search

casper-network / casper-node

Reference client for CASPER protocol
https://casper.network
Apache License 2.0
394 stars 224 forks source link

Upgradable immutable smart contracts. #4510

Open zie1ony opened 10 months ago

zie1ony commented 10 months ago

Casper has upgradable contracts, but only contracts owned by an account can be upgraded. It is mostly undesirable setup, especially if you want to trust the contract. In case of an account-owned contracts, the account can be compromised and new version of contract with malicious code can be deployed. It forces smart contract developers to deploy immutable contracts or use some kind of proxy pattern.

I propose to allow smart contract to upgrade itself. Here is how a simple upgradable DAO could work.

  1. The DAO smart contract is deployed. It holds a list of members and each member has a single vote.
  2. A security researcher finds a bug in the DAO smart contract and reports it to the DAO (over Discord).
  3. DAO members agree to upgrade the contract with the fix. Here is what needs to happen.
  4. In the first step they allow the security researcher to propose a new version of a contract. Through the voting process they have to make the contract to call the host: 
    casper_host::allow_contract_upgrader(Address("0xSecurityResearcher"));
  5. Now that the security researcher is allowed to propose a new version, they build a new code into a WASM file. Then deploy it to the network. The call methods, instead of installing this contract, needs to propose it as a new version of another contract. 
    let upgrade_id = casper_host::propose_contract_upgrade(
   Address("0xDAO"),
   contract_entrypoints,
);
  6. Now the DAO needs to vote one more time to accept the new version. If the vote is successful, then the DAO contract should call the host: 
    casper_host::upgrade(upgrade_id);

Above solution:

More details can be explored, but first I'd like discuss the idea of upgrading immutable contracts in general.

MParlikar commented 10 months ago

Please review the docs for the new Addressable Entity

zie1ony commented 9 months ago

@MParlikar how is this related to self upgrading contracts?