A Comprehensive Survey of Upgradeable Smart Contract Patterns
share
In this work, we provide a comprehensive survey of smart contract upgradability patterns using proxies. A primary characteristic of smart contracts on the Ethereum blockchain is that they are immutable once implemented, no changes can be made. Taking human error into account, as well as technology improvements and newly discovered vulnerabilities, there has been a need to upgrade these smart contracts, which may hold enormous amounts of Ether and hence become the target of attacks. Several such attacks have caused tremendous losses in the past, as well as millions of dollars in Ether which has been locked away in broken contracts. Thus far we have collected many upgradable proxy patterns and studied their features to build a comprehensive catalog of patterns. We present a summary of these upgradable proxy patterns which we collected and studied. We scraped the source code for approximately 100000 verified contracts from Etherscan.io, the most popular block explorer for Ethereum, out of which we extracted around 64k unique files - most containing multiple contracts. We have begun to automate the analysis of these contracts using the popular static analysis tool Slither, while at the same time implementing much more robust detection of upgradable proxies using this framework. Comparing the results of the original implementation to our own, we have found that approximately 70 percent of the contracts which were initially flagged as upgradeable proxies are false positives which we have eliminated.
READ FULL TEXT