Overview
TheFactory contract is a generalized deployment mechanism for creating upgradeable proxy instances of pre-approved implementations. It tracks multiple implementation versions, proposal workflows, blacklisting for security, and ownership-based access control.
It conforms to the IFactory interface and supports deploying any IFactoryEntity-compliant contracts via TransparentUpgradeableProxy, using initialize() for configuration.
Key Capabilities
- Versioned Deployment: Track multiple logic contract versions, each deployable by index.
- Proposal System: Allow anyone to propose implementations, with owner approval required.
- Blacklist Mechanism: Prevent deployment of insecure or deprecated versions.
- Deterministic Deployments: Uses
create2salt to ensure predictable addresses. - Entity Tracking: Keeps a registry of all deployed entities.
Storage Structure
The contract uses a deterministic storage layout via:FactoryStorage) include:
Initialization
- Accepts encoded owner address
- Sets initial admin and emits
Initialized
Entity Deployment
TransparentUpgradeableProxy:
- Uses implementation from
implementations.at(version) - Rejects if version is out-of-bounds or blacklisted
- Uses
salt = keccak256(version, owner, initParams, currentEntityCount)for deterministic deployment - Calls
initialize(initParams)on the new proxy
Implementation Management
Propose New Implementation
- Fails if already in
implementationsorproposals - Adds to
proposals - Emits:
ProposeImplementation(implementation) - Permissionless function
Accept Proposed Implementation
- Only callable by owner
- Fails if not proposed
- Moves from
proposals→implementations - Emits:
AcceptProposedImplementation(implementation)
Blacklisting
- Blocks deployments using specific version
- Enforces that version index exists
- Emits:
SetBlacklistStatus(version, flag)
View Functions
Access Control
- Uses
OwnableUpgradeable - Only owner can accept implementations and blacklist versions
Security Considerations
- Immutable logic whitelist: Only approved contracts can be deployed
- Blacklisting: Emergency response for vulnerabilities
- Replay protection: Deployment salt ensures unique addresses
- Decentralized proposals: Anyone can propose implementations, but only owner can accept