Solana Security

Security question: If deploying a contract can take 100-1000x transactions, then how does upgrading a contract work for that same number of transactions?

Will the contract still function? As its old version? Or do you upload to a buffer and switch to it in 1 tx instead?

Cofounder of 0xMacro.com • Author of LearnEVM.com • Love to help with no strings attached

I believe it's the latter, you upload it into storage buffers then swap the pointer in the final transaction.

A doodler and computerer. I like permissive/permissionless open source, smart contracts, p2p systems, room-scale VR, and NixOS.

shazow.net

Currently: WhatsABI

That would be the sensible option, right? Still trying to find docs on it

Might have to dig into the source code

https://docs.solanalabs.com/cli/examples/deploy-a-program#using-an-intermediary-buffer-account

Also the final section in these docs about how to do this offline.

I remember this mentioned in the docs of how upgrading contracts, will check for it later

Independent Security Researcher
curiousapple.xyz

It would be raw bytecode, so the attacker would need to be able to statically analyze it in a short amount of time. Sounds possible in theory, but not sure to what extent since txs are much faster in Solana

hmm is it enough tho ?
if a upgrade is taking multiple transactions and pointer is redirected in end, can't a malicious actor see whats being updated and exploit before the patch is applied ?
you also need pause function to pause it before, no ?