SRC-14 Simple Proxy Standard

FuelLabs · May 21, 2024 · 3a9f4ed · 3a9f4ed
1 parent bd1e8ea
commit 3a9f4ed
Show file tree

Hide file tree

Showing 8 changed files with 184 additions and 0 deletions.
diff --git a/SRCs/src-14.md b/SRCs/src-14.md
@@ -0,0 +1,78 @@
+# Simple Upgradable Proxies
+
+## Abstract
+
+The following proposes a standard for simple upgradable proxies.
+
+## Motivation
+
+We seek to standardize proxy implementation to improve developer experience and enable tooling to automatically deploy or update proxies as needed.
+
+## Prior Art
+
+[This OpenZeppelin blog post](https://blog.openzeppelin.com/the-state-of-smart-contract-upgrades#proxies-and-implementations) is a good survey of the state of the art at this time.
+
+Proxy designs fall into three essential categories:
+1. immutable proxies which are lightweight clones of other contracts but can't change targets
+2. upgradable proxies such as [UUPS](https://eips.ethereum.org/EIPS/eip-1822) which store a target in storage and delegate all calls to it
+3. [Diamonds](https://eips.ethereum.org/EIPS/eip-2535) which are both upgradable and can point to multiple targets on a per method basis
+
+This document falls in the second category. We want to standardize the implementation of simple upgradable passthrough contracts.
+
+The FuelVM provides an `LDC` instruction that is used by Sway's `std::execution::run_external` to provide a similar behavior to EVM's `delegatecall` and execute instructions from another contract while retaining one's own storage context. This is the intended means of implementation of this standard.
+
+## Specification
+
+### Required Behavior
+
+A proxy contract SHOULD maintain the address of its target in its storage and it SHOULD base proxy specific storage fields at `sha256("storage_SRC14")` to avoid collisions with target storage.
+
+The proxy contract MUST delegate any method call not part of its interface to the target contract.
+
+This delegation MUST retain the storage context of the proxy contract.
+
+### Required Public Functions
+
+The following functions MUST be implemented by a proxy contract to follow the SRC-14 standard:
+
+#### `fn set_proxy_address(new_target: ContractId);`
+
+If a valid call is made to this function it MUST change the target of the proxy to the contract at `new_target`.
+This method SHOULD implement access controls such that the target can only be changed by a user that possesses the right permissions (typically the proxy owner).
+
+## Rationale
+
+This standard is meant to provide simple upgradability, it deliberately is minimalistic and does not provide the level of functionality of diamonds.
+
+Unlike in UUPS, this standard requires that the upgrade function is part of the proxy and not its target.
+This prevents irrecoverable updates if a proxy is made to point to another proxy and no longer has access to upgrade logic.
+
+## Backwards Compatibility
+
+SRC-14 is intended to be compatible with SRC-5 and other standards of contract functionality.
+
+As it is the first attempt to standardize proxy implementation, we do not consider interoperability with other proxy standards.
+
+## Security Considerations
+
+Permissioning proxy target changes is the primary consideration here.
+This standard is not opinionated about means of achieving this, use of SRC-5 is recommended.
+
+## Example ABI
+
+```sway
+abi SRC14 {
+    #[storage(write)]
+    fn set_proxy_target(new_target: ContractId);
+}
+```
+
+## Example Implementation
+
+### [Minimal Proxy](../examples/examples/src14-simple-proxy/owned/src/minimal.sw)
+
+Example of a minimal SRC-14 implementation with no access control.
+
+### [Owned Proxy](../examples/examples/src14-simple-proxy/owned/src/owned.sw)
+
+Example of a SRC-14 implementation that also implements SRC-5.
diff --git a/examples/Forc.toml b/examples/Forc.toml
@@ -13,6 +13,8 @@ members = [
   "src11-security-information/variable-information",
   "src12-contract-factory/with_configurables",
   "src12-contract-factory/without_configurables",
+  "src14-simple-proxy/owned",
+  "src14-simple-proxy/minimal",
   "src20-native-asset/single_asset",
   "src20-native-asset/multi_asset",
 ]
diff --git a/examples/src14-simple-proxy/minimal/Forc.toml b/examples/src14-simple-proxy/minimal/Forc.toml
@@ -0,0 +1,8 @@
+[project]
+authors = ["Fuel Labs <contact@fuel.sh>"]
+entry = "minimal.sw"
+license = "Apache-2.0"
+name = "minimal_src14"
+
+[dependencies]
+standards = { path = "../../../standards" }
diff --git a/examples/src14-simple-proxy/minimal/src/minimal.sw b/examples/src14-simple-proxy/minimal/src/minimal.sw
@@ -0,0 +1,25 @@
+contract;
+
+use std::execution::run_external;
+use std::constants::ZERO_B256;
+use standards::src14::SRC14;
+
+// use sha256("storage_SRC14") as base to avoid collisions
+#[namespace(SRC14)]
+storage {
+    target: ContractId = ContractId::from(ZERO_B256),
+}
+
+impl SRC14 for Contract {
+    #[storage(write)]
+    fn set_proxy_target(new_target: ContractId) {
+        storage.target.write(new_target);
+    }
+}
+
+#[fallback]
+#[storage(read)]
+fn fallback() {
+    // pass through any other method call to the target
+    run_external(storage.target.read())
+}
diff --git a/examples/src14-simple-proxy/owned/Forc.toml b/examples/src14-simple-proxy/owned/Forc.toml
@@ -0,0 +1,8 @@
+[project]
+authors = ["Fuel Labs <contact@fuel.sh>"]
+entry = "owned.sw"
+license = "Apache-2.0"
+name = "owned_src14"
+
+[dependencies]
+standards = { path = "../../../standards" }
diff --git a/examples/src14-simple-proxy/owned/src/owned.sw b/examples/src14-simple-proxy/owned/src/owned.sw
@@ -0,0 +1,43 @@
+contract;
+
+use std::execution::run_external;
+use std::constants::ZERO_B256;
+use standards::src5::{AccessError, SRC5, State};
+use standards::src14::SRC14;
+
+/// The owner of this contract at deployment.
+const INITIAL_OWNER: Identity = Identity::Address(Address::from(ZERO_B256));
+
+// use sha256("storage_SRC14") as base to avoid collisions
+#[namespace(SRC14)]
+storage {
+    target: ContractId = ContractId::from(ZERO_B256),
+    owner: State = State::Initialized(INITIAL_OWNER),
+}
+
+impl SRC5 for Contract {
+    #[storage(read)]
+    fn owner() -> State {
+        storage.owner.read()
+    }
+}
+
+impl SRC14 for Contract {
+    #[storage(write)]
+    fn set_proxy_target(new_target: ContractId) {
+        only_owner();
+        storage.target.write(new_target);
+    }
+}
+
+#[fallback]
+#[storage(read)]
+fn fallback() {
+    // pass through any other method call to the target
+    run_external(storage.target.read())
+}
+
+#[storage(read)]
+fn only_owner() {
+    require(storage.owner.read() == State::Initialized(msg_sender().unwrap()), AccessError::NotOwner);
+}
diff --git a/standards/src/src14.sw b/standards/src/src14.sw
@@ -0,0 +1,19 @@
+library;
+
+abi SRC14 {
+    /// Change the target address of a proxy contract.
+    ///
+    /// # Examples
+    ///
+    /// ```sway
+    /// use src14::SRC14;
+    ///
+    /// fn foo(contract: ContractId) {
+    ///     let contract_abi = abi(SRC14, contract);
+    ///     let new_target = ContractId::from(0x4a778acfad1abc155a009dc976d2cf0db6197d3d360194d74b1fb92b96986b00);
+    ///     contract_abi.set_proxy_target(new_target);
+    /// }
+    /// ```
+    #[storage(write)]
+    fn set_proxy_target(new_target: ContractId);
+}
diff --git a/standards/src/standards.sw b/standards/src/standards.sw
@@ -7,4 +7,5 @@ pub mod src7;
 pub mod src10;
 pub mod src11;
 pub mod src12;
+pub mod src14;
 pub mod src20;