Skip to content

feat: enforce additive-only storage layout changes for PDPVerifier#263

Merged
rjan90 merged 7 commits into
FilOzone:mainfrom
Chaitu-Tatipamula:main
Apr 14, 2026
Merged

feat: enforce additive-only storage layout changes for PDPVerifier#263
rjan90 merged 7 commits into
FilOzone:mainfrom
Chaitu-Tatipamula:main

Conversation

@Chaitu-Tatipamula
Copy link
Copy Markdown
Contributor

@Chaitu-Tatipamula Chaitu-Tatipamula commented Mar 24, 2026
edited
Loading

Summary

Implements storage slot safety for the PDPVerifier upgradable contract
by enforcing that storage layout changes are strictly additive,
preventing storage collision bugs during contract upgrades.

Resolves #258

What's Checked

Scenario Detected
❌ Removing existing storage slots Yes
❌ Changing the slot number of an existing variable Yes
❌ Inserting new slots in the middle (shifting existing slots) Yes
✅ Appending new slots at the end Allowed

Changes

  • tools/generate_storage_layout.sh: Script to generate
    PDPVerifierLayout.sol from contract source using forge inspect
  • tools/check_storage_layout.sh: Validates that storage layout
    changes only add new slots at the end; flags destructive changes like
    removed slots, moved slots, or inserted slots
  • src/PDPVerifierLayout.sol: Generated file with 17 storage slots
    (must be committed and kept in sync)
  • Makefile: Added gen, check-layout, clean-gen targets for
    managing storage layout
  • .github/workflows/check-storage-layout.yml: New CI workflow to
    verify storage layout on all pushes/PRs
  • .github/workflows/makefile.yml: Added storage layout check to
    existing CI

Usage

make gen              # Generate/rebuild storage layout
make check-layout     # Check for destructive changes (runs in CI)
make clean-gen        # Clean generated files

@Chaitu-Tatipamula Chaitu-Tatipamula force-pushed the main branch 4 times, most recently from cd8e935 to 4f8bf8c Compare March 24, 2026 09:14
@rjan90 rjan90 added this to FOC Apr 13, 2026
@github-project-automation github-project-automation Bot moved this to 📌 Triage in FOC Apr 13, 2026
@rjan90 rjan90 moved this from 📌 Triage to 🔎 Awaiting review in FOC Apr 13, 2026
@rjan90 rjan90 moved this to 🔎 Awaiting review in PDP Apr 13, 2026
@rjan90 rjan90 added this to the M4.2: mainnet GA milestone Apr 13, 2026
rjan90
rjan90 reviewed Apr 13, 2026
View reviewed changes
Comment thread Makefile Outdated
rjan90
rjan90 reviewed Apr 13, 2026
View reviewed changes
Comment thread tools/check_storage_layout.sh Outdated
rjan90
rjan90 requested changes Apr 13, 2026
View reviewed changes
Comment thread .github/workflows/makefile.yml
@github-project-automation github-project-automation Bot moved this from 🔎 Awaiting review to ⌨️ In Progress in FOC Apr 13, 2026
@Chaitu-Tatipamula
fix(ci): address PR review feedback on storage layout checks
f903628 
- Update Makefile 'check-layout' to regenerate layouts and enforce git diff check
- Restructure check_storage_layout.sh CI fallback to strictly fail
- Transition script to use precise JSON metadata layout validation
- Ensure 'fetch-depth: 0' in Github Actions for full historical diffing
- Auto-generate PDPVerifierLayout.json snapshot
@Chaitu-Tatipamula
fix(ci): canonicalize layout json types resolving against dictionary
13a0e02
@rjan90
Copy link
Copy Markdown
Contributor

rjan90 commented Apr 14, 2026

@Chaitu-Tatipamula I pushed a small follow-up to tighten the storage-layout guardrail in 38f3a76.

The previous snapshot generation was flattening forge inspect output down to top-level label/slot/offset/type-label, which meant nested layout changes inside packed structs could be invisible to CI. In practice, a destructive change inside FeeStatus or PlannedUpgrade could keep the same top-level type label and still pass check_storage_layout.sh.

This change updates the generated PDPVerifierLayout.json to preserve canonical nested type metadata, and updates the checker to compare the full canonicalized type JSON instead of a flattened string. That way member-level struct layout changes are treated as destructive and fail the check as intended.

@github-project-automation github-project-automation Bot moved this from ⌨️ In Progress to ✔️ Approved by reviewer in FOC Apr 14, 2026
@rjan90 rjan90 merged commit f02a70e into FilOzone:main Apr 14, 2026
3 checks passed
@github-project-automation github-project-automation Bot moved this from 🔎 Awaiting review to 🎉 Done in PDP Apr 14, 2026
@github-project-automation github-project-automation Bot moved this from ✔️ Approved by reviewer to 🎉 Done in FOC Apr 14, 2026
@Chaitu-Tatipamula
Copy link
Copy Markdown
Contributor Author

Chaitu-Tatipamula commented Apr 14, 2026

@Chaitu-Tatipamula I pushed a small follow-up to tighten the storage-layout guardrail in 38f3a76.

The previous snapshot generation was flattening forge inspect output down to top-level label/slot/offset/type-label, which meant nested layout changes inside packed structs could be invisible to CI. In practice, a destructive change inside FeeStatus or PlannedUpgrade could keep the same top-level type label and still pass check_storage_layout.sh.

This change updates the generated PDPVerifierLayout.json to preserve canonical nested type metadata, and updates the checker to compare the full canonicalized type JSON instead of a flattened string. That way member-level struct layout changes are treated as destructive and fail the check as intended.

cool Thanks @rjan90

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rjan90 rjan90 rjan90 approved these changes

Assignees

@Chaitu-Tatipamula Chaitu-Tatipamula

Labels

None yet

Projects

FOC
Status: 🎉 Done
PDP
Status: 🎉 Done

Milestone

M4.2: mainnet GA

Development

Successfully merging this pull request may close these issues.

Setup *ServiceLayout.sol and enforce that we only make additions

2 participants

@Chaitu-Tatipamula @rjan90