Author: Liam 'Akiba' Wright, Cryptoslate; Translated by: Baishui, Golden Finance

Smart contract proxy upgradability allows developers to update the logic of a deployed smart contract while preserving the state and address of the contract. This provides flexibility to fix bugs or add features, but also brings potential risks.

Smart contracts are self-executing agreements on blockchain networks that traditionally run as immutable code once deployed. This immutability is the cornerstone of trust in blockchain technology, ensuring that the terms of the contract cannot be changed unilaterally. However, the inability to modify contracts after deployment can pose challenges, primarily when bugs are discovered or improvements are needed.

Proxy Upgradability in Smart Contracts

Proxy upgradability addresses this limitation by introducing a dual contract system. The proxy contract stores state and holds user funds, while a separate logic contract contains the actual functionality. The proxy delegates function calls to the logic contract, which can be replaced with an upgraded version without changing the proxy's address or disturbing the stored data.

This approach has significant advantages. Developers can patch vulnerabilities, implement new features, and optimize performance without disrupting user interaction or requiring capital migration. Major DeFi protocols including Compound, Aave, and Uniswap V3 have adopted upgradeable contracts, using this flexibility to enhance their platforms over time while establishing themselves as A relatively trustworthy entity.

These protocols have implemented comprehensive security practices, including thorough audits, formal verification, and ongoing bug bounty programs. Their smart contracts are open source, allowing the public to review and verify functionality. In addition, they have adopted a decentralized governance system where token holders can participate in decision-making, thereby increasing transparency and reducing the risk of unilateral changes that could harm users.

Their established track record further strengthens the credibility of these protocols. They have been operating successfully for a long time and manage billions of dollars in assets. They continuously update and improve their systems based on community feedback and changing market conditions. Robust monitoring and alert systems and detailed incident response plans demonstrate their commitment to security.

Additionally, despite their emerging field, their efforts in regulatory compliance add another layer of credibility from the perspective of regulators. The high liquidity of these protocols also helps them resist certain types of attacks and market manipulation. However, no system is completely risk-free, and users should always be cautious and perform their own due diligence when interacting with any DeFi protocol.

Risks of Upgradable Smart Contracts

The ability to modify smart contract logic introduces new potential avenues for exploitation. Centralization risk becomes a major concern, with upgrade capabilities often controlled by a small group of administrators or governance participants. If not combined with transparent DAO practices, this concentration of power can be in stark contrast to the decentralized ethos of many blockchain projects.

Malicious upgrades are another potential threat. If attacked or acting maliciously, administrators could theoretically change contract logic to steal user funds or manipulate protocol operations. While governance processes and security measures are designed to mitigate this risk, the possibility remains a point of debate within the community, with the rise of sophisticated AI-powered phishing scams.

Technical vulnerabilities in the upgrade process itself pose additional dangers. Errors in the upgrade process can result in loss of funds, corrupt data, or render contracts inoperable. The complexity of the proxy model increases the attack surface and can introduce subtle bugs that may not be noticed until they are exploited.

How to safely interact with DeFi

For users navigating the DeFi space, identifying and evaluating upgradeable contracts has become critical. Examining proxy patterns in contract code (such as OpenZeppelin's proxy pattern) can reveal upgradeability features. Protocol documentation often discloses upgrade capabilities, but users should be aware that this information may not always be prominently displayed.

Assessing the security of upgradeable contracts requires careful consideration of governance structures and upgrade processes. Timelock delays for upgrades allow users to react to proposed changes. Multi-signature controls for administrative functions can distribute power and reduce single points of failure. The reputation and track record of the protocol team provide additional context for assessing trustworthiness.

For risk-averse users, limiting exposure in these systems and storing large amounts of funds for long periods of time may be advisable when interacting with upgradeable contracts. Actively monitoring upgrade proposals and participating in the governance process when possible enables users to stay informed and potentially influence protocol decisions.

The debate around smart contract upgradeability reflects a broader tension between innovation and security, flexibility, and immutability in the blockchain space. While upgradeable contracts provide a powerful tool for protocol development, they require users to trust human systems rather than relying solely on immutable code.

Striking the right balance between upgradability and security remains a core challenge. Users must remain vigilant and carefully evaluate the risks and benefits of interacting with upgradable systems. Sovereignty is not free; the costs and risks of security are paid by the end user. In traditional finance, these costs are handled by centralized institutions such as banks and financial institutions. It is for this reason that "bank-grade security" is a term used to define high-end security systems.

Self-custody means that responsibility ultimately falls on the user, and the traditional laissez-faire attitude towards security and risk is incompatible with Web 3.

To support this, developers and protocol teams are responsible for implementing strong governance mechanisms and a transparent upgrade process to maintain user trust.