@lazy-sol/access-control-upgradeable 1.0.2

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@lazy-sol/access-control-upgradeable",
+  "version": "1.0.2",
+  "description": "Enable the modular plug and play (PnP) architecture for your dapp by incorporating the role-based access control (RBAC) into the smart contracts",
+  "main": "index.js",
+  "scripts": {
+    "clean": "hardhat clean",
+    "compile": "hardhat compile",
+    "test": "hardhat test",
+    "coverage": "hardhat coverage",
+    "deploy": "hardhat deploy"
+  },
+  "engines": {
+    "node": ">=16.20.0"
+  },
+  "keywords": [
+    "RBAC",
+    "Solidity",
+    "access control",
+    "modular architecture"
+  ],
+  "author": "Basil Gorin",
+  "license": "MIT",
+  "dependencies": {
+    "@lazy-sol/a-missing-gem": "^1.0.0",
+    "@nomiclabs/hardhat-truffle5": "^2.0.7",
+    "@openzeppelin/contracts-upgradeable": "^4.9.6",
+    "hardhat": "^2.20.1",
+    "hardhat-deploy": "^0.11.45"
+  },
+  "devDependencies": {
+    "@openzeppelin/contracts": "^4.9.6",
+    "@openzeppelin/test-helpers": "^0.5.16",
+    "hardhat-dependency-injector": "^1.0.0",
+    "hardhat-gas-reporter": "^1.0.10",
+    "solidity-coverage": "^0.8.10"
+  },
+  "overrides": {
+    "tough-cookie": "^4.1.3",
+    "yargs-parser": "^5.0.1"
+  }
+}

package/test/include/deployment_routines.js

@@ -0,0 +1,51 @@
+/**
+ * Deploys UpgradeableAccessControl
+ *
+ * @param a0 smart contract deployer
+ * @param version version number to deploy, optional
+ * @returns UpgradeableAccessControl instance
+ */
+async function deploy_upgradeable_ac_impl(a0, version = 1) {
+	// smart contracts required
+	const UpgradeableAccessControl = artifacts.require("UpgradeableAccessControl" + (version || ""));
+
+	// deploy and return
+	return await UpgradeableAccessControl.new({from: a0});
+}
+
+/**
+ * Deploys UpgradeableAccessControl via ERC1967Proxy
+ *
+ * @param a0 smart contract deployer
+ * @param owner smart contract owner, super admin, optional
+ * @param features initial smart contract features, optional
+ * @param version version number to deploy, optional
+ * @returns ERC1967Proxy –> UpgradeableAccessControl instance
+ */
+async function deploy_erc1967_upgradeable_ac(a0, owner = a0, features = 0, version = 1) {
+	// smart contracts required
+	const UpgradeableAccessControl = artifacts.require("UpgradeableAccessControl" + (version || ""));
+	const Proxy = artifacts.require("ERC1967Proxy");
+
+	// deploy the impl
+	const impl = await UpgradeableAccessControl.new({from: a0});
+
+	// prepare the initialization call bytes
+	const init_data = impl.contract.methods.postConstruct(owner, features).encodeABI();
+
+	// deploy proxy, and initialize the impl (inline)
+	const proxy = await Proxy.new(impl.address, init_data, {from: a0});
+
+	// wrap the proxy into the impl ABI
+	const ac = await UpgradeableAccessControl.at(proxy.address);
+	ac.transactionHash = proxy.transactionHash;
+
+	// return, proxy, and impl
+	return {proxy: ac, implementation: impl};
+}
+
+// export public deployment API
+module.exports = {
+	deploy_upgradeable_ac_impl,
+	deploy_erc1967_upgradeable_ac,
+}

package/test/include/features_roles.js

@@ -0,0 +1,41 @@
+// copy and export all the features and roles constants from different contracts
+
+// Auxiliary BN stuff
+const BN = web3.utils.BN;
+const TWO = new BN(2);
+
+// Access manager is responsible for assigning the roles to users,
+// enabling/disabling global features of the smart contract
+const ROLE_ACCESS_MANAGER = TWO.pow(new BN(255));
+
+// Upgrade manager is responsible for smart contract upgrades
+const ROLE_UPGRADE_MANAGER = TWO.pow(new BN(254));
+
+// Access Roles manager is responsible for assigning the access roles to functions
+const ROLE_ACCESS_ROLES_MANAGER = TWO.pow(new BN(253));
+
+// Bitmask representing all the possible permissions (super admin role)
+const FULL_PRIVILEGES_MASK = TWO.pow(new BN(256)).subn(1);
+
+// combine the role (permission set) provided
+function or(...roles) {
+	let roles_sum = new BN(0);
+	for(let role of roles) {
+		roles_sum = roles_sum.or(new BN(role));
+	}
+	return roles_sum;
+}
+
+// negates the role (permission set) provided
+function not(...roles) {
+	return FULL_PRIVILEGES_MASK.xor(or(...roles));
+}
+
+// export public module API
+module.exports = {
+	ROLE_ACCESS_MANAGER,
+	ROLE_UPGRADE_MANAGER,
+	FULL_PRIVILEGES_MASK,
+	or,
+	not,
+};

package/test/include/rbac.behaviour.js

@@ -0,0 +1,315 @@
+// Zeppelin test helpers
+const {
+	BN,
+	constants,
+	expectEvent,
+	expectRevert,
+} = require("@openzeppelin/test-helpers");
+const {
+	assert,
+	expect,
+} = require("chai");
+const {
+	ZERO_ADDRESS,
+	ZERO_BYTES32,
+	MAX_UINT256,
+} = constants;
+
+// BN constants and utilities
+const {
+	random_bn255,
+	random_bn256,
+} = require("@lazy-sol/a-missing-gem/bn_utils");
+
+// RBAC core features and roles
+const {
+	not,
+	ROLE_ACCESS_MANAGER, FULL_PRIVILEGES_MASK,
+} = require("./features_roles");
+
+/**
+ * RBAC core behaviour
+ *
+ * @param deployment_fn RBAC contract deployment function
+ * @param a0 deployer/admin account
+ * @param a1 participant 1
+ * @param a2 participant 2
+ */
+function behavesLikeRBAC(deployment_fn, a0, a1, a2) {
+	// define the "players"
+	const by = a1;
+	const to = a2;
+
+	describe("deployment and initial state", function() {
+		function deploy_and_check(owner, features) {
+			let access_control;
+			beforeEach(async function() {
+				access_control = await deployment_fn.call(this, a0, owner, features);
+			});
+			it('"RoleUpdated(owner)" event is emitted correctly', async function() {
+				await expectEvent.inConstruction(access_control, "RoleUpdated", {
+					operator: owner,
+					requested: FULL_PRIVILEGES_MASK,
+					assigned: FULL_PRIVILEGES_MASK,
+				});
+			});
+			it('"RoleUpdated(this)" event is emitted correctly', async function() {
+				await expectEvent.inConstruction(access_control, "RoleUpdated", {
+					operator: access_control.address,
+					requested: features,
+					assigned: features,
+				});
+			});
+			it("owners' role is set correctly", async function() {
+				expect(await access_control.getRole(owner)).to.be.bignumber.that.equals(FULL_PRIVILEGES_MASK);
+			});
+			it("features are set correctly", async function() {
+				expect(await access_control.features()).to.be.bignumber.that.equals(features);
+			});
+		}
+
+		describe("owner = 0, features = 0", function() {
+			deploy_and_check(ZERO_ADDRESS, new BN(0));
+		});
+		describe("owner = 0, features ≠ 0", function() {
+			deploy_and_check(ZERO_ADDRESS, random_bn256());
+		});
+		describe("owner ≠ 0, features = 0", function() {
+			deploy_and_check(a1, new BN(0));
+		});
+		describe("owner ≠ 0, features ≠ 0", function() {
+			deploy_and_check(a1, random_bn256());
+		});
+	});
+	describe("when deployed with not initial features", function() {
+		let access_control;
+		beforeEach(async function() {
+			access_control = await deployment_fn.call(this, a0);
+		});
+
+		function test_suite(write_fn, read_fn, check_fn, to_fn) {
+			describe("when performed by ACCESS_MANAGER", function() {
+				beforeEach(async function() {
+					await access_control.updateRole(by, ROLE_ACCESS_MANAGER, {from: a0});
+				});
+				describe("when ACCESS_MANAGER has full set of permissions", function() {
+					beforeEach(async function() {
+						await access_control.updateRole(by, MAX_UINT256, {from: a0});
+					});
+					describe("what you set", function() {
+						let receipt, set;
+						beforeEach(async function() {
+							// do not touch the highest permission bit (ACCESS_MANAGER permission)
+							set = random_bn255();
+							receipt = await write_fn(by, to, set);
+						});
+						describe("is what you get", function() {
+							it('"userRoles" value', async function() {
+								expect(await read_fn(to)).to.be.bignumber.that.equals(set);
+							});
+							it("role check (isOperatorInRole/isFeatureEnabled)", async function() {
+								expect(await check_fn(to, set)).to.be.true;
+							});
+							it('"RoleUpdated" event', async function() {
+								expectEvent(receipt, "RoleUpdated", {
+									operator: to_fn(to),
+									requested: set,
+									assigned: set,
+								});
+							});
+						});
+					});
+					describe("what you remove", function() {
+						let receipt, remove;
+						beforeEach(async function() {
+							// do not touch the highest permission bit (ACCESS_MANAGER permission)
+							remove = random_bn255();
+							receipt = await write_fn(by, to, not(remove));
+						});
+						describe("is what gets removed", function() {
+							it('"userRoles" value', async function() {
+								expect(await read_fn(to)).to.be.bignumber.that.equals(not(remove));
+							});
+							it("role check (isOperatorInRole/isFeatureEnabled)", async function() {
+								expect(await check_fn(to, not(remove))).to.be.true;
+							});
+							it('"RoleUpdated" event', async function() {
+								expectEvent(receipt, "RoleUpdated", {
+									operator: to_fn(to),
+									requested: not(remove),
+									assigned: not(remove),
+								});
+							});
+						});
+					});
+				});
+				describe("when ACCESS_MANAGER doesn't have any permissions", function() {
+					describe("what you get, independently of what you set", function() {
+						let receipt, set;
+						beforeEach(async function() {
+							// do not touch the highest permission bit (ACCESS_MANAGER permission)
+							set = random_bn255();
+							receipt = await write_fn(by, to, set);
+						});
+						describe("is always zero", function() {
+							it('"userRoles" value', async function() {
+								expect(await read_fn(to)).to.be.bignumber.that.is.zero;
+							});
+							it("role check (isOperatorInRole/isFeatureEnabled)", async function() {
+								expect(await check_fn(to, set)).to.be.false;
+							});
+							it('"RoleUpdated" event', async function() {
+								expectEvent(receipt, "RoleUpdated", {
+									operator: to_fn(to),
+									requested: set,
+									assigned: "0",
+								});
+							});
+						});
+					});
+					describe("what you get, independently of what you remove", function() {
+						let receipt, remove;
+						beforeEach(async function() {
+							// do not touch the highest permission bit (ACCESS_MANAGER permission)
+							remove = random_bn255();
+							await write_fn(a0, to, MAX_UINT256);
+							receipt = await write_fn(by, to, not(remove));
+						});
+						describe("is always what you had", function() {
+							it('"userRoles" value', async function() {
+								expect(await read_fn(to)).to.be.bignumber.that.equals(MAX_UINT256);
+							});
+							it("role check (isOperatorInRole/isFeatureEnabled)", async function() {
+								expect(await check_fn(to, MAX_UINT256)).to.be.true;
+							});
+							it('"RoleUpdated" event', async function() {
+								expectEvent(receipt, "RoleUpdated", {
+									operator: to_fn(to),
+									requested: not(remove),
+									assigned: MAX_UINT256,
+								});
+							});
+						});
+					});
+				});
+				describe("when ACCESS_MANAGER has some permissions", function() {
+					let role;
+					beforeEach(async function() {
+						// do not touch the highest permission bit (ACCESS_MANAGER permission)
+						role = random_bn255();
+						await access_control.updateRole(by, ROLE_ACCESS_MANAGER.or(role), {from: a0});
+					});
+					describe("what you get", function() {
+						let receipt, set;
+						beforeEach(async function() {
+							// do not touch the highest permission bit (ACCESS_MANAGER permission)
+							set = random_bn255();
+							receipt = await write_fn(by, to, set);
+						});
+						describe("is an intersection of what you set and what you have", function() {
+							it('"userRoles" value', async function() {
+								expect(await read_fn(to)).to.be.bignumber.that.equals(role.and(set));
+							});
+							it("role check (isOperatorInRole/isFeatureEnabled)", async function() {
+								expect(await check_fn(to, role.and(set))).to.be.true;
+							});
+							it('"RoleUpdated" event', async function() {
+								expectEvent(receipt, "RoleUpdated", {
+									operator: to_fn(to),
+									requested: set,
+									assigned: role.and(set),
+								});
+							});
+						});
+					});
+					describe("what you remove", function() {
+						let receipt, remove;
+						beforeEach(async function() {
+							// do not touch the highest permission bit (ACCESS_MANAGER permission)
+							remove = random_bn255();
+							await write_fn(a0, to, MAX_UINT256);
+							receipt = await write_fn(by, to, not(remove));
+						});
+						describe("is an intersection of what you tried to remove and what you have", function() {
+							it('"userRoles" value', async function() {
+								expect(await read_fn(to)).to.be.bignumber.that.equals(not(role.and(remove)));
+							});
+							it("role check (isOperatorInRole/isFeatureEnabled)", async function() {
+								expect(await check_fn(to, not(role.and(remove)))).to.be.true;
+							});
+							it('"RoleUpdated" event', async function() {
+								expectEvent(receipt, "RoleUpdated", {
+									operator: to_fn(to),
+									requested: not(remove),
+									assigned: not(role.and(remove)),
+								});
+							});
+						});
+					});
+				});
+				describe("ACCESS_MANAGER updates itself", function() {
+					beforeEach(async function() {
+						// do not touch the highest permission bit (ACCESS_MANAGER permission)
+						const role = random_bn255();
+						await access_control.updateRole(by, ROLE_ACCESS_MANAGER.or(role), {from: a0});
+					});
+					it("and degrades to zero with the 99.99% probability in 14 runs", async function() {
+						// randomly remove 255 bits of permissions
+						for(let i = 0; i < 14; i++) {
+							// do not touch the highest permission bit (ACCESS_MANAGER permission)
+							const role = random_bn255();
+							await access_control.updateRole(by, not(role), {from: by});
+						}
+						// this may fail with the probability 2^(-14) < 0.01%
+						expect(await access_control.getRole(by)).to.be.bignumber.that.equals(ROLE_ACCESS_MANAGER);
+					})
+				});
+				describe("when ACCESS_MANAGER grants ACCESS_MANAGER permission", function() {
+					beforeEach(async function() {
+						await access_control.updateRole(to, ROLE_ACCESS_MANAGER, {from: by});
+					});
+					it("operator becomes an ACCESS_MANAGER", async function() {
+						expect(await access_control.isOperatorInRole(to, ROLE_ACCESS_MANAGER), "operator").to.be.true;
+						expect(await access_control.isSenderInRole(ROLE_ACCESS_MANAGER, {from: to}), "sender").to.be.true;
+					});
+				});
+				describe("when ACCESS_MANAGER revokes ACCESS_MANAGER permission from itself", function() {
+					beforeEach(async function() {
+						await access_control.updateRole(by, 0, {from: by});
+					});
+					it("operator ceases to be an ACCESS_MANAGER", async function() {
+						expect(await access_control.isOperatorInRole(by, ROLE_ACCESS_MANAGER), "operator").to.be.false;
+						expect(await access_control.isSenderInRole(ROLE_ACCESS_MANAGER, {from: by}), "sender").to.be.false;
+					});
+				});
+			});
+			describe("otherwise (no ACCESS_MANAGER permission)", function() {
+				it("updateFeatures reverts", async function() {
+					await expectRevert(access_control.updateFeatures(1, {from: by}), "access denied");
+				});
+				it("updateRole reverts", async function() {
+					await expectRevert(access_control.updateRole(to, 1, {from: by}), "access denied");
+				});
+			});
+		}
+
+		// run two test suites to test get/set role and get/set features
+		test_suite(
+			async(by, to, set) => await access_control.updateRole(to, set, {from: by}),
+			async(op) => await access_control.getRole(op),
+			async(op, role) => await access_control.isOperatorInRole(op, role),
+			(to) => to
+		);
+		test_suite(
+			async(by, to, set) => await access_control.updateFeatures(set, {from: by}),
+			async(op) => await access_control.features(),
+			async(op, role) => await access_control.isFeatureEnabled(role),
+			(to) => access_control.address
+		);
+	});
+}
+
+// export the RBAC core behaviour
+module.exports = {
+	behavesLikeRBAC,
+}

package/test/rbac_core.js

@@ -0,0 +1,59 @@
+// AccessControlUpgradeable (U-RBAC) Core Tests
+
+// Zeppelin test helpers
+const {
+	BN,
+	constants,
+	expectEvent,
+	expectRevert,
+} = require("@openzeppelin/test-helpers");
+const {
+	assert,
+	expect,
+} = require("chai");
+const {
+	ZERO_ADDRESS,
+	ZERO_BYTES32,
+	MAX_UINT256,
+} = constants;
+
+// import the core RBAC behaviour to use
+const {
+	behavesLikeRBAC,
+} = require("./include/rbac.behaviour");
+
+// deployment routines in use
+const {
+	deploy_upgradeable_ac_impl,
+	deploy_erc1967_upgradeable_ac,
+} = require("./include/deployment_routines");
+
+// RBAC proxy instance un-wrapper
+async function deploy_access_control(a0, owner = a0, features = new BN(0)) {
+	const {proxy} = await deploy_erc1967_upgradeable_ac(a0, owner, features);
+	return proxy;
+}
+
+// RBAC proxy instance un-wrapper
+async function deploy_access_control_v2(a0, owner = a0, features = new BN(0)) {
+	const {proxy} = await deploy_erc1967_upgradeable_ac(a0, owner, features);
+	if(owner !== ZERO_ADDRESS) {
+		const v2 = await deploy_upgradeable_ac_impl(a0, 2);
+		await proxy.upgradeTo(v2.address, {from: owner});
+	}
+	return proxy;
+}
+
+// run AccessControlUpgradeable (U-RBAC) tests
+contract("AccessControlUpgradeable (U-RBAC) Core tests", function(accounts) {
+	// extract accounts to be used:
+	// A0 – special default zero account accounts[0] used by Truffle, reserved
+	// a0 – deployment account having all the permissions, reserved
+	// H0 – initial token holder account
+	// a1, a2,... – working accounts to perform tests on
+	const [A0, a0, H0, a1, a2, a3] = accounts;
+
+	// run the core RBACs behaviour test
+	behavesLikeRBAC(deploy_access_control, a0, a1, a2);
+	behavesLikeRBAC(deploy_access_control_v2, a0, a1, a2);
+});

package/test/rbac_modifier.js

@@ -0,0 +1,59 @@
+// AccessControlUpgradeable (U-RBAC) restrictedTo modifier tests
+
+// Zeppelin test helpers
+const {
+	BN,
+	constants,
+	expectEvent,
+	expectRevert,
+} = require("@openzeppelin/test-helpers");
+const {
+	assert,
+	expect,
+} = require("chai");
+const {
+	ZERO_ADDRESS,
+	ZERO_BYTES32,
+	MAX_UINT256,
+} = constants;
+
+// deployment routines in use
+const {
+	deploy_erc1967_upgradeable_ac,
+} = require("./include/deployment_routines");
+
+// RBAC proxy instance un-wrapper
+async function deploy_access_control(a0) {
+	const {proxy} = await deploy_erc1967_upgradeable_ac(a0);
+	return proxy;
+}
+
+// run AccessControlUpgradeable (U-RBAC) tests
+contract('AccessControlUpgradeable (U-RBAC) "restrictedTo" Modifier tests', function(accounts) {
+	// extract accounts to be used:
+	// A0 – special default zero account accounts[0] used by Truffle, reserved
+	// a0 – deployment account having all the permissions, reserved
+	// H0 – initial token holder account
+	// a1, a2,... – working accounts to perform tests on
+	const [A0, a0, H0, a1, a2, a3] = accounts;
+
+	// `restrictedTo` modifier check
+	describe("restrictedTo modifier check", function() {
+		let access_control;
+		beforeEach(async function() {
+			access_control = await deploy_access_control(a0);
+		});
+		it("function protected with restrictedTo modifier fails when run not by an admin", async function() {
+			await expectRevert(access_control.restricted({from: a1}), "access denied");
+		});
+		describe("function protected with restrictedTo modifier succeeds when run by admin", async function() {
+			let receipt;
+			beforeEach(async function() {
+				receipt = await access_control.restricted({from: a0});
+			});
+			it('"Restricted" event is emitted', async function() {
+				expectEvent(receipt, "Restricted");
+			});
+		});
+	});
+});

package/test/rbac_upgradeable.js

@@ -0,0 +1,120 @@
+// UpgradeableAccessControl (U-RBAC) Core Tests
+
+// Zeppelin test helpers
+const {
+	BN,
+	constants,
+	expectEvent,
+	expectRevert,
+} = require("@openzeppelin/test-helpers");
+const {
+	assert,
+	expect,
+} = require("chai");
+const {
+	ZERO_ADDRESS,
+	ZERO_BYTES32,
+	MAX_UINT256,
+} = constants;
+
+// RBAC core features and roles
+const {
+	not,
+	ROLE_UPGRADE_MANAGER,
+} = require("./include/features_roles");
+
+// deployment routines in use
+const {
+	deploy_upgradeable_ac_impl,
+	deploy_erc1967_upgradeable_ac,
+} = require("./include/deployment_routines");
+
+// run UpgradeableAccessControl (U-RBAC) tests
+contract("UpgradeableAccessControl (U-RBAC) Core tests", function(accounts) {
+	// extract accounts to be used:
+	// A0 – special default zero account accounts[0] used by Truffle, reserved
+	// a0 – deployment account having all the permissions, reserved
+	// H0 – initial token holder account
+	// a1, a2,... – working accounts to perform tests on
+	const [A0, a0, H0, a1, a2, a3] = accounts;
+
+	// define the "players"
+	const by = a1;
+	const to = a2;
+
+	// deploy the RBAC
+	let ac, impl1;
+	beforeEach(async function() {
+		({proxy: ac, implementation: impl1} = await deploy_erc1967_upgradeable_ac(a0));
+	});
+
+	it("initialized version is 1", async function() {
+		expect(await ac.getInitializedVersion()).to.be.bignumber.that.equals("1");
+	});
+	it("it is impossible to re-initialize", async function() {
+		await expectRevert(ac.postConstruct(ZERO_ADDRESS, 0, {from: a0}), "Initializable: contract is already initialized");
+	});
+	describe("when there is new (v2) implementation available", function() {
+		let impl2;
+		beforeEach(async function() {
+			impl2 = await deploy_upgradeable_ac_impl(a0, 2);
+		});
+		describe("when performed by UPGRADE_MANAGER", function() {
+			beforeEach(async function() {
+				await ac.updateRole(by, ROLE_UPGRADE_MANAGER, {from: a0});
+			});
+			it("implementation upgrade with initialization fails (already initialized)", async function() {
+				// prepare the initialization call bytes
+				const init_data = ac.contract.methods.postConstruct(ZERO_ADDRESS, 0).encodeABI();
+
+				// and upgrade the implementation
+				await expectRevert(
+					ac.upgradeToAndCall(impl2.address, init_data, {from: by}),
+					"Initializable: contract is already initialized"
+				);
+			});
+			describe("implementation upgrade without initialization succeeds", function() {
+				let receipt;
+				beforeEach(async function() {
+					receipt = await ac.upgradeTo(impl2.address, {from: by});
+				});
+				it('"Upgraded" event is emitted', async function() {
+					expectEvent(receipt, "Upgraded", {implementation: impl2.address});
+				});
+				it("implementation address is set as expected", async function() {
+					expect(await ac.getImplementation()).to.be.equal(impl2.address);
+				});
+			});
+			it("direct initialization of the implementation (bypassing proxy) fails", async function() {
+				await expectRevert(impl1.postConstruct(ZERO_ADDRESS, 0, {from: by}), "Initializable: contract is already initialized");
+			});
+			it("direct upgrade of the implementation (bypassing proxy) fails", async function() {
+				await expectRevert(impl1.upgradeTo(impl2.address, {from: by}), "Function must be called through delegatecall");
+			});
+		});
+		describe("otherwise (no UPGRADE_MANAGER permission)", function() {
+			beforeEach(async function() {
+				await ac.updateRole(by, not(ROLE_UPGRADE_MANAGER), {from: a0});
+			});
+			it("implementation upgrade with initialization fails (already initialized)", async function() {
+				// prepare the initialization call bytes
+				const init_data = ac.contract.methods.postConstruct(ZERO_ADDRESS, 0).encodeABI();
+
+				// and upgrade the implementation
+				await expectRevert(
+					ac.upgradeToAndCall(impl2.address, init_data, {from: by}),
+					"access denied"
+				);
+			});
+			it("implementation upgrade without initialization reverts", async function() {
+				await expectRevert(ac.upgradeTo(impl2.address, {from: by}), "access denied");
+			});
+			it("direct initialization of the implementation (bypassing proxy) fails", async function() {
+				await expectRevert(impl1.postConstruct(ZERO_ADDRESS, 0, {from: by}), "Initializable: contract is already initialized");
+			});
+			it("direct upgrade of the implementation (bypassing proxy) fails", async function() {
+				await expectRevert(impl1.upgradeTo(impl2.address, {from: by}), "Function must be called through delegatecall");
+			});
+		});
+	});
+});