optimism
optimism copied to clipboard
ethereum-optimism
Proposal: Proxy singleton
Introduction
When deploying a new proxy, the owner is set within the constructor. This owner has sole access to upgrade the proxy.
Description
It is impossible for a deployer to atomically initialize proxy storage upon proxy creation if the proxy is designated to be owned by another address (ie. msig). This introduces technical debt for op-stack chains who want to follow upgrades with top notch security.
By design, every proxy is designated to be initialized with an implementation. Therefore, we should be able to create the proxy, set the owner, AND upgrade the proxy within one execution trace.
I propose the team creates a Proxy singleton which creates and initializes the proxy from a single function call. Something like gnosis singleton would probably work.
Reference
https://github.com/ethereum-optimism/optimism/blob/c4078e54f4b5b7e068322ebce10057bf5a8a88ff/packages/contracts-bedrock/src/universal/Proxy.sol#L40-L42
We have been working on a related idea in https://github.com/ethereum-optimism/optimism/pull/9985
This would need to be fully specified in the specs repo before it could be considered for inclusion in the codebase :)
That's great! It would be a real convenience if every set of L1 contracts for a given L2 were deterministic. It would probably help with bridging back to L1 as well.
What I was suggesting is more like this:
function deployProxyAndInitialize(
address _owner,
address _implementation,
bytes memory _data
) returns (Proxy iProxy) {
iProxy = new Proxy(msg.sender);
iProxy.upgradeToAndCall({ _implementation: _implementation, _data: _data });
if (_owner != msg.sender) {
iProxy.changeAdmin(_owner);
}
}
And then there is no risk of a rogue deployer or dangling initialize().
Until foundry offers atomic deployments (https://github.com/foundry-rs/foundry/issues/7452) it would be beneficial to use an alternative method.