Smart contracts are vulnerable to attacks - bugs in contracts, loopholes in the user's wallet, or negligence in settings can all lead to attacks. If you use smart contracts, you must have a contingency plan in place, in most cases the only solution that works is to deploy a new smart contract instance and migrate all data to that instance.
If you plan to develop upgradeable smart contracts, the biggest risk to the migration process will be in the process of upgrading the mechanism.
1. You need smart contract migration
Even for smart contracts without any vulnerabilities, users can have their private keys stolen due to the loss of their private keys. In this type of attack, even if the smart contract has an upgradeable mechanism, it may not be possible to repair the deployed smart contract, so a new instance of the contract needs to be deployed and properly initialized in order to restore functionality for the user, all developers must be in the smart contract Migration capabilities are integrated at the design stage, and compromises must be prepared for migration.
Migration has two steps:
1) Restore the data to be migrated
2) Write the data to the new contract
Let's look at the details, costs and operational consequences.
2. How to perform the migration
Step 1: Data Recovery
Data needs to be read from a specific block in the blockchain, and in the case of recovery from an event (hack or failure), an action to block or filter the attacker before the event occurs.
If possible, suspend the contract first, which is more transparent to users and prevents hackers from attacking users who do not understand migration.
Data recovery will depend on your data structure:
For simple types of public variables (such as uint or address), retrieving the value through the getter is trivial. For private variables, you can rely on events, or you can calculate the memory offset of the variable and retrieve it using the getStorageAt function. Arrays are also easy to recover since the number of elements is known.
The situation is a bit more complicated with maps, where the keys of the map are not stored and need to be restored to access the values. To simplify offline tracking, we recommend emitting events when values ​​are stored in the map.
For ERC20 smart contracts, a list of all holders can be found by tracking the address of the transfer event, a process that is difficult.
We have prepared two solutions to help you:
In the first, the blockchain can be scanned and the holders can be retrieved by itself; in the second, the Google BigTable archive exposed by the Ethereum blockchain can be relied on.
If you are not familiar with the web3 API to extract information from the blockchain, you can use ethereum-etl, which provides a set of scripts to simplify data extraction.
If you don't have a synchronized blockchain, you can use the Google BigQuery API. Figure 1 shows how to collect all addresses for a given token via BigQuery:
Figure 1: Using Google BigQuery to recover all Transfer events for the token at address 0x41424344
BigQuery provides access to block numbers, so this query can be tuned to return transactions to a specific block.
Once all holders' addresses have been restored, the balanceOf function can be queried offline to restore the balances associated with each holder. Filter accounts with empty balances.
Now that we know how to retrieve the data to migrate, we can write the data to the new contract.
Step 2: Data Write
Once the data is collected, it is time to create a new smart contract.
For simple variables, the value can be set through the smart contract's constructor.
If the data cannot be kept in a single, the situation is slightly more complicated and expensive. Each transaction is contained in a block that limits the total amount of gas its transactions can use (the so-called "Gas Limit"). If the gas cost of a transaction approaches or exceeds this limit, miners will not pack any more. Therefore, if a large amount of data is to be migrated, the migration must be split into multiple tasks.
The solution is to add initialization state in the smart contract, only the owner can change the state variable, the user can't do anything.
For ERC20 tokens, the process will take the following steps:
1) deploy the contract in the initialized state,
2) Migration balance,
3) Transfer the state of the contract to the production state.
4) The initialization state can be implemented using the Pausable function and a boolean value indicating the initialization state.
To reduce costs, the migration of balances can be implemented using the bulk transfer feature, which allows you to set up multiple accounts in a single transaction:
When migrating contracts, two main problems arise:
Migration costs and any impact on exchanges.
3. Migration costs
Recovery of data is done off-chain and therefore free. Ethereum-etl can be used locally. Google's BigQuery API offers enough free credits to pay for its use.
However, each transaction sent to the network and each byte stored by the new contract has a cost.
Using the batchTransfer function of Figure 2, the cost of transferring 200 accounts is about 2.4M gas, and the average gas price (10 Gwei) is $5.04 (ETH in today's prices). Roughly speaking, it costs $0.025 to migrate one piece of data.
If we look at the number of holders of the top five ERC20 tokens by market cap:
4. Exchange
Deploying new contracts may have operational implications. For token-based contracts, it is important to work with the exchange during migration to ensure that new contracts will be listed and previous contracts will be discarded.
Fortunately, the preceding logo migration event suggests that exchanges have the potential to collaborate.
Smart Contract Migration and Upgradable Smart Contracts
Upgradable contracts have several disadvantages:
· Requires detailed EVM and Solidity expertise, and delegated call-based proxies require developers to master EVM and Solidity.
Increased complexity and code size, making contracts harder to review and more likely to have bugs and security issues.
Increased the number of keys to be processed, the contract will require multiple authorized users (owner, upgrader). The more authorized users, the larger the attack surface.
Increased gas fees per transaction. The contract becomes more competitive than the same version without the upgrade mechanism.
· They encourage problem solving after deployment. If developers know the contract cannot be easily updated, they tend to test and review the contract more thoroughly.
· They reduce the user's trust in the contract. Users need to trust the owner of the contract, which prevents a truly decentralized system.
· Contracts should have upgradability mechanisms only if there are strong arguments, such as:
· Contracts need to be updated frequently. If the contract is to be modified regularly, the cost of periodic migration may be high enough to justify the upgradeability mechanism.
· The contract requires a fixed address. Migration of contracts requires the use of new addresses, which may break interactions with third parties (such as interactions with other contracts).
Contract migration realizes the benefits of the upgrade with few disadvantages. The main advantage of upgrading over migration is that it is less expensive to upgrade. However, this cost does not justify all the drawbacks.
5. Tips
Prepare the migration process before contract deployment, use events to facilitate data tracking.
If you are buying an upgradeable version of your contract, you must also prepare a migration procedure, as your keys could be compromised, or your contract could be subject to erroneous and irreversible manipulation.
Smart contracts have brought new models of development, and their immutability requires users to rethink the way they build applications and requires a thorough design and development process.
Cable Joint Kit,Jointing Kit,Waterproof Cable Joint,Underground Cable Joint
Changshu Herun Import & Export Co.,Ltd , https://www.herunchina.com