Understanding the pros and cons of smart contract upgradeability in DeFi

Author: Liam 'Akiba' Wright, Cryptoslate; Compiler: Baishui, Golden Finance

Smart contract proxy upgradeability allows developers to update the logic of deployed smart contracts while preserving the state and address of the contract. This provides flexibility to fix bugs or add features, but also brings potential risks.

Smart contracts are self-executing agreements on blockchain networks that traditionally run as immutable code once deployed. This immutability is the cornerstone of trust in blockchain technology, ensuring that the terms of the contract cannot be changed unilaterally. However, the inability to modify contracts after deployment can pose challenges, mainly when bugs are discovered or improvements are needed.

Proxy Upgradeability in Smart Contracts

Proxy Upgradeability addresses this limitation by introducing a dual contract system. The proxy contract stores state and holds user funds, while a separate logic contract contains the actual functionality. The proxy delegates function calls to the logic contract, which can be replaced with an upgraded version without changing the proxy's address or interfering with the stored data.

This approach has significant advantages. Developers can patch bugs, implement new features, and optimize performance without disrupting user interactions or requiring fund migration. Major DeFi protocols including Compound, Aave, and Uniswap V3 have adopted upgradeable contracts, using this flexibility to enhance their platforms over time while establishing themselves as relatively trustworthy entities through a combination of rigorous security measures and transparent operations.

These protocols have implemented comprehensive security practices, including thorough audits, formal verification, and ongoing bug bounty programs. Their smart contracts are open source, allowing the public to review and verify functionality. In addition, they have adopted a decentralized governance system where token holders can participate in decision-making, thereby increasing transparency and reducing the risk of unilateral changes that could harm users.

The credibility of these protocols is further enhanced by their established track record. They have been operating successfully for a long time and manage billions of dollars in assets. They continuously update and improve their systems based on community feedback and changing market conditions. Robust monitoring and alert systems, as well as detailed incident response plans, demonstrate their commitment to security.

In addition, despite their emerging field, their efforts in regulatory compliance add another layer of credibility from the perspective of regulators. The high liquidity of these protocols also helps them resist certain types of attacks and market manipulation. However, no system is completely risk-free, and users should always be cautious and perform their own due diligence when interacting with any DeFi protocol.

Risks of Upgradable Smart Contracts

The ability to modify smart contract logic introduces new potential exploitation avenues. Centralization risk becomes a major concern, and the ability to upgrade is often controlled by a small group of administrators or governance participants. If not combined with transparent DAO practices, this concentration of power could stand in stark contrast to the decentralized ethos of many blockchain projects.

Malicious upgrades are another potential threat.If compromised or acting maliciously, administrators could theoretically change contract logic to steal user funds or manipulate protocol operations. While governance processes and security measures are designed to mitigate this risk, the possibility remains a point of debate within the community, with the rise of sophisticated AI-powered phishing scams.

Technical vulnerabilities in the upgrade process itself present additional dangers.Errors in the upgrade process could result in loss of funds, corrupt data, or render a contract inoperable. The complexity of the proxy model increases the attack surface and could introduce subtle bugs that may go unnoticed until they are exploited.

How to safely interact with DeFi

Identifying and evaluating upgradeable contracts has become critical for users navigating the DeFi space. Examining proxy patterns in contract code, such as OpenZeppelin’s, can reveal upgradeability features. Protocol documentation often discloses upgrade capabilities, but users should be aware that this information may not always be prominently displayed.

Assessing the security of upgradeable contracts requires careful consideration of governance structures and upgrade processes. Timelock delays for upgrades allow users to react to proposed changes. Multi-signature controls that govern functionality can distribute power and reduce single points of failure. The reputation and track record of the protocol team provide additional context for assessing trustworthiness.

For risk-averse users, limiting exposure in these systems and storing large amounts of funds for the long term may be advisable when interacting with upgradeable contracts. Actively monitoring upgrade proposals and participating in the governance process when possible allows users to stay informed and potentially influence protocol decisions.

The debate around smart contract upgradeability reflects a broader tension between innovation and security, flexibility, and immutability in the blockchain space. While upgradeable contracts provide a powerful tool for protocol development, they require users to trust human systems rather than relying solely on immutable code.

Striking the right balance between upgradeability and security remains a core challenge. Users must remain vigilant and carefully evaluate the risks and benefits of interacting with upgradeable systems. Self-sovereignty does not come for free; the costs and risks of security are paid by the end user. In traditional finance, these costs are handled by centralized institutions such as banks and financial institutions. It is for this reason that “bank-grade security” is a term used to define high-end security systems.

Self-custody means that the responsibility ultimately falls to the user, and the traditional laissez-faire attitude towards security and risk is incompatible with Web 3.

To support this, developers and protocol teams are responsible for implementing strong governance mechanisms and transparent upgrade processes to maintain user trust.