************/ 73 | /*** `newInstance` Tests ***/ 74 | /**************************************************************************************************************************************/ 75 | 76 | function test_newInstance_withNoInitialization() external { 77 | MockFactory factory = new MockFactory(); 78 | MockImplementationV1 implementation = new MockImplementationV1(); 79 | 80 | factory.registerImplementation(1, address(implementation)); 81 | 82 | assertEq(factory.implementation(1), address(implementation)); 83 | assertEq(factory.migratorForPath(1, 1), address(0)); 84 | assertEq(factory.versionOf(address(implementation)), 1); 85 | 86 | IMockImplementationV1 proxy = IMockImplementationV1(factory.newInstance(1, new bytes(0))); 87 | 88 | assertEq(proxy.factory(), address(factory)); 89 | assertEq(proxy.implementation(), address(implementation)); 90 | 91 | assertEq(proxy.alpha(), 1111); 92 | assertEq(proxy.beta(), 0); 93 | assertEq(proxy.charlie(), 0); 94 | assertEq(proxy.deltaOf(2), 0); 95 | 96 | assertEq(proxy.getLiteral(), 2222); 97 | assertEq(proxy.getConstant(), 1111); 98 | assertEq(proxy.getViewable(), 0); 99 | 100 | proxy.setBeta(8888); 101 | assertEq(proxy.beta(), 8888); 102 | 103 | 104 | proxy.setCharlie(3838); 105 | assertEq(proxy.charlie(), 3838); 106 | 107 | proxy.setDeltaOf(2, 2929); 108 | assertEq(proxy.deltaOf(2), 2929); 109 | } 110 | 111 | function test_newInstance_withNoInitializationArgs() external { 112 | MockFactory factory = new MockFactory(); 113 | MockInitializerV1 initializer = new MockInitializerV1(); 114 | MockImplementationV1 implementation = new MockImplementationV1(); 115 | 116 | factory.registerMigrator(1, 1, address(initializer)); 117 | factory.registerImplementation(1, address(implementation)); 118 | 119 | assertEq(factory.implementation(1), address(implementation)); 120 | assertEq(factory.migratorForPath(1, 1), address(initializer)); 121 | assertEq(factory.versionOf(address(implementation)), 1); 122 | 123 | IMockImplementationV1 proxy = IMockImplementationV1(factory.newInstance(1, new bytes(0))); 124 | 125 | assertEq(proxy.factory(), address(factory)); 126 | assertEq(proxy.implementation(), address(implementation)); 127 | 128 | assertEq(proxy.alpha(), 1111); 129 | assertEq(proxy.beta(), 1313); 130 | assertEq(proxy.charlie(), 1717); 131 | assertEq(proxy.deltaOf(2), 0); 132 | 133 | assertEq(proxy.getLiteral(), 2222); 134 | assertEq(proxy.getConstant(), 1111); 135 | assertEq(proxy.getViewable(), 1313); 136 | 137 | proxy.setBeta(8888); 138 | assertEq(proxy.beta(), 8888); 139 | 140 | 141 | proxy.setCharlie(3838); 142 | assertEq(proxy.charlie(), 3838); 143 | 144 | 145 | proxy.setDeltaOf(2, 2929); 146 | assertEq(proxy.deltaOf(2), 2929); 147 | } 148 | 149 | function test_newInstance_withInitializationArgs() external { 150 | MockFactory factory = new MockFactory(); 151 | MockInitializerV2 initializer = new MockInitializerV2(); 152 | MockImplementationV2 implementation = new MockImplementationV2(); 153 | 154 | factory.registerMigrator(2, 2, address(initializer)); 155 | factory.registerImplementation(2, address(implementation)); 156 | 157 | assertEq(factory.implementation(2), address(implementation)); 158 | assertEq(factory.migratorForPath(2, 2), address(initializer)); 159 | assertEq(factory.versionOf(address(implementation)), 2); 160 | 161 | IMockImplementationV2 proxy = IMockImplementationV2(factory.newInstance(2, abi.encode(uint256(9090)))); 162 | 163 | assertEq(proxy.factory(), address(factory)); 164 | assertEq(proxy.implementation(), address(implementation)); 165 | 166 | assertEq(proxy.axiom(), 5555); 167 | assertEq(proxy.charlie(), 3434); 168 | assertEq(proxy.echo(), 3333); 169 | assertEq(proxy.derbyOf(2), 0); 170 | 171 | assertEq(proxy.getLiteral(), 4444); 172 | assertEq(proxy.getConstant(), 5555); 173 | assertEq(proxy.getViewable(), 3333); 174 | 175 | proxy.setCharlie(6969); 176 | assertEq(proxy.charlie(), 6969); 177 | 178 | proxy.setEcho(4040); 179 | assertEq(proxy.echo(), 4040); 180 | 181 | proxy.setDerbyOf(2, 6161); 182 | assertEq(proxy.derbyOf(2), 6161); 183 | } 184 | 185 | function test_newInstance_invalidInitializerArguments() external { 186 | MockFactory factory = new MockFactory(); 187 | MockInitializerV2 initializer = new MockInitializerV2(); 188 | MockImplementationV2 implementation = new MockImplementationV2(); 189 | 190 | factory.registerMigrator(2, 2, address(initializer)); 191 | factory.registerImplementation(2, address(implementation)); 192 | 193 | assertEq(factory.implementation(2), address(implementation)); 194 | assertEq(factory.migratorForPath(2, 2), address(initializer)); 195 | assertEq(factory.versionOf(address(implementation)), 2); 196 | 197 | try factory.newInstance(2, new bytes(0)) { assertTrue(false, "Able to create with invalid arguments"); } catch { } 198 | 199 | factory.newInstance(2, abi.encode(0)); 200 | } 201 | 202 | function testFail_newInstance_nonRegisteredImplementation() external { 203 | MockFactory factory = new MockFactory(); 204 | factory.newInstance(1, new bytes(0)); 205 | } 206 | 207 | function test_newInstance_withSaltAndInitialization() external { 208 | MockFactory factory = new MockFactory(); 209 | MockInitializerV2 initializer = new MockInitializerV2(); 210 | MockImplementationV2 implementation = new MockImplementationV2(); 211 | 212 | factory.registerMigrator(2, 2, address(initializer)); 213 | factory.registerImplementation(2, address(implementation)); 214 | 215 | assertEq(factory.implementation(2), address(implementation)); 216 | assertEq(factory.migratorForPath(2, 2), address(initializer)); 217 | assertEq(factory.versionOf(address(implementation)), 2); 218 | 219 | bytes32 salt = keccak256(abi.encodePacked("salt")); 220 | 221 | IMockImplementationV2 proxy = IMockImplementationV2(factory.newInstance(abi.encode(uint256(9090)), salt)); 222 | 223 | assertEq(proxy.factory(), address(factory)); 224 | assertEq(proxy.implementation(), address(implementation)); 225 | } 226 | 227 | function test_newInstance_withSaltAndNoInitialization() external { 228 | MockFactory factory = new MockFactory(); 229 | MockImplementationV1 implementation = new MockImplementationV1(); 230 | 231 | factory.registerImplementation(1, address(implementation)); 232 | 233 | bytes32 salt = keccak256(abi.encodePacked("salt")); 234 | 235 | assertEq(factory.getDeterministicProxyAddress(salt), 0x045A1D5dF300FdfB7CE80Ed8397b46a4C634c508); 236 | assertEq(factory.newInstance(new bytes(0), salt), 0x045A1D5dF300FdfB7CE80Ed8397b46a4C634c508); 237 | } 238 | 239 | function test_newInstance_withSaltAndInvalidInitializerArguments() external { 240 | MockFactory factory = new MockFactory(); 241 | MockInitializerV2 initializer = new MockInitializerV2(); 242 | MockImplementationV2 implementation = new MockImplementationV2(); 243 | 244 | factory.registerMigrator(2, 2, address(initializer)); 245 | factory.registerImplementation(2, address(implementation)); 246 | 247 | assertEq(factory.implementation(2), address(implementation)); 248 | assertEq(factory.migratorForPath(2, 2), address(initializer)); 249 | assertEq(factory.versionOf(address(implementation)), 2); 250 | 251 | bytes32 salt = keccak256(abi.encodePacked("salt")); 252 | 253 | try factory.newInstance(new bytes(0), salt) { assertTrue(false, "able to create"); } catch { } 254 | 255 | factory.newInstance(abi.encode(0), salt); 256 | } 257 | 258 | function testFail_newInstance_withSaltAndNonRegisteredImplementation() external { 259 | MockFactory factory = new MockFactory(); 260 | factory.newInstance(new bytes(0), keccak256(abi.encodePacked("salt"))); 261 | } 262 | 263 | function testFail_newInstance_withReusedSalt() external { 264 | MockFactory factory = new MockFactory(); 265 | MockImplementationV1 implementation = new MockImplementationV1(); 266 | 267 | bytes32 salt = keccak256(abi.encodePacked("salt")); 268 | 269 | factory.registerImplementation(1, address(implementation)); 270 | factory.newInstance(new bytes(0), salt); 271 | factory.newInstance(new bytes(0), salt); 272 | } 273 | 274 | /**************************************************************************************************************************************/ 275 | /*** `registerMigrator` Tests ***/ 276 | /**************************************************************************************************************************************/ 277 | 278 | // TODO: Successful `registerMigrator` 279 | 280 | function testFail_registerMigrator_withInvalidMigrator() external { 281 | (new MockFactory()).registerMigrator(1, 2, address(1)); 282 | } 283 | 284 | function test_upgradeInstance_withNoMigration() external { 285 | MockFactory factory = new MockFactory(); 286 | MockInitializerV1 initializerV1 = new MockInitializerV1(); 287 | MockInitializerV2 initializerV2 = new MockInitializerV2(); 288 | MockImplementationV1 implementationV1 = new MockImplementationV1(); 289 | MockImplementationV2 implementationV2 = new MockImplementationV2(); 290 | 291 | // Register V1, its initializer, and deploy a proxy. 292 | factory.registerMigrator(1, 1, address(initializerV1)); 293 | factory.registerImplementation(1, address(implementationV1)); 294 | address proxy = factory.newInstance(1, new bytes(0)); 295 | 296 | // Set some values in proxy. 297 | IMockImplementationV1(proxy).setBeta(7575); 298 | IMockImplementationV1(proxy).setCharlie(1414); 299 | IMockImplementationV1(proxy).setDeltaOf(2, 3030); 300 | IMockImplementationV1(proxy).setDeltaOf(4, 9944); 301 | IMockImplementationV1(proxy).setDeltaOf(15, 2323); 302 | 303 | // Register V2, its initializer, and a migrator. 304 | factory.registerMigrator(2, 2, address(initializerV2)); 305 | factory.registerImplementation(2, address(implementationV2)); 306 | 307 | assertEq(factory.migratorForPath(1, 2), address(0)); 308 | 309 | // Check state before migration. 310 | assertEq(IMockImplementationV1(proxy).implementation(), address(implementationV1)); 311 | 312 | assertEq(IMockImplementationV1(proxy).beta(), 7575); 313 | assertEq(IMockImplementationV1(proxy).charlie(), 1414); 314 | assertEq(IMockImplementationV1(proxy).deltaOf(2), 3030); 315 | assertEq(IMockImplementationV1(proxy).deltaOf(4), 9944); 316 | assertEq(IMockImplementationV1(proxy).deltaOf(15), 2323); 317 | 318 | assertEq(IMockImplementationV1(proxy).getLiteral(), 2222); 319 | assertEq(IMockImplementationV1(proxy).getConstant(), 1111); 320 | assertEq(IMockImplementationV1(proxy).getViewable(), 7575); 321 | 322 | // Migrate proxy from V1 to V2. 323 | factory.upgradeInstance(proxy, 2, new bytes(0)); 324 | 325 | // Check if migration was successful. 326 | assertEq(IMockImplementationV2(proxy).implementation(), address(implementationV2)); 327 | 328 | assertEq(IMockImplementationV2(proxy).charlie(), 7575); // Is old beta. 329 | assertEq(IMockImplementationV2(proxy).echo(), 1414); // Is old charlie. 330 | assertEq(IMockImplementationV2(proxy).derbyOf(2), 3030); // Delta was renamed to Derby, but the values remain unchanged. 331 | assertEq(IMockImplementationV2(proxy).derbyOf(4), 9944); // Delta was renamed to Derby, but the values remain unchanged. 332 | assertEq(IMockImplementationV2(proxy).derbyOf(15), 2323); // Delta was renamed to Derby, but the values remain unchanged. 333 | 334 | assertEq(IMockImplementationV2(proxy).getLiteral(), 4444); 335 | assertEq(IMockImplementationV2(proxy).getConstant(), 5555); 336 | assertEq(IMockImplementationV2(proxy).getViewable(), 1414); 337 | } 338 | 339 | /**************************************************************************************************************************************/ 340 | /*** `upgradeInstance` Tests ***/ 341 | /**************************************************************************************************************************************/ 342 | 343 | function test_upgradeInstance_withMigrationArgs() external { 344 | MockFactory factory = new MockFactory(); 345 | MockInitializerV1 initializerV1 = new MockInitializerV1(); 346 | MockInitializerV2 initializerV2 = new MockInitializerV2(); 347 | MockMigratorV1ToV2 migrator = new MockMigratorV1ToV2(); 348 | MockImplementationV1 implementationV1 = new MockImplementationV1(); 349 | MockImplementationV2 implementationV2 = new MockImplementationV2(); 350 | 351 | // Register V1, its initializer, and deploy a proxy. 352 | factory.registerMigrator(1, 1, address(initializerV1)); 353 | factory.registerImplementation(1, address(implementationV1)); 354 | address proxy = factory.newInstance(1, new bytes(0)); 355 | 356 | // Set some values in proxy. 357 | IMockImplementationV1(proxy).setBeta(7575); 358 | IMockImplementationV1(proxy).setCharlie(1414); 359 | IMockImplementationV1(proxy).setDeltaOf(2, 3030); 360 | IMockImplementationV1(proxy).setDeltaOf(4, 9944); 361 | IMockImplementationV1(proxy).setDeltaOf(15, 2323); 362 | 363 | // Register V2, its initializer, and a migrator. 364 | factory.registerMigrator(2, 2, address(initializerV2)); 365 | factory.registerMigrator(1, 2, address(migrator)); 366 | factory.registerImplementation(2, address(implementationV2)); 367 | 368 | assertEq(factory.migratorForPath(1, 2), address(migrator)); 369 | 370 | // Check state before migration. 371 | assertEq(IMockImplementationV1(proxy).implementation(), address(implementationV1)); 372 | 373 | assertEq(IMockImplementationV1(proxy).beta(), 7575); 374 | assertEq(IMockImplementationV1(proxy).charlie(), 1414); 375 | assertEq(IMockImplementationV1(proxy).deltaOf(2), 3030); 376 | assertEq(IMockImplementationV1(proxy).deltaOf(4), 9944); 377 | assertEq(IMockImplementationV1(proxy).deltaOf(15), 2323); 378 | 379 | assertEq(IMockImplementationV1(proxy).getLiteral(), 2222); 380 | assertEq(IMockImplementationV1(proxy).getConstant(), 1111); 381 | assertEq(IMockImplementationV1(proxy).getViewable(), 7575); 382 | 383 | uint256 migrationArgument = 9090; 384 | 385 | // Migrate proxy from V1 to V2. 386 | factory.upgradeInstance(proxy, 2, abi.encode(migrationArgument)); 387 | 388 | // Check if migration was successful. 389 | assertEq(IMockImplementationV2(proxy).implementation(), address(implementationV2)); 390 | 391 | assertEq(IMockImplementationV2(proxy).charlie(), 2828); // Should be doubled from V1. 392 | assertEq(IMockImplementationV2(proxy).echo(), 3333); 393 | assertEq(IMockImplementationV2(proxy).derbyOf(2), 3030); // Delta from V1 was renamed to Derby 394 | assertEq(IMockImplementationV2(proxy).derbyOf(4), 1188); // Should be different due to migration case. 395 | assertEq(IMockImplementationV2(proxy).derbyOf(15), migrationArgument); // Should have been overwritten by migration arg. 396 | 397 | assertEq(IMockImplementationV2(proxy).getLiteral(), 4444); 398 | assertEq(IMockImplementationV2(proxy).getConstant(), 5555); 399 | assertEq(IMockImplementationV2(proxy).getViewable(), 3333); 400 | } 401 | 402 | function test_upgradeInstance_withNoMigrationArgs() external { 403 | MockFactory factory = new MockFactory(); 404 | MockInitializerV1 initializerV1 = new MockInitializerV1(); 405 | MockInitializerV2 initializerV2 = new MockInitializerV2(); 406 | MockMigratorV1ToV2WithNoArgs migrator = new MockMigratorV1ToV2WithNoArgs(); 407 | MockImplementationV1 implementationV1 = new MockImplementationV1(); 408 | MockImplementationV2 implementationV2 = new MockImplementationV2(); 409 | 410 | // Register V1, its initializer, and deploy a proxy. 411 | factory.registerMigrator(1, 1, address(initializerV1)); 412 | factory.registerImplementation(1, address(implementationV1)); 413 | address proxy = factory.newInstance(1, new bytes(0)); 414 | 415 | // Set some values in proxy. 416 | IMockImplementationV1(proxy).setBeta(7575); 417 | IMockImplementationV1(proxy).setCharlie(1414); 418 | IMockImplementationV1(proxy).setDeltaOf(2, 3030); 419 | IMockImplementationV1(proxy).setDeltaOf(4, 9944); 420 | IMockImplementationV1(proxy).setDeltaOf(15, 2323); 421 | 422 | // Register V2, its initializer, and a migrator. 423 | factory.registerMigrator(2, 2, address(initializerV2)); 424 | factory.registerMigrator(1, 2, address(migrator)); 425 | factory.registerImplementation(2, address(implementationV2)); 426 | 427 | assertEq(factory.migratorForPath(1, 2), address(migrator)); 428 | 429 | // Check state before migration. 430 | assertEq(IMockImplementationV1(proxy).implementation(), address(implementationV1)); 431 | 432 | assertEq(IMockImplementationV1(proxy).beta(), 7575); 433 | assertEq(IMockImplementationV1(proxy).charlie(), 1414); 434 | assertEq(IMockImplementationV1(proxy).deltaOf(2), 3030); 435 | assertEq(IMockImplementationV1(proxy).deltaOf(4), 9944); 436 | assertEq(IMockImplementationV1(proxy).deltaOf(15), 2323); 437 | 438 | assertEq(IMockImplementationV1(proxy).getLiteral(), 2222); 439 | assertEq(IMockImplementationV1(proxy).getConstant(), 1111); 440 | assertEq(IMockImplementationV1(proxy).getViewable(), 7575); 441 | 442 | // Migrate proxy from V1 to V2. 443 | factory.upgradeInstance(proxy, 2, new bytes(0)); 444 | 445 | // Check if migration was successful. 446 | assertEq(IMockImplementationV2(proxy).implementation(), address(implementationV2)); 447 | 448 | assertEq(IMockImplementationV2(proxy).charlie(), 2828); // Should be doubled from V1. 449 | assertEq(IMockImplementationV2(proxy).echo(), 3333); 450 | assertEq(IMockImplementationV2(proxy).derbyOf(2), 3030); // Delta from V1 was renamed to Derby 451 | assertEq(IMockImplementationV2(proxy).derbyOf(4), 1188); // Should be different due to migration case. 452 | assertEq(IMockImplementationV2(proxy).derbyOf(15), 15); 453 | 454 | assertEq(IMockImplementationV2(proxy).getLiteral(), 4444); 455 | assertEq(IMockImplementationV2(proxy).getConstant(), 5555); 456 | assertEq(IMockImplementationV2(proxy).getViewable(), 3333); 457 | } 458 | 459 | function testFail_upgradeInstance_nonRegisteredImplementation() external { 460 | MockFactory factory = new MockFactory(); 461 | MockInitializerV1 initializerV1 = new MockInitializerV1(); 462 | MockImplementationV1 implementationV1 = new MockImplementationV1(); 463 | 464 | // Register V1, its initializer, and deploy a proxy. 465 | factory.registerMigrator(1, 1, address(initializerV1)); 466 | factory.registerImplementation(1, address(implementationV1)); 467 | address proxy = factory.newInstance(1, new bytes(0)); 468 | 469 | // Migrate proxy from V1 to V2. 470 | factory.upgradeInstance(proxy, 2, new bytes(0)); 471 | } 472 | 473 | function test_upgradeInstance_failWithInvalidMigrationArgs() external { 474 | MockFactory factory = new MockFactory(); 475 | MockMigratorV1ToV2 migrator = new MockMigratorV1ToV2(); 476 | MockImplementationV1 implementationV1 = new MockImplementationV1(); 477 | MockImplementationV2 implementationV2 = new MockImplementationV2(); 478 | 479 | // Register V1, its initializer, and deploy a proxy. 480 | factory.registerImplementation(1, address(implementationV1)); 481 | address proxy = factory.newInstance(1, new bytes(0)); 482 | 483 | // Register V2, its initializer, and a migrator. 484 | factory.registerMigrator(1, 2, address(migrator)); 485 | factory.registerImplementation(2, address(implementationV2)); 486 | 487 | assertEq(factory.migratorForPath(1, 2), address(migrator)); 488 | 489 | // Check state before migration. 490 | assertEq(IMockImplementationV1(proxy).implementation(), address(implementationV1)); 491 | 492 | // Try migrate proxy from V1 to V2. 493 | try factory.upgradeInstance(proxy, 2, new bytes(0)) { assertTrue(false, "Able to migrate with invalid arguments"); } catch { } 494 | 495 | // Check if migration failed. 496 | assertEq(IMockImplementationV1(proxy).implementation(), address(implementationV1)); 497 | 498 | factory.upgradeInstance(proxy, 2, abi.encode(22)); 499 | 500 | assertEq(IMockImplementationV2(proxy).implementation(), address(implementationV2)); 501 | } 502 | 503 | /**************************************************************************************************************************************/ 504 | /*** Miscellaneous Tests ***/ 505 | /**************************************************************************************************************************************/ 506 | 507 | function test_composability() external { 508 | MockFactory factory = new MockFactory(); 509 | MockInitializerV1 initializer = new MockInitializerV1(); 510 | MockImplementationV1 implementation = new MockImplementationV1(); 511 | 512 | factory.registerMigrator(1, 1, address(initializer)); 513 | factory.registerImplementation(1, address(implementation)); 514 | 515 | IMockImplementationV1 proxy1 = IMockImplementationV1(factory.newInstance(1, new bytes(0))); 516 | address proxy2 = factory.newInstance(1, new bytes(0)); 517 | 518 | // Change proxy2 values. 519 | IMockImplementationV1(proxy2).setBeta(5959); 520 | 521 | assertEq(proxy1.getAnotherBeta(proxy2), 5959); 522 | 523 | proxy1.setAnotherBeta(proxy2, 8888); 524 | assertEq(proxy1.getAnotherBeta(proxy2), 8888); 525 | 526 | // Ensure proxy1 values have remained as default. 527 | assertEq(proxy1.alpha(), 1111); 528 | assertEq(proxy1.beta(), 1313); 529 | assertEq(proxy1.charlie(), 1717); 530 | assertEq(proxy1.deltaOf(2), 0); 531 | assertEq(proxy1.deltaOf(15), 4747); 532 | 533 | assertEq(proxy1.getLiteral(), 2222); 534 | assertEq(proxy1.getConstant(), 1111); 535 | assertEq(proxy1.getViewable(), 1313); 536 | } 537 | 538 | function test_failureWithNonContractImplementation() external { 539 | MockFactory factory = new MockFactory(); 540 | MaliciousImplementation implementation = new MaliciousImplementation(); 541 | 542 | // Registering malicious implementation 543 | factory.registerImplementation(1, address(implementation)); 544 | 545 | assertEq(factory.implementation(1), address(implementation)); 546 | assertEq(factory.migratorForPath(1, 1), address(0)); 547 | assertEq(factory.versionOf(address(implementation)), 1); 548 | 549 | IMockImplementationV1 proxy = IMockImplementationV1(factory.newInstance(1, new bytes(0))); 550 | 551 | try proxy.alpha() { assertTrue(false, "Proxy didn't revert"); } catch { } 552 | } 553 | 554 | } 555 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | --------------------------------------------------------------------------------