Add OpenZeppelin upgradeable support#15
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds upgradeability to the beasts_nft contract by integrating OpenZeppelin's UpgradeableComponent. The changes involve updating Scarb.toml and Scarb.lock for the new dependency, implementing the IUpgradeable interface in src/lib.cairo, and expanding the test suite in src/mint_tests.cairo. Feedback suggests that the upgrade function should include a check against the contract's terminal_timestamp to ensure that the upgrade path is disabled once the contract is intended to become immutable.
| fn upgrade(ref self: ContractState, new_class_hash: ClassHash) { | ||
| self.ownable.assert_only_owner(); | ||
| self.upgradeable.upgrade(new_class_hash); | ||
| } |
There was a problem hiding this comment.
The upgrade function does not account for the terminal_timestamp logic implemented in other parts of the contract (e.g., build_metadata_uri). If the contract is intended to become "terminal" (immutable or final) after a specific timestamp, allowing upgrades after that point would allow the owner to bypass this restriction by replacing the contract logic entirely. Consider adding a check to ensure the contract is not past its terminal timestamp before allowing an upgrade.
fn upgrade(ref self: ContractState, new_class_hash: ClassHash) {
self.ownable.assert_only_owner();
let terminal_ts = self.terminal_timestamp.read();
if terminal_ts != 0_u64 {
assert(starknet::get_block_timestamp() <= terminal_ts, 'Terminal: upgrade disabled');
}
self.upgradeable.upgrade(new_class_hash);
}
There was a problem hiding this comment.
Pull request overview
Adds OpenZeppelin upgradeable support to the Beasts NFT contract, gating upgrades behind the owner check and adding tests for both unauthorized callers and validation paths.
Changes:
- Add
openzeppelin_upgradesv3.0.0 dependency inScarb.toml/Scarb.lock. - Wire
UpgradeableComponentintobeasts_nftwith an owner-gatedIUpgradeable::upgradeimpl. - Extend
deploy_contracthelper and add two upgrade authorization/validation tests insrc/mint_tests.cairo.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| Scarb.toml | Adds openzeppelin_upgrades v3.0.0 dependency. |
| Scarb.lock | Lockfile entry for the new dependency. |
| src/lib.cairo | Imports/wires UpgradeableComponent, adds substorage, event, and owner-gated upgrade ABI. |
| src/mint_tests.cairo | Adds IUpgradeableDispatcher to deploy helper tuple and two new upgrade tests; updates existing destructurings. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Summary
openzeppelin_upgradesv3.0.0 dependency and lockfile entry.UpgradeableComponentinto the Beasts NFT contract with owner-gatedIUpgradeable::upgrade.src/mint_tests.cairo.Changed files
Scarb.tomlScarb.locksrc/lib.cairosrc/mint_tests.cairoVerification
scarb fmtpassedscarb fmt --check --workspacepassedscarb buildpassedsnforge test --max-n-steps 4294967295passed: 37 passed, 0 failed, 306 ignored