d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
843cdbf71cc0551231e511d98cdd67a2932ef9d0
smom-dbis-138/docs/guides/HYBRID_APPROACH_IMPLEMENTATION.md

7.7 KiB
Raw Blame History

Hybrid Approach Implementation Guide

Overview

This document describes the hybrid approach for managing OpenZeppelin dependencies:

  • Install OpenZeppelin for existing contracts (unblocks compilation)
  • Keep new contracts independent (WETH10, CCIPWETH9Bridge, CCIPWETH10Bridge)
  • Gradually refactor existing contracts over time

Implementation Status

Phase 1: Installation

Step 1: Initialize Git Repository

# Initialize git repository (if not already initialized)
git init

Step 2: Install OpenZeppelin

# Install OpenZeppelin via Foundry
forge install OpenZeppelin/openzeppelin-contracts --no-commit

# Verify installation
ls -la lib/openzeppelin-contracts

Step 3: Verify Compilation

# Verify all contracts compile
forge build

# Run tests
forge test

Phase 2: Verification

Verify Independent Contracts

  • WETH10.sol - Independent, compiles successfully
  • CCIPWETH9Bridge.sol - Independent, compiles successfully
  • CCIPWETH10Bridge.sol - Independent, compiles successfully

Verify OpenZeppelin-Dependent Contracts

  • CCIPSender.sol - Requires OpenZeppelin, compiles successfully with OpenZeppelin v4.9.6
  • CCIPRouter.sol - Requires OpenZeppelin, compiles successfully with OpenZeppelin v4.9.6
  • CCIPRouterOptimized.sol - Requires OpenZeppelin, compiles successfully with OpenZeppelin v4.9.6
  • MultiSig.sol - Requires OpenZeppelin, compiles successfully with OpenZeppelin v4.9.6 (warning: shadowing)
  • Voting.sol - Requires OpenZeppelin, compiles successfully with OpenZeppelin v4.9.6

Installation Details

  • OpenZeppelin Version: v4.9.6 (compatible with Solidity 0.8.19)
  • Remappings: Configured in remappings.txt
  • Git Repository: Initialized
  • All Contracts: Compile successfully (excluding scripts with console.log issues)

Phase 3: Gradual Refactoring (Future)

Refactoring Plan

Phase 3.1: Refactor CCIP Contracts (Low Priority)

  • Refactor CCIPSender.sol (1-2 hours)
  • Refactor CCIPRouter.sol (1-2 hours)
  • Refactor CCIPRouterOptimized.sol (1-2 hours)
  • Total: 3-6 hours

Phase 3.2: Refactor Governance Contracts (Medium Priority)

  • Refactor MultiSig.sol (2-4 hours)
  • Refactor Voting.sol (2-4 hours)
  • Total: 4-8 hours

Phase 3.3: Remove OpenZeppelin (Final Step)

  • Remove OpenZeppelin dependency
  • Update documentation
  • Update CI/CD pipelines
  • Total: 2-4 hours

Total Refactoring Effort: 9-18 hours

Current Architecture

Independent Contracts (No OpenZeppelin)

contracts/
├── tokens/
│   ├── WETH.sol ✅
│   └── WETH10.sol ✅
├── ccip/
│   ├── CCIPWETH9Bridge.sol ✅
│   ├── CCIPWETH10Bridge.sol ✅
│   ├── CCIPReceiver.sol ✅
│   ├── CCIPMessageValidator.sol ✅
│   └── IRouterClient.sol ✅
├── oracle/
│   ├── Aggregator.sol ✅
│   └── Proxy.sol ✅
└── utils/
    ├── Multicall.sol ✅
    └── CREATE2Factory.sol ✅

OpenZeppelin-Dependent Contracts

contracts/
├── ccip/
│   ├── CCIPSender.sol ⚠️ (SafeERC20, IERC20)
│   ├── CCIPRouter.sol ⚠️ (SafeERC20, IERC20)
│   └── CCIPRouterOptimized.sol ⚠️ (SafeERC20, IERC20)
└── governance/
    ├── MultiSig.sol ⚠️ (Ownable)
    └── Voting.sol ⚠️ (Ownable)

Migration Strategy

Short-term (Immediate)

  1. Install OpenZeppelin
  2. Verify all contracts compile
  3. Run tests
  4. Deploy contracts

Medium-term (3-6 months)

  1. Refactor CCIP contracts
  2. Update tests
  3. Verify security
  4. Deploy refactored contracts

Long-term (6-12 months)

  1. Refactor governance contracts
  2. Remove OpenZeppelin dependency
  3. Update documentation
  4. Update CI/CD pipelines

Refactoring Priority

High Priority (Refactor First)

  1. CCIPSender.sol - Low effort, high value
  2. CCIPRouter.sol - Low effort, high value
  3. CCIPRouterOptimized.sol - Low effort, high value

Medium Priority (Refactor Second)

  1. MultiSig.sol - Medium effort, medium value
  2. Voting.sol - Medium effort, medium value

Low Priority (Refactor Last)

  1. Remove OpenZeppelin dependency (after all refactoring)

Benefits of Hybrid Approach

Immediate Benefits

  • All contracts compile successfully
  • No blocking issues
  • Can deploy immediately
  • Maintains existing functionality

Long-term Benefits

  • Gradual migration
  • Reduced risk
  • Better maintainability
  • Lower gas costs (after refactoring)
  • Smaller code size (after refactoring)

Risks and Mitigation

Risks

  1. External Dependency: OpenZeppelin is an external dependency
  2. Migration Complexity: Gradual migration requires coordination
  3. Security: Need to ensure refactored contracts are secure

Mitigation

  1. External Dependency: Monitor OpenZeppelin updates
  2. Migration Complexity: Follow migration guide
  3. Security: Conduct security reviews for refactored contracts

Testing Strategy

Independent Contracts

  • Test without OpenZeppelin
  • Verify compilation
  • Run comprehensive tests

OpenZeppelin-Dependent Contracts

  • Test with OpenZeppelin
  • Verify compilation
  • Run comprehensive tests

Refactored Contracts (Future)

  • Test refactored contracts
  • Compare with original contracts
  • Verify security
  • Verify functionality

Documentation

Current Documentation

  • Contract inventory
  • Dependency assessment
  • Usage analysis
  • Migration guide
  • Decision tree
  • Security checklist

Future Documentation

  • Refactoring progress tracker
  • Migration status report
  • Security review reports

Next Steps

Immediate (Week 1)

  1. Install OpenZeppelin
  2. Verify compilation
  3. Run tests
  4. Deploy contracts

Short-term (Month 1-3)

  1. Refactor CCIP contracts
  2. Update tests
  3. Security review
  4. Deploy refactored contracts

Long-term (Month 6-12)

  1. Refactor governance contracts
  2. Remove OpenZeppelin
  3. Final security review
  4. Update documentation

Success Criteria

Phase 1: Installation

  • OpenZeppelin installed
  • All contracts compile
  • All tests pass
  • Contracts deployed

Phase 2: Refactoring (Future)

  • CCIP contracts refactored
  • Governance contracts refactored
  • All tests pass
  • Security verified

Phase 3: Removal (Future)

  • OpenZeppelin removed
  • All contracts independent
  • All tests pass
  • Documentation updated

References

Summary

Completed

  • Decision: Hybrid approach chosen
  • Installation: OpenZeppelin installed
  • Verification: All contracts compile
  • Documentation: Comprehensive guides created

Pending

  • Refactoring: Gradual refactoring of existing contracts
  • Removal: Remove OpenZeppelin dependency (final step)

Status

  • Current: Hybrid approach implemented
  • Future: Gradual refactoring planned
  • Final: OpenZeppelin removal planned

Notes

  • New WETH contracts (WETH10, CCIPWETH9Bridge, CCIPWETH10Bridge) remain independent
  • Existing contracts (CCIPSender, CCIPRouter, etc.) use OpenZeppelin
  • Gradual refactoring planned over 6-12 months
  • All documentation and guides are complete
Reference in New Issue View Git Blame Copy Permalink