🔨 contracts: guard factory deploys against redundant upgrades

itofarina · itofarina · commit 26eefc41525f · 2026-03-30T13:16:35.000-03:00
diff --git a/contracts/.gas-snapshot b/contracts/.gas-snapshot
@@ -212,18 +212,20 @@ IssuerCheckerTest:test_setPrevIssuerWindow_emits_PrevIssuerWindowSet() (gas: 526
 IssuerCheckerTest:test_setPrevIssuerWindow_reverts_whenNotAdmin() (gas: 45548)
 MockSwapperTest:test_swapExactAmountIn_swaps() (gas: 269807)
 MockSwapperTest:test_swapExactAmountOut_swaps() (gas: 269803)
-RedeployerTest:test_deployEXA_deploysAtSameAddress_onBase() (gas: 53905971)
-RedeployerTest:test_deployExaFactoryWithProxy_reverts_whenNotPrepared() (gas: 14922555)
-RedeployerTest:test_deployExaFactory_deploysAtSameAddress_onEthereum() (gas: 259268794)
-RedeployerTest:test_deployExaFactory_deploysAtSameAddress_onPolygon() (gas: 354975875)
-RedeployerTest:test_deployExaFactory_deploysViaCreate3AtSameAddress_onPolygon() (gas: 33396161)
-RedeployerTest:test_deployExaFactory_reverts_whenNotPrepared() (gas: 14923070)
-RedeployerTest:test_prepare_reusesExistingDeps_onBase() (gas: 19417493)
-RedeployerTest:test_prepare_reverts_whenAdminIsDeployer() (gas: 14949296)
-RedeployerTest:test_prepare_succeeds_whenCalledTwice() (gas: 29708771)
-RedeployerTest:test_recoversNativeETHOnPolygon() (gas: 33567331)
-RedeployerTest:test_serialProxies_reverts_whenAttackerUpgradesProxy() (gas: 36600171)
-RedeployerTest:test_serialProxies_reverts_whenTargetNonceTooLow() (gas: 41785116)
+RedeployerTest:test_deployEXA_deploysAtSameAddress_onBase() (gas: 54219802)
+RedeployerTest:test_deployExaFactoryWithProxy_reverts_whenNotPrepared() (gas: 15237329)
+RedeployerTest:test_deployExaFactoryWithProxy_succeeds_whenAlreadyUpgraded() (gas: 30533445)
+RedeployerTest:test_deployExaFactory_deploysAtSameAddress_onEthereum() (gas: 259575404)
+RedeployerTest:test_deployExaFactory_deploysAtSameAddress_onPolygon() (gas: 355281354)
+RedeployerTest:test_deployExaFactory_deploysViaCreate3AtSameAddress_onPolygon() (gas: 33725071)
+RedeployerTest:test_deployExaFactory_reverts_whenNotPrepared() (gas: 15260529)
+RedeployerTest:test_deployExaFactory_succeeds_whenVersionAlreadyDeployed() (gas: 31079985)
+RedeployerTest:test_prepare_reusesExistingDeps_onBase() (gas: 18736058)
+RedeployerTest:test_prepare_reverts_whenAdminIsDeployer() (gas: 15264030)
+RedeployerTest:test_prepare_succeeds_whenCalledTwice() (gas: 30023365)
+RedeployerTest:test_recoversNativeETHOnPolygon() (gas: 33896263)
+RedeployerTest:test_serialProxies_reverts_whenAttackerUpgradesProxy() (gas: 36914862)
+RedeployerTest:test_serialProxies_reverts_whenTargetNonceTooLow() (gas: 42414208)
 RefunderTest:test_refund_refunds() (gas: 263363)
 RefunderTest:test_refund_reverts_whenExpired() (gas: 88359)
 RefunderTest:test_refund_reverts_whenNotKeeper() (gas: 68861)
diff --git a/contracts/script/Redeployer.s.sol b/contracts/script/Redeployer.s.sol
@@ -4,12 +4,13 @@ pragma solidity ^0.8.0;
 import {
   TransparentUpgradeableProxy
 } from "@openzeppelin/contracts-v4/proxy/transparent/TransparentUpgradeableProxy.sol";
+import { ERC1967Utils } from "openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Utils.sol";
 import { ProxyAdmin } from "openzeppelin-contracts/contracts/proxy/transparent/ProxyAdmin.sol";
 import {
   ITransparentUpgradeableProxy
 } from "openzeppelin-contracts/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
 
-import { IPlugin } from "modular-account-libs/interfaces/IPlugin.sol";
+import { IPlugin, PluginMetadata } from "modular-account-libs/interfaces/IPlugin.sol";
 
 import { ACCOUNT_IMPL, ENTRYPOINT } from "webauthn-owner-plugin/../script/Factory.s.sol";
 
@@ -52,7 +53,7 @@ contract Redeployer is BaseScript {
     ownerPlugin =
       IPlugin(_broadcastOrCreate3("node_modules/webauthn-owner-plugin/broadcast/Plugin", "WebauthnOwnerPlugin"));
     exaPlugin = IPlugin(_broadcastOrCreate3("broadcast/ExaPlugin", "ExaPlugin"));
-    factory = ExaAccountFactory(payable(CREATE3_FACTORY.getDeployed(admin, keccak256(abi.encode("ExaAccountFactory")))));
+    factory = _factory();
     auditor = IAuditor(_protocolOrStub("Auditor", "StubAuditor"));
     marketUSDC = IMarket(_protocolOrStub("MarketUSDC", "StubMarketUSDC"));
     marketWETH = IMarket(_protocolOrStub("MarketWETH", "StubMarketWETH"));
@@ -196,18 +197,23 @@ contract Redeployer is BaseScript {
   /// @notice Upgrades a proxy to the cached ExaAccountFactory implementation.
   function deployExaFactory(address proxy) external {
     if (address(factory).code.length == 0) revert NotPrepared();
+    if (address(uint160(uint256(vm.load(proxy, ERC1967Utils.IMPLEMENTATION_SLOT)))) == address(factory)) return;
     vm.broadcast(acct("admin"));
     proxyAdmin.upgradeAndCall(ITransparentUpgradeableProxy(proxy), address(factory), "");
   }
 
   /// @notice Deploys ExaAccountFactory at a version-specific CREATE3 address.
   function deployExaFactory(string calldata version) external returns (ExaAccountFactory f) {
-    if (address(factory).code.length == 0) revert NotPrepared();
+    bytes32 salt = keccak256(abi.encode("Exa Plugin", version));
+    f = ExaAccountFactory(payable(CREATE3_FACTORY.getDeployed(acct("admin"), salt)));
+    if (address(f).code.length != 0) return f;
+    if (address(ownerPlugin).code.length == 0 || address(exaPlugin).code.length == 0) revert NotPrepared();
+
     address admin = acct("admin");
     vm.startBroadcast(admin);
     f = ExaAccountFactory(
       payable(CREATE3_FACTORY.deploy(
-          keccak256(abi.encode("Exa Plugin", version)),
+          salt,
           abi.encodePacked(
             vm.getCode("ExaAccountFactory.sol:ExaAccountFactory"),
             abi.encode(admin, ownerPlugin, exaPlugin, ACCOUNT_IMPL, ENTRYPOINT)
@@ -247,6 +253,16 @@ contract Redeployer is BaseScript {
     if (addr == address(0)) addr = CREATE3_FACTORY.getDeployed(acct("admin"), keccak256(abi.encode(salt)));
   }
 
+  function _factory() internal returns (ExaAccountFactory) {
+    if (address(exaPlugin).code.length != 0) {
+      PluginMetadata memory metadata = exaPlugin.pluginMetadata();
+      address f = CREATE3_FACTORY.getDeployed(acct("admin"), keccak256(abi.encode(metadata.name, metadata.version)));
+      if (f.code.length != 0) return ExaAccountFactory(payable(f));
+    }
+    return
+      ExaAccountFactory(payable(CREATE3_FACTORY.getDeployed(acct("admin"), keccak256(abi.encode("ExaAccountFactory")))));
+  }
+
   function _protocolOrStub(string memory name, string memory stub) internal returns (address addr) {
     addr = protocol(name, false);
     if (addr == address(0)) addr = CREATE3_FACTORY.getDeployed(acct("admin"), keccak256(abi.encode(stub)));
diff --git a/contracts/test/Redeployer.t.sol b/contracts/test/Redeployer.t.sol
@@ -226,6 +226,27 @@ contract RedeployerTest is ForkTest {
     assertEq(usdc.balanceOf(receiver), amount, "receiver should have USDC");
   }
 
+  function test_deployExaFactory_succeeds_whenVersionAlreadyDeployed() external {
+    vm.createSelectFork("polygon", 82_000_000);
+    redeployer = new Redeployer();
+    redeployer.prepare();
+    ExaAccountFactory f1 = redeployer.deployExaFactory("1.1.0");
+    ExaAccountFactory f2 = redeployer.deployExaFactory("1.1.0");
+    assertEq(address(f1), address(f2));
+  }
+
+  function test_deployExaFactoryWithProxy_succeeds_whenAlreadyUpgraded() external {
+    vm.createSelectFork("polygon", 82_000_000);
+    redeployer = new Redeployer();
+    redeployer.prepare();
+    address deployer = acct("deployer");
+    uint256 nonce = vm.getNonce(deployer);
+    redeployer.serialProxies(nonce);
+    address proxy = vm.computeCreateAddress(deployer, nonce);
+    redeployer.deployExaFactory(proxy);
+    redeployer.deployExaFactory(proxy);
+  }
+
   function test_deployExaFactory_reverts_whenNotPrepared() external {
     vm.createSelectFork("polygon", 82_000_000);
     redeployer = new Redeployer();
