foundry icon indicating copy to clipboard operation
foundry copied to clipboard

Published 20 hours ago verified publisher icon foundry-rs

CREATE2 assumptions broken - forge build generates a different bytecode for a contract if a new foundry library is installed

Open 0xTimepunk opened this issue 9 months ago • 2 comments

Component

Forge

Have you ensured that all of these are up to date?

  • [X] Foundry
  • [X] Foundryup

What version of Foundry are you on?

forge 0.2.0 (f0d9eec 2024-04-30T00:16:44.393198000Z)

What command(s) is the bug in?

forge build

Operating System

macOS (Apple Silicon)

Describe the bug

As the title describes, CREATE2 same argument assumptions are broken if, over time, new foundry libraries are added to the repository via forge install.

Forge build generates a different bytecode for a contract if a new foundry library is installed and even if the library is not used. For example:

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.23;

import { IVaultClaimer } from "./interfaces/IVaultClaimer.sol";

/// @title VaultClaimer
/// @author Zeropoint Labs
contract VaultClaimer is IVaultClaimer {
    //////////////////////////////////////////////////////////////
    //                      EXTERNAL FUNCTIONS                  //
    //////////////////////////////////////////////////////////////

    /// @inheritdoc IVaultClaimer
    function claimProtocolOwnership(string calldata protocolId_) external override {
        emit Claimed(msg.sender, protocolId_);
    }
}

Do: 1- forge build 2- take note of the bytecode 3- Do forge install ANY_LIBRARY_HERE 4- run forge build again 5- compare the new bytecode with 2. using https://en.rakko.tools/tools/7/ and realise the difference

The impact of this is that, if we want to deploy the same set of contracts in a new chain with create2 different addresses will be provided, because a new foundry library was installed in between the initial deployment and the new deployment (even if the library is only used for script or test purposes and not used in the contract)

Instead, foundry should not hardcode all the remappings /libraries in the compiled metadata (which gets reflected in the bytecode) - it should remain agnostic to it

0xTimepunk avatar May 01 '24 08:05 0xTimepunk

@mattsse @Evalir anyone?

0xTimepunk avatar May 02 '24 09:05 0xTimepunk

Metadata is heavily dependent on the environment. I'm guessing here it's probably the automatic remappings.

If you don't want this to happen set the remappings explicitly or disable metadata with cbor_metadata = false.

DaniPopes avatar May 02 '24 09:05 DaniPopes

most likely remappings you can disable remapping autodetection with autodetect_remappings = false

mattsse avatar May 02 '24 18:05 mattsse

Could turn off metdata with bytecode_hash = 'none', that way you preserve the solc version which is controlled by the CBOR metadata

mds1 avatar May 02 '24 19:05 mds1

most likely remappings you can disable remapping autodetection with autodetect_remappings = false

doing this + hardcoding original remappings and importing the new library directly from lib/ works

thanks

0xTimepunk avatar May 03 '24 15:05 0xTimepunk