hiveblocks前不久研究了下重入攻击的玩法,里面有个重要的特性:**合约的fallback()函数。** fallback是合约的底层函数,在没有其它函数匹配的情况下会执行。这个特性导致了重入的风险性,但在另一方面,合约的升级性也会用到这一特性。这充分体现了一物的两面性:是好是坏取决于你!
由于区块链不可篡改性,合约如果有漏洞就很难更改!那么,怎么才能安全地升级合约呢?这里要用到一种解藕的想法。把一个合约分成:代理、数据和逻辑三部分,通常要升级的也就是逻辑部分,其它不受影响,如下图所示:
我们来看下具体实现:
```js
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
//定义数据合约
contract storageStructure {
//记录球员和分数
address public implementation;//逻辑合约地址
mapping(address=>uint256) public points;
address public owner;
}
//定义逻辑合约
contract implementationV1 is storageStructure {
modifier onlyowner() {
require(msg.sender == owner, "only owner can do");
_;
}
//增加球员和分数
function addPlayer(address player, uint256 point) public onlyowner {
require(points[player] == 0, "player already exists");
points[player] = point;
}
//修改球员和分数
function setPlayer(address player, uint256 point) public onlyowner {
require(points[player] != 0, "player must already exists");
points[player] = point;
}
}
//代理合约 代理合约调用逻辑合约的逻辑去修改本身(代理合约)的数据
contract proxy is storageStructure {
modifier onlyowner() {
require(msg.sender == owner, "only owner can call");
_;
}
constructor() {
owner = msg.sender;
}
//更新逻辑合约的地址
function setImpl(address _impl) public onlyowner {
implementation = _impl;
}
//fallback函数 调用逻辑合约中的函数,在本地(代理合约)执行
fallback() external {
address impl = implementation; //逻辑合约的地址
require(impl != address(0), "implementation must exists");
//底层调用
assembly {
//调用delegateccall
let ptr := mload(0x40)
calldatacopy(ptr, 0, calldatasize())
//delegatecall(g, a, in, insize, out, outsize)
let result := delegatecall(gas(), impl, ptr, calldatasize(), 0, 0)
let size := returndatasize()
//returndatacopy(t, f, s)
returndatacopy(ptr, 0, size)
switch result
case 0 { revert(ptr, size) }
default { return(ptr, size) }
}
}
}
```
可以看出,里面最核心的就是`assembly中调用delegateccall`。`assembly`属于汇编的写法,是比较底层的语法(yul),不太好理解。我们大概可以理解整个地调用过程:用户调用代理合约,代理合约调用逻辑合约修改本身的数据。**如果需要升级,代理合约调用逻辑合约时就可以指向新的逻辑合约即可!**
```js
//逻辑合约升级
contract implementationV2 is implementationV1 {
function addPlayer(address player, uint256 point) override public onlyowner virtual {
require(points[player] == 0, "player already exists");
points[player] = point;
totalPlayers ++;
}
}
```
升级合约差不多就是个解藕的思路,分成三个部分,把需要升级的部分单独更改升级就可以啰!| author | lemooljiang |
|---|---|
| permlink | tnza9jgp |
| category | hive-105017 |
| json_metadata | {"tags":["smartcontract","cn","eth","implementation","assembly","proxy","solidity"],"dapp":"larkBlog","format":"markdown"} |
| created | 2022-10-30 09:46:27 |
| last_update | 2022-10-30 09:46:27 |
| depth | 0 |
| children | 1 |
| last_payout | 2022-11-06 09:46:27 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.290 HBD |
| curator_payout_value | 0.285 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 2,819 |
| author_reputation | 378,459,582,201,132 |
| root_title | "代理升级模式 / 学习智能合约#61" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 117,904,149 |
| net_rshares | 902,162,845,784 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| lemooljiang | 0 | 8,685,259,573 | 100% | ||
| dapeng | 0 | 93,740,501,623 | 100% | ||
| lucknie | 0 | 137,032,273 | 100% | ||
| dumping | 0 | 104,149,346 | 100% | ||
| laodr | 0 | 3,633,344,869 | 100% | ||
| htliao | 0 | 5,328,608,757 | 35% | ||
| alphacore | 0 | 2,310,969,862 | 2.01% | ||
| catwomanteresa | 0 | 167,583,034,312 | 50% | ||
| liangfengyouren | 0 | 3,388,665,409 | 50% | ||
| aafeng | 0 | 281,034,518,647 | 35% | ||
| tvb | 0 | 6,366,364,887 | 50% | ||
| karja | 0 | 3,967,251,354 | 10% | ||
| kimzwarch | 0 | 14,957,124,897 | 4% | ||
| yellowbird | 0 | 2,244,279,216 | 100% | ||
| blc | 0 | 4,292,722,495 | 100% | ||
| metten | 0 | 130,311,676 | 100% | ||
| cn-book | 0 | 390,092,891 | 100% | ||
| cn-movie | 0 | 185,442,088 | 100% | ||
| vivia | 0 | 705,296,651 | 100% | ||
| weisheng167388 | 0 | 11,727,953,460 | 100% | ||
| xiaoli | 0 | 444,364,735 | 100% | ||
| archisteem | 0 | 1,256,488,023 | 7.5% | ||
| ibook-ishare | 0 | 846,215,805 | 100% | ||
| gemstone-puppy | 0 | 577,884,209 | 100% | ||
| julian2013 | 0 | 45,293,323,322 | 50% | ||
| pet.society | 0 | 14,202,267,033 | 6% | ||
| marygong77777 | 0 | 13,986,012,680 | 100% | ||
| starnote | 0 | 325,558,100 | 100% | ||
| moochain.net | 0 | 327,962,702 | 100% | ||
| ilark | 0 | 213,989,844,889 | 100% |
👍👍
| author | marygong77777 |
|---|---|
| permlink | re-lemooljiang-20221030t185458522z |
| category | hive-105017 |
| json_metadata | {"tags":["hive-105017","smartcontract","cn","eth","implementation","assembly","proxy","solidity"],"app":"ecency/3.0.34-mobile","format":"markdown+html"} |
| created | 2022-10-30 10:55:03 |
| last_update | 2022-10-30 10:55:18 |
| depth | 1 |
| children | 0 |
| last_payout | 2022-11-06 10:55:03 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 2 |
| author_reputation | 205,730,515,670,751 |
| root_title | "代理升级模式 / 学习智能合约#61" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 117,905,074 |
| net_rshares | 0 |