fix(proxy): add zero address validation for proxy parameter

[DeVikingMark]

Description

Adds explicit zero address validation for the proxy parameter in ProxyAdmin.upgradeAndCall() to prevent low-level call failures and provide clearer error messages.

Changes

• Add ProxyAdminInvalidProxy custom error
• Add zero address check for proxy parameter in upgradeAndCall()
• Update function documentation to include the new requirement

[changeset-bot]

⚠️ No Changeset found

Latest commit: d4ad152

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This pull request modifies the ProxyAdmin contract to add input validation for the proxy parameter. A new error type ProxyAdminInvalidProxy is introduced to handle cases where an invalid proxy address is provided. The upgradeAndCall function now includes a defensive check that reverts with this error when the proxy address is the zero address. A guard comment is also added to the upgrade path documentation. The public interface of the contract remains unchanged, with only the new error and validation logic being added.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding zero address validation for the proxy parameter in ProxyAdmin, which aligns perfectly with the changeset.
Description check	✅ Passed	The description is directly related to the changeset, providing clear context about the validation addition, the new error type, and documentation updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a83d9aa and d4ad152.

📒 Files selected for processing (1)

• contracts/proxy/transparent/ProxyAdmin.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Redirect rules - solidity-contracts
• GitHub Check: halmos
• GitHub Check: slither
• GitHub Check: tests
• GitHub Check: tests-upgradeable
• GitHub Check: tests-foundry
• GitHub Check: coverage
• GitHub Check: Header rules - solidity-contracts
• GitHub Check: Pages changed - solidity-contracts

🔇 Additional comments (2)

contracts/proxy/transparent/ProxyAdmin.sol (2)

14-17: LGTM! Well-defined custom error.

The error definition follows OpenZeppelin conventions and provides clear semantics. Including the proxy address parameter aids debugging.

---

40-40: LGTM! Clear requirement documentation.

The documentation accurately reflects the new validation requirement.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

fd -e test.js -e test.ts -e spec.js -e spec.ts | grep -i proxy | head -20

Repository: OpenZeppelin/openzeppelin-contracts

Length of output: 447

---

🏁 Script executed:

rg "ProxyAdminInvalidProxy" --type=js --type=ts -l

Repository: OpenZeppelin/openzeppelin-contracts

Length of output: 61

---

🏁 Script executed:

rg "upgradeAndCall" --type=js --type=ts -l | grep test

Repository: OpenZeppelin/openzeppelin-contracts

Length of output: 120

---

🏁 Script executed:

cat -n test/proxy/transparent/ProxyAdmin.test.js | head -150

Repository: OpenZeppelin/openzeppelin-contracts

Length of output: 3882

---

🏁 Script executed:

rg "upgradeAndCall|ProxyAdminInvalidProxy" test/proxy/transparent/ProxyAdmin.test.js -B 2 -A 5

Repository: OpenZeppelin/openzeppelin-contracts

Length of output: 1802

---

🏁 Script executed:

cat -n contracts/proxy/transparent/ProxyAdmin.sol | sed -n '40,60p'

Repository: OpenZeppelin/openzeppelin-contracts

Length of output: 707

---

🏁 Script executed:

rg "ProxyAdminInvalidProxy" contracts/proxy/transparent/ProxyAdmin.sol -B 2 -A 2

Repository: OpenZeppelin/openzeppelin-contracts

Length of output: 433

---

Add test coverage for zero address validation.

The defensive check is well-implemented, but the test file lacks coverage for the ProxyAdminInvalidProxy error when a zero address is passed. Add a test case to verify that upgradeAndCall reverts with ProxyAdminInvalidProxy when the proxy address is address(0).

🤖 Prompt for AI Agents

In contracts/proxy/transparent/ProxyAdmin.sol around lines 49-51, add a unit
test that calls upgradeAndCall with proxy address set to address(0) and expects
it to revert with the custom error ProxyAdminInvalidProxy; create or update the
ProxyAdmin test (e.g., test/ProxyAdmin.test.ts) to invoke
proxyAdmin.upgradeAndCall(ethers.constants.AddressZero, implAddress, callData)
and assert using Chai/Hardhat helpers: await
expect(<call>).to.be.revertedWithCustomError(proxyAdmin,
"ProxyAdminInvalidProxy").withArgs(ethers.constants.AddressZero), ensuring the
test supplies any needed mocks/fixtures for proxyAdmin and implementation
addresses.