Adding EIP 1167 - Minimal Proxy Contract #1167
Conversation
yarrumretep
changed the title
* adding EIP 1154 - Minimal Proxy Contract * Update eip-1154.md * fix email brackets * fix discussions-to email * Update eip-1154.md * renumber to avoid conflict
|
Hey just found this article about a vulnerability in Proxy contracts. Do you know if this is an issue. Im sadly not totally sure what the factory contract exactly does. |
|
@loki-sama - This article refers to issues surrounding upgradable proxy contracts wherein the proxy inspects the selector bytes and dispatches the call differently depending on if the selector is a proxy-local method or a proxy-implementation method (my terminology). In our instance, we specifically prevent this - the proxies themselves are inherently NOT upgradable. They always dispatch every call to the implementation contract which is determined by the Factory at proxy deployment time. This means the proxies can be relied upon to always point to the same implementation code (which, in turn, if the use-case requires, can be upgradable). In short, this implementation does not suffer the same vulnerabilities that an upgradable proxy pattern exposes. |
|
@yarrumretep Thanks, thats good to know! |
|
Here is the final link -> https://eips.ethereum.org/EIPS/eip-1167 |
To simply and cheaply clone contract functionality in an immutable way, we propose to standardize on a minimal bytecode implementation which delegates all calls to a known, fixed address.