[ETHEREUM-CONTRACTS] Migrate to OpenZeppelin v5 #2097

d10r · 2025-08-01T15:34:46Z

What & Why

see #2016

How

Imports and notes about what changed:

utils/introspection/IERC1820Registry.sol
  path changed to interfaces/

utils/introspection/ERC1820Implementer
  was removed. Used only in ERC777SenderRecipientMock.t.sol, so I put a copy there.

utils/math/SafeMath.sol
  nomore needed in Solidity 0.8, its functions can be replaced by operators

utils/math/SafeCast.sol

utils/Address.sol (SuperToken.sol)
  isContract() was removed, thus it was replaced by its previous implementation `account.code.length > 0 ?`
  The OZ5 library added a custom error, which caused the ABI to not be empty anymore, which caused typechain to add it, which caused a conflict with the alias in `mappedSubgraphTypes.ts`. Thus added a workaround in `build-types.sh` which removes the entries generated for the Address library.

utils/cryptography/ECDSA.sol

access/IAccessControl.sol

access/AccessControlEnumerable.sol
  path changed to access/extensions

access/AccessControl.sol
  `_setupRole()` was removed. Can be trivially replaced by `_grantRole()`

access/Ownable.sol
  constructor now requires an argument, initial owner needs to be explicitly set (was implicitly set to `_msgSender` before)

token/ERC20/extensions/IERC20Metadata.sol

token/ERC20/extensions/IERC20Permit.sol

token/ERC721/extensions/IERC721Metadata.sol

token/ERC777/IERC777.sol
  path changed to interfaces

token/ERC777/IERC777Recipient.sol
    path changed to interfaces

token/ERC777/IERC777Sender.sol
    path changed to interfaces

token/ERC20/ERC20.sol
  note: SuperToken does NOT inherit this, but did replicate some of the functionality, incl. revert strings. Remaining ones could be replaced by custom errors as specified in [EIP-6093](https://eips.ethereum.org/EIPS/eip-6093), as done in the OZ5 impl.

token/ERC20/utils/SafeERC20.sol (library)
  `safeApprove` has been removed (was already deprecated in v4) because there's nothing safe about it. Was used in `SuperUpgrader`, now replaced with `forceApprove` (which is specifically about ERC20 contracts which requires approval to be set to 0 before it can be set to a new value).

proxy/Proxy.sol
  receive() was removed. It was thus explicitly added to `UUPSProxy` and `FullUpgradableSuperTokenProxy` in order to keep their functionality as is.

proxy/utils/Initializable.sol
  STORAGE LAYOUT CHANGED!
  This is used in `UUPSProxiable` and `BeaconProxiable`. We need to retain the storage layout of those, thus we keep using the v4 version.

proxy/beacon/UpgradeableBeacon.sol

proxy/beacon/BeaconProxy.sol
  v5 added an immutable which stores the beacon address - additionally to storing it in the eip-1967-defined storage slot.
  This is a clever optimization allowing cheaper lookup at runtime. It's safe because the storage layout isn't affected and the beacon address is immutable thus can't get out of sync with the pointer saved in storage.

interfaces/IERC5267.sol

openzeppelin-contracts is now a git submodule (foundry style) instead of an npm package.
In order to stay compatible with hardhat (used by legacy tests) and truffle (used by ops scripts), an npm postinstall script places a symlink to that submodule in node_modules. This was found to be the only solution which doesn't cause significant issues with either hardhat or truffle (see dedicated comment).

The openzeppelin imports in the ethereum-contracts package are now qualified by the major version, that is @openzeppelin-v5/.... This allows contracts using SF contracts as a dependency to use the default namespace @openzeppelin with the OZ version they prefer. The OZ package is now declared a peerDependency.
Hardhat projects need to set up a remapping task in their config file, see CHANGELOG.

Signed-off-by: pavedroad <[email protected]>

…half of members

d10r · 2025-08-07T20:05:35Z

We could change EVM version to cancun, all SF networks now support it (see hellwolf/eip-canaries#1).
However ganache doesn't support it, so I reverted to shanghai.

hellwolf · 2025-08-21T09:15:22Z

@d10r, please cherry-pick #2099

packages/automation-contracts/autowrap/foundry.toml

packages/automation-contracts/scheduler/contracts/VestingSchedulerV3.sol

packages/automation-contracts/scheduler/contracts/VestingSchedulerV2.sol

hellwolf · 2025-08-22T07:40:34Z

packages/automation-contracts/scheduler/test/VestingSchedulerV2.t.sol


        console.log("Revert with overflow.");
-        vm.expectRevert("SafeCast: value doesn't fit in 96 bits");
+        vm.expectRevert(); // SafeCastOverflowedIntDowncast


there is no reference to it?

hellwolf · 2025-08-22T07:47:23Z

packages/automation-contracts/scheduler/test/VestingSchedulerV3.t.sol


        console.log("Revert with overflow.");
-        vm.expectRevert("SafeCast: value doesn't fit in 96 bits");
+        vm.expectRevert(); // SafeCastOverflowedIntDowncast


hellwolf · 2025-08-22T07:48:20Z

packages/ethereum-contracts/contracts/agreements/gdav1/GeneralDistributionAgreementV1.sol

        newCtx = ctx;

-        if (pool.superToken().isPool(this, memberAddr)) {
+        if (memberAddr == address(0) || pool.superToken().isPool(this, memberAddr)) {


hellwolf · 2025-08-22T07:54:10Z

packages/ethereum-contracts/contracts/upgradability/SuperfluidUpgradeableBeacon.sol

    error NO_PROXY_LOOP();                  // 0z66750bca

-    constructor(address implementation_) UpgradeableBeacon(implementation_) {}
+    constructor(address implementation_) UpgradeableBeacon(implementation_, _msgSender()) {}


Note:

Context._msgSender

Ownable is Context

hellwolf · 2025-08-22T07:57:07Z

packages/ethereum-contracts/ops-scripts/deploy-framework.js

-            () => superfluid.getSimpleACL(),
-            "SIMPLE_ACL"
-        );
+        // SimpleACL has now been deployed on all networks.


Okay. What about deploying to a new network, does the bootstrap logic still exist?

hellwolf · 2025-08-22T07:58:09Z

packages/ethereum-contracts/test/foundry/agreements/gdav1/GeneralDistributionAgreement.t.sol

        vm.stopPrank();
+
+        // cannot connect the zero address
+        vm.startPrank(alice);


packages/solidity-semantic-money/foundry.toml

hellwolf · 2025-08-26T08:55:19Z

packages/ethereum-contracts/contracts/superfluid/SuperToken.sol

-                spender,
-                _allowances[holder][spender].sub(amount, "SuperToken: transfer amount exceeds allowance"));
+            require(amount <= _allowances[holder][spender], "SuperToken: transfer amount exceeds allowance");
+            // TODO: this triggers an `Approval` event, which shouldn't happen for transfers.


I can't recall when did this creep in.

Added a draft to https://github.com/orgs/superfluid-org/projects/1/views/1 for later to address.

hellwolf · 2025-10-09T09:43:12Z

packages/automation-contracts/autowrap/hardhat.config.js

 // Go to https://hardhat.org/config/ to learn more

+// Remapping for OpenZeppelin contracts
+subtask(TASK_COMPILE_GET_REMAPPINGS).setAction(


consider to drop a section in the https://github.com/superfluid-org/protocol-monorepo/blob/dev/packages/ethereum-contracts/README.md

packages/automation-contracts/scheduler/foundry.toml

hellwolf · 2025-10-09T09:49:25Z

packages/ethereum-contracts/contracts/mocks/ERC777SenderRecipientMock.t.sol

+ *
+ * CAUTION: This file is deprecated as of v4.9 and will be removed in the next major release.
+ */
+contract ERC1820Implementer is IERC1820Implementer {


Consider to move it under contracts/utils/

d10r and others added 30 commits June 26, 2025 16:34

distinguish between unsettled and claimable balance in pools

ba1b067

add assertions

f76ce16

Merge branch 'dev' into 2025-06-fix-claimable

62697d9

Merge branch 'dev' into 2025-06-fix-claimable

ab01e42

merge dev

ea53653

use new reader function

9c433c5

Merge branch 'dev' into 2025-06-fix-claimable

b56c0f3

small fix

d6687ab

updated changelog

5dad0c3

limit valid input size for _settle()

882f654

remove some silly type convrersions

e27cb41

chore: remove redundant words in comment (#2092)

5a0fb64

Signed-off-by: pavedroad <[email protected]>

added GDA function which allows the pool admin to connect pools on be…

b856b8a

…half of members

add mechanism for opting out of autoconnect using SimpleACL

cd864bd

revert forge-std upgrade

88e17f3

simplification

8db285b

don't restrict autoconnect to pool admin, more testing

101bdfc

fix stack too deep?

701ea33

fix flag

4dce3b7

more shanghai

5a603b2

Merge branch 'dev' into 2025-07-autoconnect

77e3f9d

updated CHANGELOG

d3bfd95

undo disable test

d6c9135

added tryConnectPoolFor to SuperTokenV1Library

2aa5ccd

CFASuperAppBase: disable autoconnect in constructor

b4e6342

set admin roles in deploy script

c195923

solidity semantic money to shanghai evm

bd1d158

added countUsedSlots to SlotsBitmapLibrary

c76c167

GDAv1: use SlotsBitmapLibrary

64484ae

added some asserts to SlotsBitmapLibraryPropertyTest._listData

d8ea0dc

d10r added 8 commits August 7, 2025 10:20

don't allow deployment of SimpleACL in upgrade path

288b660

tryConnectPool: don't allow zero address for member argument

b3c6a8c

fix deploy script

a24ef82

back to shanghai (where ganache is stuck)

67415dd

add comment

91f26a7

updated changelog

dd78939

adjust foundry mappings

075a1c0

more detailled changelog, specify OZ as peer dependency

a7686ff

d10r marked this pull request as ready for review August 7, 2025 19:28

d10r requested a review from kasparkallas as a code owner August 7, 2025 19:28

Update README.md

e6ffae8

hellwolf mentioned this pull request Aug 22, 2025

chore: made the ethereum contract badge clickable #2099

Closed

hellwolf reviewed Aug 22, 2025

View reviewed changes

packages/automation-contracts/autowrap/foundry.toml Show resolved Hide resolved

hellwolf reviewed Aug 22, 2025

View reviewed changes

packages/automation-contracts/scheduler/contracts/VestingSchedulerV3.sol Show resolved Hide resolved

hellwolf reviewed Aug 22, 2025

View reviewed changes

packages/automation-contracts/scheduler/contracts/VestingSchedulerV2.sol Show resolved Hide resolved

hellwolf reviewed Aug 22, 2025

View reviewed changes

packages/solidity-semantic-money/foundry.toml Show resolved Hide resolved

Merge branch 'dev' into 2025-08-oz5

5093e4c

hellwolf reviewed Aug 26, 2025

View reviewed changes

hellwolf reviewed Oct 9, 2025

View reviewed changes

packages/automation-contracts/scheduler/foundry.toml Show resolved Hide resolved

hellwolf reviewed Oct 9, 2025

View reviewed changes

hellwolf approved these changes Oct 9, 2025

View reviewed changes

[ETHEREUM-CONTRACTS] Migrate to OpenZeppelin v5 #2097

Are you sure you want to change the base?

[ETHEREUM-CONTRACTS] Migrate to OpenZeppelin v5 #2097

Uh oh!

Conversation

d10r commented Aug 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What & Why

How

Uh oh!

d10r commented Aug 7, 2025

Uh oh!

hellwolf commented Aug 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

hellwolf Aug 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

d10r commented Aug 1, 2025 •

edited

Loading

hellwolf commented Aug 21, 2025 •

edited

Loading

hellwolf Aug 22, 2025 •

edited

Loading