How to use etch() to replace an already deployed contract with a version that makes all variables public and/or exposes additional public functions.

[aathan]

I need to spelunk the storage and behavior of an existing deployed contract. I know about ForgeStd but accessing its storage via those functions is cumbersome, and it occurred to me that an approach I could take would be to deploy new contract code to the old contract address, where I've made everything public and/or added additional utility/testing functions to explore the old contract's storage variables and information model.

I'm having trouble with that. I'm probably forgetting something fundamental about the way contract code is stored on-chain, and/or there are some clarifications that could be made to the cheatcode documentation. For example, I know the bytecode stored on-chain is what results from calling a contract's constructor, and that the constructor code itself is not part of the deployed bytecode of a contract.

Therefore, it is not exactly clear how to go from getCode to etch to call of the prior contract address while having access to new functions.

Obviously the replacing contract has exactly the same storage variable declarations in exactly the same order.

Neither version of the replacementCode works. The test reverts calling the pub.name() function (the ERC20 one) even though it's declared and implemented the same way in both the original contract code and the AllPublic replacement code.

    │   ├─ [0] 0x60ae…33d4::c45a0155() [staticcall]
    │   │   └─ ← ()

test code:

    address payable constant otherAddress  = payable(SOME_OTHER_ADDRESS);
    address payable constant target = payable(SOME_TARGET_ADDRESS);

    function testAllPublic() public {
        Vm vm = Vm(HEVM_ADDRESS);
        AllPublic pub = AllPublic(target);
        AllPublic newPub = new AllPublic('foo','bar',otherAddress,0);
	//bytes memory replacementCode = vm.getCode("AllPublic.sol:AllPublic");
	bytes memory replacementCode = address(newPub).code;
        vm.etch(target,replacementCode);
        emit log_string(pub.name());
    }

[aathan]

I checked the signature c45a0155 and it's for factory() so perhaps the constructor of AllPublic() is failing. Nevertheless, can anyone tell me whether this approach is likely to succeed or is perhaps laughably wrong?

Ok, that was the problem. The constructor of the new contract was reverting. I can also report that etch(getCode()) does not work, but etch((new AllPub(...)).code) does work.

If you could reinforce my understanding as to why that is, that would be awesome.

[onbjerg]

IIRC getCode does not get the runtime bytecode, rather it gets the init bytecode, so essentially you are replacing the target with the constructor of AllPublic

[aathan]

Hmm, so either I can research a way to execute that code off-chain to generate the runtime bytecode (which if I remember correctly is then also adorned with ABI metadata etc??? I have to re-read all those specs) or do it the way I posted above. Deploy the new contract and etch() that code. If there's some off-chain recipe that you know of I'm all ears, but not terribly important.

[aathan]

So in conclusion, what works is:

function testAllPublic() public {
        Vm vm = Vm(HEVM_ADDRESS);
        AllPublic pub = AllPublic(target);
        AllPublic newPub = new AllPublic('foo','bar',otherAddress,0);
	bytes memory replacementCode = address(newPub).code;
        vm.etch(target,replacementCode);
    }

but you'll generally want to make sure the constructor and/or initialization functions of the AllPublic contract are mostly no-ops since they probably interact with other on-chain contracts (such as dex routers etc) that will probably revert.

(By the way, it only makes sense to do this against a mainnet or testnet fork, e.g., via hardhat or truffle/ganache.)