Demystifying the Characteristics for Smart Contract Upgrades

TL;DR

This study analyzes the characteristics and impacts of proxy-based smart contract upgrades on Ethereum, revealing common upgrade practices, potential security vulnerabilities, and real-world consequences of contract modifications.

Contribution

It provides the first comprehensive empirical analysis of smart contract upgrade patterns, impacts, and security issues based on a large dataset of open source proxy contracts.

Findings

Many contracts are upgraded to improve usability and add features.

Upgrade-related breaking changes cause compatibility issues in real transactions.

Storage collisions and initialization vulnerabilities are present in a significant number of upgrades.

Abstract

Upgradable smart contracts play an important role in the decentralized application ecosystem, to support routine maintenance, security patching, and feature additions. In this paper, we conduct an empirical study on proxy-based upgradable smart contracts to understand the characteristics of contract upgrading. Through our study on 57,118 open source proxy contracts, we found that 583 contracts have ever been upgraded on Ethereum, involving 973 unique implementation contract versions. The results show that developers often intend to improve usability of contracts if upgrading, where functionality addition and update are the most frequent upgrade intentions. We investigated the practical impacts of contract upgrades, e.g., breaking changes causing compatibility issues, storage collisions and initialization risks leading to security vulnerabilities. The results demonstrate that there are 4,334 ABI breaking changes due to the upgrades of 276 proxies, causing real-world broken usages within 584 transactions witnessed by the blockchain; 36 contract upgrades had storage collisions and five proxies with 59 implementation contracts are vulnerable to initialization attacks.