Skip to content

feat(gateway-contracts): introduce EmptyProxyUpgradeable for deployment behind empty proxies #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
isaacdecoded merged 2 commits into from
Jun 16, 2025
Merged

feat(gateway-contracts): introduce EmptyProxyUpgradeable for deployment behind empty proxies #279

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0bff169
feat(gateway-contracts): introduce EmptyProxyUpgradeable for deployme…
isaacdecoded Jun 13, 2025
7db6262
refactor(gateway-contracts): rename UUPSUpgradeableEmptyProxy abstrac…
isaacdecoded Jun 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions gateway-contracts/contracts/CiphertextCommits.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ import { gatewayConfigAddress } from "../addresses/GatewayConfigAddress.sol";
import { kmsManagementAddress } from "../addresses/KmsManagementAddress.sol";
import { Ownable2StepUpgradeable } from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import "./interfaces/ICiphertextCommits.sol";
import "./interfaces/IGatewayConfig.sol";
import "./interfaces/IKmsManagement.sol";
import "./shared/UUPSUpgradeableEmptyProxy.sol";
import "./shared/GatewayConfigChecks.sol";
import "./shared/Pausable.sol";
import "./libraries/HandleOps.sol";
Expand All @@ -19,7 +19,7 @@ import "./libraries/HandleOps.sol";
contract CiphertextCommits is
ICiphertextCommits,
Ownable2StepUpgradeable,
UUPSUpgradeable,
UUPSUpgradeableEmptyProxy,
GatewayConfigChecks,
Pausable
{
Expand Down Expand Up @@ -77,7 +77,7 @@ contract CiphertextCommits is
* @dev This function needs to be public in order to be called by the UUPS proxy.
*/
/// @custom:oz-upgrades-validate-as-initializer
function initializeFromEmptyProxy() public virtual reinitializer(2) {
function initializeFromEmptyProxy() public virtual onlyFromEmptyProxy reinitializer(2) {
__Ownable_init(owner());
__Pausable_init();
}
Expand Down
6 changes: 3 additions & 3 deletions gateway-contracts/contracts/Decryption.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ import { gatewayConfigAddress } from "../addresses/GatewayConfigAddress.sol";
import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import { EIP712Upgradeable } from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
import { Ownable2StepUpgradeable } from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
import "./interfaces/IGatewayConfig.sol";
import "./interfaces/IMultichainAcl.sol";
import "./interfaces/ICiphertextCommits.sol";
import "./shared/UUPSUpgradeableEmptyProxy.sol";
import "./shared/GatewayConfigChecks.sol";
import "./shared/FheType.sol";
import "./shared/Pausable.sol";
Expand All @@ -23,7 +23,7 @@ contract Decryption is
IDecryption,
EIP712Upgradeable,
Ownable2StepUpgradeable,
UUPSUpgradeable,
UUPSUpgradeableEmptyProxy,
GatewayConfigChecks,
Pausable
{
Expand Down Expand Up @@ -200,7 +200,7 @@ contract Decryption is
/// @dev Contract name and version for EIP712 signature validation are defined here
/// @dev This function needs to be public in order to be called by the UUPS proxy.
/// @custom:oz-upgrades-validate-as-initializer
function initializeFromEmptyProxy() public virtual reinitializer(2) {
function initializeFromEmptyProxy() public virtual onlyFromEmptyProxy reinitializer(2) {
__EIP712_init(CONTRACT_NAME, "1");
__Ownable_init(owner());
__Pausable_init();
Expand Down
8 changes: 4 additions & 4 deletions gateway-contracts/contracts/GatewayConfig.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
// SPDX-License-Identifier: BSD-3-Clause-Clear
pragma solidity ^0.8.24;

import "./interfaces/IGatewayConfig.sol";
import { Ownable2StepUpgradeable } from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
import "./interfaces/IGatewayConfig.sol";
import "./shared/UUPSUpgradeableEmptyProxy.sol";
import "./shared/Pausable.sol";

/**
Expand All @@ -13,7 +13,7 @@ import "./shared/Pausable.sol";
* @dev Add/remove methods will be added in the future for KMS nodes, coprocessors and host chains.
* @dev See https://github.com/zama-ai/fhevm-gateway/issues/98 for more details.
*/
contract GatewayConfig is IGatewayConfig, Ownable2StepUpgradeable, UUPSUpgradeable, Pausable {
contract GatewayConfig is IGatewayConfig, Ownable2StepUpgradeable, UUPSUpgradeableEmptyProxy, Pausable {
/// @notice The maximum chain ID.
uint256 internal constant MAX_CHAIN_ID = type(uint64).max;

Expand Down Expand Up @@ -93,7 +93,7 @@ contract GatewayConfig is IGatewayConfig, Ownable2StepUpgradeable, UUPSUpgradeab
uint256 initialUserDecryptionThreshold,
KmsNode[] memory initialKmsNodes,
Coprocessor[] memory initialCoprocessors
) public virtual reinitializer(2) {
) public virtual onlyFromEmptyProxy reinitializer(2) {
__Ownable_init(owner());
__Pausable_init();

Expand Down
6 changes: 3 additions & 3 deletions gateway-contracts/contracts/InputVerification.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ import { gatewayConfigAddress } from "../addresses/GatewayConfigAddress.sol";
import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import { EIP712Upgradeable } from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
import { Ownable2StepUpgradeable } from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
import "./interfaces/IInputVerification.sol";
import "./interfaces/IGatewayConfig.sol";
import "./shared/UUPSUpgradeableEmptyProxy.sol";
import "./shared/GatewayConfigChecks.sol";
import "./shared/Pausable.sol";

Expand All @@ -20,7 +20,7 @@ contract InputVerification is
IInputVerification,
EIP712Upgradeable,
Ownable2StepUpgradeable,
UUPSUpgradeable,
UUPSUpgradeableEmptyProxy,
GatewayConfigChecks,
Pausable
{
Expand Down Expand Up @@ -104,7 +104,7 @@ contract InputVerification is
/// @dev Contract name and version for EIP712 signature validation are defined here
/// @dev This function needs to be public in order to be called by the UUPS proxy.
/// @custom:oz-upgrades-validate-as-initializer
function initializeFromEmptyProxy() public virtual reinitializer(2) {
function initializeFromEmptyProxy() public virtual onlyFromEmptyProxy reinitializer(2) {
__EIP712_init(CONTRACT_NAME, "1");
__Ownable_init(owner());
__Pausable_init();
Expand Down
12 changes: 9 additions & 3 deletions gateway-contracts/contracts/KmsManagement.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,22 @@ import "./interfaces/IKmsManagement.sol";
import "./interfaces/IGatewayConfig.sol";
import { gatewayConfigAddress } from "../addresses/GatewayConfigAddress.sol";
import { Ownable2StepUpgradeable } from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
import "./shared/UUPSUpgradeableEmptyProxy.sol";
import "./shared/GatewayConfigChecks.sol";
import "./shared/Pausable.sol";

/// @title KMS Management contract
/// @dev TODO: This contract is neither used nor up-to-date. It will be reworked in the future.
/// @dev See https://github.com/zama-ai/fhevm-gateway/issues/108
/// @dev See {IKmsManagement}.
contract KmsManagement is IKmsManagement, Ownable2StepUpgradeable, UUPSUpgradeable, GatewayConfigChecks, Pausable {
contract KmsManagement is
IKmsManagement,
Ownable2StepUpgradeable,
UUPSUpgradeableEmptyProxy,
GatewayConfigChecks,
Pausable
{
/// @notice The address of the GatewayConfig contract for protocol state calls.
IGatewayConfig private constant GATEWAY_CONFIG = IGatewayConfig(gatewayConfigAddress);

Expand Down Expand Up @@ -125,7 +131,7 @@ contract KmsManagement is IKmsManagement, Ownable2StepUpgradeable, UUPSUpgradeab
function initializeFromEmptyProxy(
string memory fheParamsName,
bytes32 fheParamsDigest
) public virtual reinitializer(2) {
) public virtual onlyFromEmptyProxy reinitializer(2) {
__Ownable_init(owner());
__Pausable_init();

Expand Down
12 changes: 9 additions & 3 deletions gateway-contracts/contracts/MultichainAcl.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,22 @@ pragma solidity ^0.8.24;
import { gatewayConfigAddress } from "../addresses/GatewayConfigAddress.sol";
import { Ownable2StepUpgradeable } from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import "./interfaces/IMultichainAcl.sol";
import "./interfaces/ICiphertextCommits.sol";
import "./interfaces/IGatewayConfig.sol";
import "./shared/UUPSUpgradeableEmptyProxy.sol";
import "./shared/GatewayConfigChecks.sol";
import "./shared/Pausable.sol";

/// @title MultichainAcl smart contract
/// @dev See {IMultichainAcl}
contract MultichainAcl is IMultichainAcl, Ownable2StepUpgradeable, UUPSUpgradeable, GatewayConfigChecks, Pausable {
contract MultichainAcl is
IMultichainAcl,
Ownable2StepUpgradeable,
UUPSUpgradeableEmptyProxy,
GatewayConfigChecks,
Pausable
{
/// @notice The address of the GatewayConfig contract for protocol state calls.
IGatewayConfig private constant GATEWAY_CONFIG = IGatewayConfig(gatewayConfigAddress);

Expand Down Expand Up @@ -78,7 +84,7 @@ contract MultichainAcl is IMultichainAcl, Ownable2StepUpgradeable, UUPSUpgradeab
/// @notice Initializes the contract.
/// @dev This function needs to be public in order to be called by the UUPS proxy.
/// @custom:oz-upgrades-validate-as-initializer
function initializeFromEmptyProxy() public virtual reinitializer(2) {
function initializeFromEmptyProxy() public virtual onlyFromEmptyProxy reinitializer(2) {
__Ownable_init(owner());
__Pausable_init();
}
Expand Down
25 changes: 25 additions & 0 deletions gateway-contracts/contracts/shared/UUPSUpgradeableEmptyProxy.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
// SPDX-License-Identifier: BSD-3-Clause-Clear
pragma solidity ^0.8.24;

import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";

/**
* @title UUPSUpgradeableEmptyProxy
* @dev Abstract base contract for upgradeable contracts that are intended to be deployed behind
* empty proxies. This contract provides a modifier that ensures functions can only be called
* during the first initialization phase (i.e., when initialized version is 1), enforcing
* correct deployment from an empty proxy using the UUPSUpgradeable pattern.
*
* Inheriting contracts should use the `onlyFromEmptyProxy` modifier to protect initialization logic
* that must not run on upgrades or reinitializations.
*/
abstract contract UUPSUpgradeableEmptyProxy is UUPSUpgradeable {
error NotInitializingFromEmptyProxy();

modifier onlyFromEmptyProxy() {
if (_getInitializedVersion() != 1) {
revert NotInitializingFromEmptyProxy();
}
_;
}
}
114 changes: 109 additions & 5 deletions gateway-contracts/rust_bindings/src/ciphertextcommits.rs
View file
Open in desktop

Large diffs are not rendered by default.

114 changes: 109 additions & 5 deletions gateway-contracts/rust_bindings/src/decryption.rs
View file
Open in desktop

Large diffs are not rendered by default.

114 changes: 109 additions & 5 deletions gateway-contracts/rust_bindings/src/gatewayconfig.rs
View file
Open in desktop

Large diffs are not rendered by default.

114 changes: 109 additions & 5 deletions gateway-contracts/rust_bindings/src/inputverification.rs
View file
Open in desktop

Large diffs are not rendered by default.

114 changes: 109 additions & 5 deletions gateway-contracts/rust_bindings/src/kmsmanagement.rs
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions gateway-contracts/rust_bindings/src/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,5 @@ pub mod r#signedmath;
pub mod r#storageslot;
pub mod r#strings;
pub mod r#uupsupgradeable;
pub mod r#uupsupgradeableemptyproxy;
pub mod r#ierc1822proxiable;
114 changes: 109 additions & 5 deletions gateway-contracts/rust_bindings/src/multichainacl.rs
View file
Open in desktop

Large diffs are not rendered by default.

Loading
Loading