Skip to content

feat(SIP-57): allow for better observability into package upgrades#57

Open
admin-aftermath wants to merge 1 commit intosui-foundation:mainfrom
AftermathFinance:sip/upgraded-package-event
Open

feat(SIP-57): allow for better observability into package upgrades#57
admin-aftermath wants to merge 1 commit intosui-foundation:mainfrom
AftermathFinance:sip/upgraded-package-event

Conversation

@admin-aftermath
Copy link
Contributor

@admin-aftermath admin-aftermath commented May 13, 2025

No description provided.

@notmatical
Copy link

notmatical commented May 14, 2025

yes. please.

dmshvetsov
dmshvetsov reviewed May 15, 2025
View reviewed changes
sips/sip-57.md
```Rust
public struct UpgradedPackageEvent has copy, drop {
/// The address of the original package (the first version that was published).
original: address,
Copy link

@dmshvetsov dmshvetsov May 15, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe "genesis" or "initial" or something else will be a better name? "original" is a bit vague

Copy link
Contributor Author

@admin-aftermath admin-aftermath May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Original as in the package address that is created during sui client publish. previous + new would be dynamic off of what version of the contract is being upgraded, but original will always point to a package's initial address.

sips/sip-57.md
```Rust
public struct UpgradedPackageEvent has copy, drop {
/// The address of the original package (the first version that was published).
original: address,
Copy link

@dmshvetsov dmshvetsov May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same concern about "original" field name as above

@admin-aftermath
Copy link
Contributor Author

admin-aftermath commented May 22, 2025

Today's events are a good showcase of how this SIP can make an impact. A number of DeFi packages upgraded + versioned their contracts in response to a widespread vulnerability. As a result, the many aggregators that integrated with these products were temporarily disabled (some still are) until either they disabled integration with the newly versioned package or upgraded to the new package version.

From our view, there was great communication about new package versions as they came out but, due to the nature of the vulnerability, the protocols needed to be versioned directly after they were upgraded. This meant that by the time the upgrade was communicated, it was already too late if the protocol was not already blacklisted. I assume the other DEX aggregators experienced the same level of communication but this shouldn't be a strict requirement for the proper maintenance of package versioning / upgrades.

With this SIP we and other teams can build proper tools to notify of package upgrades to allow us to better prepare for or automate our responses.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dmshvetsov dmshvetsov dmshvetsov left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@admin-aftermath @notmatical @dmshvetsov