Smart Contract Deployment – Deploying to Same Address on Mainnet and Ropsten

contract-deploymentnoncereplay-attackropstentestnets

Traditionally when people have deployed contracts for public use they have tended to publish separate contract addresses for Testnet and Mainnet. Often this then requires them to include code to check which network the contract is on, as we see in this example .

This seems to have been necessary previously because in the absence of replay protection, Morden used a very high accountStartNonce, making it impractical to create the same address on Mainnet. (See
Is it possible to give a contract the same address from morden )

Now that EIP 155 replay protection is live and Ropsten is using an accountStartNonce of 0 like Mainnet, are there any good reasons left to carry on using separate addresses for mainnet and testnet, or should we get rid of this code and just use a single address for both?

Best Answer

A rather weak argument against your suggestion is the following: The deployer would have to use the same private key in both test and main net. This could be considered a security risk, as private keys in test net usually do not have to be stored and handled securely, while in main net they most definitely do. Mixing the two domains would, thus, blur the security requirements of each of them.

I would argue, though, that the pros of having the same address in both test and main net are not very convincing either. In the example you linked a better solution would, in my opinion, be passing the respective address in the constructor.

Also, not all net-specific code would be made obsolete anyway (e.g., parameters such as crowd sale durations, validator numbers, ...).

Related Solutions

[Ethereum] EIP 155 – Replay Attack and Backwards Compatibility on ETC chain

The replay attack allows any transaction signed in a way that is valid on both chains to be executed. So, for example, if you have an account with 10 eth in the Classic chain and 1 eth in the Ethereum chain, a pre-EIP155 transaction would allow an attacker to replay any basic balance transfer from the Ethereum chain on the Classic; a balance transfer of >1 eth signed on the Classic chain using a pre-EIP155 wallet could not be replayed on the Ethereum chain until the account balance was large enough. But as soon as the balance on the Ethereum account is large enough, the transaction becomes valid and an attacker can replay it onto the Ethereum chain. Perhaps this attacker received payment for you in ETC and is hoping to get the same amount in ETH as well.

When you sign a transaction, you're saying "I authorize X to happen". As long as the authorization makes sense on a chain, it can be used (once) on that chain. With EIP155, the old way of signing transactions is still permitted along with a new chain-specific signature. Pre-EIP155 wallets can still transact on the Ethereum and Ethereum Classic chains and are subject to the replay attack. Unlike the pre-EIP155 transaction signature which says "I authorize X to happen," EIP155 allows the transaction signature to also include the chain for which the transaction is being signed -- essentially, the signed transaction now says "I authorize X to happen (only) on the Y chain." and the mining nodes will reject the transaction if they are not mining chain Y. Thus, even if the transaction were replayed onto another chain, the authorization is invalid on that chain.

solidity – How to Deploy Contracts to Ropsten Test-Net Using web3.js?

You can try this NodeJS solution:

module.paths.push('/usr/lib/node_modules');

var fs = require('fs');
const contract_data = JSON.parse(
    fs.readFileSync('path to your JSON file')
);


var openKey = "open Key (address)";
var privateKey = "privateKey";


var Web3 = require('web3');
var web3 = new Web3(new Web3.providers.HttpProvider("https://ropsten.infura.io/ "));

web3.eth.accounts.wallet.add("0x" + privateKey);

var contract = new web3.eth.Contract(contract_data.abi);

contract.deploy({
    data: contract_data.unlinked_binary,
    arguments: []
}).send({
    from: openKey,
    gas: 1500000,
    gasPrice: '80000000'
}, function (error, transactionHash) {

}).on('error', function (error) {
    console.log('error', error);
}).on('transactionHash', function (transactionHash) {
    console.log('transactionHash', transactionHash);
}).on('receipt', function (receipt) {
    console.log('receipt', receipt.contractAddress);
}).on('confirmation', function (confirmationNumber, receipt) {
    console.log('confirmation', confirmationNumber);
});

Best Answer

Related Solutions

[Ethereum] EIP 155 – Replay Attack and Backwards Compatibility on ETC chain

solidity – How to Deploy Contracts to Ropsten Test-Net Using web3.js?

Related Topic