This was one of the major items on our roadmap since the day we started GoChain, at a time when it seemed every week there was a smart contract hacked leading to losses of $100's of millions… no joke. And unfortunately, it’s still happening today, even on newer blockchains. The worst part about it is that even after you know you have a security bug in your smart contract, there’s nothing you can do about it, except watch from the sidelines as all of you and your users tokens disappear.
Along with fixing the scaling problems of existing blockchains, GoChain planned to solve this problem of hacking and theft too. From the GoChain Improvement Proposal #22:
“Aside from solving performance issues, GoChain also has a goal of fixing another huge problem with Ethereum and that is theft prevention. Theft on Ethereum is almost always related to bugs in smart contract code (besides gaining someone’s private key via social engineering, SMS hijacking, etc). $100’s of millions (if not billions) have been stolen in the past couple of years due to bugs in smart contracts.
One way to reduce the chance of theft by bugs is the ability to pause a contract (stop the theft) and upgrade it (fix the bug that makes the theft possible). This proposal is to enable both of those features. A nice side effect of this is that contracts can be upgraded for other reasons too, such as adding new functionality to a DApp or amending a contract which reflects real-life contracts.”
Well we’re happy to say the solution to this problem is now available and guess what? It’s really simple to use.
How To Use Upgradeable Smart Contracts
Using the awesome web3 CLI tool, you simply add a
--upgradeable flag to the deploy command, eg:
web3 contract deploy --upgradeable ERC20.bin
That will return your new contract address and you can use it just like any other contract. Set it as an environment variable to use the rest of the commands without having to pass it in as a flag for each command:
When you want to upgrade, you simply deploy a new contract:
web3 contract deploy FixedERC20.bin
Then take the new address for your updated contract and and make that the new target:
web3 contract upgrade --to 0xNEW_ADDRESS
And that’s it. Pretty easy huh?
Pause and Resume
In addition to upgrading, when you deploy with the
--upgradeable flag, it also automatically adds pausing and resuming functions. This is to ensure you can stop any activity while you work on fixing the bug in your contract, upgrade it, then unpause it.
web3 contract pause
web3 contract resume
You can find out more details and walk through an example on the web3 README. We’d love to hear your feedback so please let us know how we can make it better in the comments here or make an issue on GitHub.