eip | title | author | discussions-to | status | type | category | created | requires |
---|---|---|---|---|---|---|---|---|
2470 |
Singleton Factory |
Ricardo Guilherme Schmidt (@3esmit) |
Draft |
Standards Track |
ERC |
15-01-2020 |
1014 |
Some DApps needs one, and only one, instance of an contract, which have the same address on any chain.
A permissionless factory for deploy of keyless deterministic contracts addresses based on its bytecode.
Some contracts are designed to be Singletons which have the same address no matter what chain they are, which means that should exist one instance for all, such as EIP-1820 and EIP-2429. These contracts are usually deployed using a method known as Nick's method, so anyone can deploy those contracts on any chain and they have a deterministic address. This standard proposes the creation of a CREATE2 factory using this method, so other projects requiring this feature can use this factory in any chain with the same setup, even in development chains.
Code reuse, using the factory becomes easier to deploy singletons.
This is an exact copy of the code of the [ERC2470 factory smart contract].
pragma solidity 0.5.11;
/**
* @author Ricardo Guilherme Schmidt (Status Research & Development GmbH)
* @notice Singleton Factory (ERC-2470) deploys deterministic addresses based on it's initialization code.
*/
contract SingletonFactory {
/**
* @notice Deploys a deterministic address based on `_initCode` and `_salt`.
* @param _initCode Initialization code.
* @param _salt Arbitrary value to modify resulting address.
* @return Created contract address.
*/
function deploy(bytes memory _initCode, bytes32 _salt)
public
returns (address payable createdContract)
{
assembly {
createdContract := create2(0, add(_initCode, 0x20), mload(_initCode), _salt)
}
}
}
// IV is value needed to have a vanity address starting with '0x2470'.
// IV: 3018
Below is the raw transaction which MUST be used to deploy the smart contract on any chain.
0xf901a68085174876e8008303c4d88080b90153608060405234801561001057600080fd5b50610133806100206000396000f3fe6080604052348015600f57600080fd5b506004361060285760003560e01c80634af63f0214602d575b600080fd5b60cf60048036036040811015604157600080fd5b810190602081018135640100000000811115605b57600080fd5b820183602082011115606c57600080fd5b80359060200191846001830284011164010000000083111715608d57600080fd5b91908080601f016020809104026020016040519081016040528093929190818152602001838380828437600092019190915250929550509135925060eb915050565b604080516001600160a01b039092168252519081900360200190f35b6000818351602085016000f5939250505056fea265627a7a7231582057d7c8776504dcff64cdcb49ff22c25a9a181f5b8e97f6c14166d4cb5bdfb7b164736f6c634300050b00321ba02470000000000000000000000000000000000000000000000000000000002470a02470000000000000000000000000000000000000000000000000000000002470
The strings of 2470
's at the end of the transaction are the r
and s
of the signature.
From this deterministic pattern (generated by a human), anyone can deduce that no one knows the private key for the deployment account.
This contract is going to be deployed using the keyless deployment method---also known as Nick's method---which relies on a single-use address. (See Nick's article for more details). This method works as follows:
- Generate a transaction which deploys the contract from a new random account.
- This transaction MUST NOT use EIP-155 in order to work on any chain.
- This transaction MUST have a relatively high gas price to be deployed on any chain. In this case, it is going to be 100 Gwei.
-
Set the
v
,r
,s
of the transaction signature to the following values:v: 27, r: '0x2470000000000000000000000000000000000000000000000000000000002470', s: '0x2470000000000000000000000000000000000000000000000000000000002470'
Those
r
ands
values---made of starting and ending2470
's---are obviously a human determined value, instead of a real signature. -
We recover the sender of this transaction, i.e., the single-use deployment account.
Thus we obtain an account that can broadcast that transaction, but we also have the warranty that nobody knows the private key of that account.
-
Send exactly 0.0247 ether to this single-use deployment account.
-
Broadcast the deployment transaction.
The resulting transaction hash is 0x7f44bb65a023b6aa73a66578e03fc0cf60e2d7caf0ce7517787ad9a354a2124e
.
This operation can be done on any chain, guaranteeing that the contract address is always the same and nobody can use that address with a different contract.
0xd00029A1632C5A2AE9C5433E1B9674E1F2E8d606
This account is generated by reverse engineering it from its signature for the transaction. This way no one knows the private key, but it is known that it is the valid signer of the deployment transaction.
To deploy the registry, 0.0247 ether MUST be sent to this account first.
0x247087a9061f30de86a9E63B68B4e7d8ebf4A51a
The contract has the address above for every chain on which it is deployed.
[
{
"constant": false,
"inputs": [
{
"internalType": "bytes",
"name": "_initCode",
"type": "bytes"
},
{
"internalType": "bytes32",
"name": "_salt",
"type": "bytes32"
}
],
"name": "deploy",
"outputs": [
{
"internalType": "address payable",
"name": "createdContract",
"type": "address"
}
],
"payable": false,
"stateMutability": "nonpayable",
"type": "function"
}
]
SingletonFactory does not allow sending value on create2, this was done to prevent different results on the created object.
SingletonFactory allows user defined salt to facilitate the creation of vanity addresses for other projects. If vanity address is not necessary, salt bytes(0)
should be used.
Contracts that are constructed by the SingletonFactory MUST not use msg.sender
in their constructor, all variables must came through initialization data. This is intetional, as if allowing a callback after creation to aid initialization state would lead to contracts with same address (but different chains) to have the same address but different initial state.
The resulting address can be calculated in chain by any contract using this formula: address(keccak256(bytes1(0xff), 0x247087a9061f30de86a9E63B68B4e7d8ebf4A51a, _salt, keccak256(_code)) << 96)
or in javascript using https://github.com/ethereumjs/ethereumjs-util/blob/master/docs/README.md#const-generateaddress2.
Does not apply as there are no past versions of Singleton Factory being used.
TBD
https://github.com/3esmit/ERC2470
Some contracts can possibly not support being deployed on any chain, or require a different address per chain, that can be safely done by using comparison in EIP-1344 in constructor.
Account contracts are singletons in the point of view of each user, when wallets want to signal what chain id is intended, EIP-1191 should be used.
Contracts deployed on factory must not use msg.sender
in constructor, instead use constructor parameters, otherwise the factory would end up being the controller/only owner of those.
Copyright and related rights waived via CC0.