Update eip-3561.md (ethereum#5561)

nachomazzara · Jan 13, 2023 · 81772fd · 81772fd
1 parent fa25edf
commit 81772fd
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/EIPS/eip-3561.md b/EIPS/eip-3561.md
@@ -49,7 +49,7 @@ On/after this block next logic contract address can be set to EIP-1967 `IMPLEMEN
 
 ### Propose Block
 Storage slot `0x4b50776e56454fad8a52805daac1d9fd77ef59e4f1a053c342aaae5568af1388` (obtained as `bytes32(uint256(keccak256('eip3561.proxy.propose.block')) - 1)`).
-Defines after/on which block *proposing* next logic is possible. Required for convenience, for example can be manually set to a year from given time. Can be set to maximum number to completely seal the code, must not overflow.
+Defines after/on which block *proposing* next logic is possible. Required for convenience, for example can be manually set to a year from given time. Can be set to maximum number to completely seal the code.
 Admin interactions with this slot correspond with this method and event:
 ```solidity
 function prolongLock(uint b) external onlyAdmin;
@@ -58,7 +58,7 @@ event ProposingUpgradesRestrictedUntil(uint block, uint nextProposedLogicEarlies
 
 ### Zero Trust Period
 Storage slot `0x7913203adedf5aca5386654362047f05edbd30729ae4b0351441c46289146720` (obtained as `bytes32(uint256(keccak256('eip3561.proxy.zero.trust.period')) - 1)`).
-Zero Trust Period in amount of blocks, can only be set once. While it is at default value(0), the proxy operates exactly as standard EIP-1967 transparent proxy. After zero trust period set, all above specification is enforced.
+Zero Trust Period in amount of blocks, can only be set once. While it is at default value(0), the proxy operates exactly as standard EIP-1967 transparent proxy. After zero trust period is set, all above specification is enforced.
 Admin interactions with this slot should correspond with this method and event:
 ```solidity
 function setZeroTrustPeriod(uint blocks) external onlyAdmin;
@@ -174,9 +174,13 @@ contract TrustMinimizedProxy{
 	}
 
 	function setZeroTrustPeriod(uint blocks) external ifAdmin { // before this called acts like a normal eip 1967 transparent proxy
+		uint ztp;
+		assembly { ztp := sload(ZERO_TRUST_PERIOD_SLOT) }
+		require(ztp==0,"already set");
 		assembly{ sstore(ZERO_TRUST_PERIOD_SLOT, blocks) }
 		emit ZeroTrustPeriodSet(blocks);
 	}
+	
 	function _updateBlockSlot() internal {
 		uint nlb = block.number + _zeroTrustPeriod();
 		assembly {sstore(NEXT_LOGIC_BLOCK_SLOT,nlb)}
@@ -222,7 +226,7 @@ A proxy without a time delay before an actual upgrade is obviously abusable. A t
 Propose block adds to convenience if used, so should be kept.
 
 ## Security Considerations
-Users must ensure that a trust-minimized proxy they interact with does not allow overflows, ideally represent the exact copy of the code in implementation example above, and also they must ensure that Zero Trust Period length is reasonable.
+Users must ensure that a trust-minimized proxy they interact with does not allow overflows, ideally represents the exact copy of the code in implementation example above, and also they must ensure that Zero Trust Period length is reasonable(at least a month).
 
 ## Copyright
 Copyright and related rights waived via [CC0](../LICENSE.md).