Validate Solidity custom storage layout, use OpenZeppelin Contracts 5.3.0 (#1144)

Author: ericglau

packages/core/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## Unreleased
+
+- Validate Solidity custom storage layouts, use proxies from OpenZeppelin Contracts 5.3.0. ([#1144](https://github.com/OpenZeppelin/openzeppelin-upgrades/pull/1144))
+
 ## 1.43.0 (2025-04-11)
 
 - Add Sonic network to manifest file names. ([#1146](https://github.com/OpenZeppelin/openzeppelin-upgrades/pull/1146))

packages/core/contracts/test/CustomLayout.sol

@@ -0,0 +1,178 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.29;
+
+abstract contract Base {
+    uint256 public x;
+}
+
+contract CustomLayout layout at 0x1 is Base {
+    uint256 public y;
+}
+
+contract CustomLayout_Same_Root_Ok layout at 0x1 is Base {
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Same_Root_Decimal_Ok layout at 1 is Base {
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Same_Root_ScientificNotation_Ok layout at 1000.0e-3 is Base {
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Changed_Root_Bad layout at 0x2 is Base {
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Changed_Root_Decimal_Bad layout at 2 is Base {
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Changed_Root_ScientificNotation_Bad layout at 2.0e10 is Base {
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Changed_To_Default_Bad is Base {
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Changed_Root_Ok layout at 0x0 {
+    uint256 public insertedBefore;
+    uint256 public x;
+    uint256 public y;
+    uint256 public z;
+}
+
+contract CustomLayout_Changed_To_Default_Ok {
+    uint256 public insertedBefore;
+    uint256 public x;
+    uint256 public y;
+    uint256 public z;
+}
+
+contract Namespaced_Default_Layout {
+    /// @custom:storage-location erc7201:example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 y;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("example.main")) - 1)) & ~bytes32(uint256(0xff));
+    bytes32 private constant MAIN_STORAGE_LOCATION =
+        0x183a6125c38840424c4a85fa12bab2ab606c4b6d0e7cc73c0c06ba5300eab500;
+}
+
+contract CustomLayout_Unsupported_Node_Type layout at 0x2 ** 0x3 {
+    uint256 public x;
+}
+
+contract Namespaced_Custom_Layout_Unaffected layout at 0x1 {
+    /// @custom:storage-location erc7201:example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 y;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("example.main")) - 1)) & ~bytes32(uint256(0xff));
+    bytes32 private constant MAIN_STORAGE_LOCATION =
+        0x183a6125c38840424c4a85fa12bab2ab606c4b6d0e7cc73c0c06ba5300eab500;
+}
+
+contract Namespaced_Custom_Layout_Clash layout at 0x183a6125c38840424c4a85fa12bab2ab606c4b6d0e7cc73c0c06ba5300eab500 {
+    /// @custom:storage-location erc7201:example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 y;
+    }
+
+    uint256 clashesWithNamespace;
+
+    // keccak256(abi.encode(uint256(keccak256("example.main")) - 1)) & ~bytes32(uint256(0xff));
+    bytes32 private constant MAIN_STORAGE_LOCATION =
+        0x183a6125c38840424c4a85fa12bab2ab606c4b6d0e7cc73c0c06ba5300eab500;
+}
+
+contract Namespaced_Custom_Layout_Clash_Decimal layout at 10958655983261152271848436692291137275443024275653522991983264966744321209600 {
+    /// @custom:storage-location erc7201:example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 y;
+    }
+
+    uint256 clashesWithNamespace;
+
+    // keccak256(abi.encode(uint256(keccak256("example.main")) - 1)) & ~bytes32(uint256(0xff));
+    bytes32 private constant MAIN_STORAGE_LOCATION =
+        0x183a6125c38840424c4a85fa12bab2ab606c4b6d0e7cc73c0c06ba5300eab500;
+}
+
+contract Namespaced_Custom_Layout_Clash_Extra_Colon layout at 0xc7aaba8d22be97cadd7427e7a6841eaffa38e68fd57b8f5417d9acc1a1566e00 {
+    /// @custom:storage-location erc7201:example:main
+    struct MainStorage {
+        uint256 x;
+        uint256 y;
+    }
+
+    uint256 clashesWithNamespace;
+
+    // keccak256(abi.encode(uint256(keccak256("example:main")) - 1)) & ~bytes32(uint256(0xff));
+    bytes32 private constant MAIN_STORAGE_LOCATION =
+        0xc7aaba8d22be97cadd7427e7a6841eaffa38e68fd57b8f5417d9acc1a1566e00;
+}
+
+/// No formula id for the namespace (annotation does not comply with ERC-7201), so it is not checked for clash with custom layout
+contract CustomLayout_No_Namespace_Formula layout at 0x183a6125c38840424c4a85fa12bab2ab606c4b6d0e7cc73c0c06ba5300eab500 {
+    /// @custom:storage-location example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 y;
+    }
+
+    uint256 a;
+}
+
+/// No formula id for the namespace (annotation does not comply with ERC-7201), so it is not checked for clash with custom layout
+contract CustomLayout_Unknown_Namespace_Formula layout at 0x183a6125c38840424c4a85fa12bab2ab606c4b6d0e7cc73c0c06ba5300eab500 {
+    /// @custom:storage-location erc0000:example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 y;
+    }
+
+    uint256 a;
+}
+
+abstract contract NamespaceA {
+    /// @custom:storage-location erc7201:example.a
+    struct AStorage {
+        uint256 x;
+    }
+}
+
+abstract contract NamespaceB {
+    /// @custom:storage-location erc7201:example.b
+    struct BStorage {
+        uint256 x;
+    }
+}
+
+contract CustomLayout_Multiple_Namespaces layout at 0x1 is NamespaceA, NamespaceB {
+}
+
+contract Gap {
+    uint256[50] __gap;
+    uint256 public x;
+}
+
+contract Gap_Changed_Root_Ok layout at 25 {
+    uint256[25] __gap;
+    uint256 public x;
+}

packages/core/contracts/test/NamespacedToModifyCustomLayout.sol

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.29;
+
+abstract contract Base {
+}
+
+contract ExampleCustomLayout layout at 0x123 is Base {
+    /// @custom:storage-location erc7201:example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 z;
+    }
+}
+
+contract ExampleCustomLayout_DifferentSpecifierOrder is Base layout at 0x123 {
+    /// @custom:storage-location erc7201:example.main
+    struct MainStorage {
+        uint256 x;
+        uint256 z;
+    }
+}

packages/core/hardhat.config.js

@@ -38,8 +38,11 @@ function getNamespacedOverrides() {
   for (const c of namespacedContracts) {
     if (c === 'NamespacedToModify07.sol') {
       overrides[`contracts/test/${c}`] = { version: '0.7.6', settings };
+    } else if (c === 'NamespacedToModifyCustomLayout.sol') {
+      overrides[`contracts/test/${c}`] = { version: '0.8.29', settings: settingsWithParisEVM };
     } else {
-      overrides[`contracts/test/${c}`] = { version: '0.8.20', settings: settingsWithParisEVM };
+      // pin compiler version to the most recent Solidity version that Slang supports
+      overrides[`contracts/test/${c}`] = { version: '0.8.28', settings: settingsWithParisEVM };
     }
   }
   return overrides;

packages/core/hardhat/separate-test-contracts.js

@@ -11,12 +11,15 @@ task(TASK_COMPILE_SOLIDITY_GET_COMPILATION_JOB_FOR_FILE, async (params, _, runSu
   // compiled separately (along with the other marked files).
   // Dependencies of proxy contracts would be automatically included in the proxy contracts compilation.
   if (!params.file.sourceName.startsWith('@openzeppelin/contracts/proxy/')) {
-    // Mark each CLI Solidity file differently from regular tests, so that they can be compiled separately.
-    // This is needed because CLI tests validate the entire build-info file, so each build-info should include only relevant contracts.
     if (params.file.sourceName.startsWith('contracts/test/cli/')) {
+      // Mark each CLI Solidity file differently from regular tests, so that they can be compiled separately.
+      // This is needed because CLI tests validate the entire build-info file, so each build-info should include only relevant contracts.
       mark(job, params.file.sourceName);
     } else if (params.file.sourceName.startsWith('contracts/test/Namespaced')) {
       mark(job, 'testNamespaced');
+    } else if (params.file.sourceName.includes('CustomLayout')) {
+      // Tests layout conflicts which causes errors if validated together with other tests.
+      mark(job, 'testCustomLayout');
     } else {
       mark(job, 'test');
     }
@@ -36,6 +39,10 @@ function mark(job, group) {
 
   const originalConfig = job.solidityConfig;
 
+  if (originalConfig === undefined) {
+    throw Error(`Solidity config is missing for job: ${JSON.stringify(job, null, 2)}`);
+  }
+
   if (originalConfig[marker] && originalConfig[marker] !== group) {
     throw Error('Same job in different compilation groups');
   }

packages/core/package.json

@@ -34,7 +34,9 @@
     "compile:contracts": "hardhat compile",
     "copyfiles": "node scripts/copy-build-info-v5.js && bash scripts/copy-legacy-artifacts.sh",
     "prepare": "yarn clean && yarn compile && yarn copyfiles",
-    "test": "tsc -b && hardhat compile --force && yarn copyfiles && ava",
+    "pretest": "tsc -b && hardhat compile --force && yarn copyfiles",
+    "test": "ava",
+    "test:update-snapshots": "yarn test --update-snapshots",
     "test:watch": "hardhat compile --force && yarn copyfiles && fgbg 'ava --watch' 'tsc -b --watch' --",
     "version": "node ../../scripts/bump-changelog.js",
     "cli": "node ./dist/cli/cli.js"
@@ -45,7 +47,7 @@
   "devDependencies": {
     "@ava/typescript": "^5.0.0",
     "@nomicfoundation/hardhat-ethers": "^3.0.5",
-    "@openzeppelin/contracts": "5.0.2",
+    "@openzeppelin/contracts": "5.3.0",
     "@openzeppelin/upgrades-core-legacy": "npm:@openzeppelin/upgrades-core@1.31.3",
     "@types/debug": "^4.1.5",
     "@types/minimist": "^1.2.5",
@@ -65,11 +67,12 @@
     "cbor": "^10.0.0",
     "chalk": "^4.1.0",
     "compare-versions": "^6.0.0",
+    "bignumber.js": "^9.1.2",
     "debug": "^4.1.1",
     "ethereumjs-util": "^7.0.3",
     "minimist": "^1.2.7",
     "proper-lockfile": "^4.1.1",
-    "solidity-ast": "^0.4.51",
+    "solidity-ast": "^0.4.60",
     "minimatch": "^9.0.5"
   }
 }

packages/core/src/solidity-version.json

@@ -1 +1 @@
-"0.8.20"
+"0.8.29"

packages/core/src/storage-0.8.test.ts.md

@@ -9,6 +9,7 @@ Generated by [AVA](https://avajs.dev).
 > Snapshot 1
 
     {
+      baseSlot: undefined,
       namespaces: [],
       storage: [
         {
@@ -47,6 +48,7 @@ Generated by [AVA](https://avajs.dev).
 > Snapshot 1
 
     {
+      baseSlot: undefined,
       namespaces: [],
       storage: [
         {
@@ -85,6 +87,7 @@ Generated by [AVA](https://avajs.dev).
 > Snapshot 1
 
     {
+      baseSlot: undefined,
       namespaces: [],
       storage: [
         {
@@ -120,6 +123,7 @@ Generated by [AVA](https://avajs.dev).
 > Snapshot 1
 
     {
+      baseSlot: undefined,
       namespaces: [],
       storage: [
         {