What Are Upgradable Smart Contracts and How to Put Them into Practice?

What Are Upgradable Smart Contracts and How to Put Them into Practice?

What Are Upgradable Smart Contracts and How to Put Them into Practice?

What Are Upgradable Smart Contracts and How to Put Them into Practice?

What Are Upgradable Smart Contracts and How to Put Them into Practice?

Read Time: 6 minutes

We know smart contracts are lines of code on the blockchain that execute transactions automatically. These contracts are known for their immutable nature, and once they’re set in action, they stay that way forever. 

On the other hand, we’ve got something called upgradable contracts. It means developers can tweak the code if needed. Bugs show up? They can patch ’em up without starting from scratch. It’s pretty handy for keeping things smooth and efficient.

Concerns arise around who controls these changes. But having the power to upgrade isn’t automatically bad. It’s about using it responsibly and having a contract that can adapt to the evolving needs. 

Inspite of the debates and arguments about the upgradable smart contracts, why are they still proving indispensable?

Let’s explore in our article today the advantages one can have with upgradability, what is the working behind the upgradable smart contract and how to practically implement them. 

What are smart contract upgrades?

Smart contracts themselves are inherently immutable once deployed. So, rather than modifying the code of an already deployed smart contract, upgrading revolves around implementing a new smart contract to replace an existing one. 

This process of substitution allows the introduction of new functionalities or modifications without altering the original code directly. 

Essentially, it involves swapping an old contract for a new one while the older versions remain unchanged and immutable on the blockchain. 

This ensures that end users of the dApp experience a seamless transition without having to adjust their interaction with the application.

What’s the need for upgradable contracts?

Adapting to dynamic business needs: Upgradability ensures that contracts can evolve, accommodating new functionalities or modifications demanded by evolving markets or user needs.

Security and Bug Fixes: Upgradable contracts enable quick fixes to identified issues, enhancing security and mitigating risks promptly.

Unlike immutable contracts, upgradable ones allow developers to create new versions and update contracts, swiftly resolving any identified vulnerabilities.

Efficiency: Upgrading streamlines the process of introducing improvements, ensuring enhanced efficiency without the need for complete redevelopment.

Scope for continuous improvement: These contracts facilitate continuous development, allowing for ongoing improvements in functionality, security, and performance.

Inclusive Governance: The system of upgradable contracts encourages community participation in shaping the contract’s evolution. 

Community involvement ensures that the contract evolves in a transparent manner, aligning with the collective interests and needs of the stakeholders.

Approach to upgrading smart contract

Having highlighted the importance of upgradable smart contracts in addressing the limitations of immutable contracts, let’s find out how to do it.

Data-Separation Pattern

The earliest was the data-separation pattern, which separated smart contracts into logic and storage entities, storing and managing the state respectively. 

However, constant interactions between logic and storage incurred considerable gas costs, rendering this approach inefficient.

Proxy-Based upgradability

That’s why modern upgradability smart contracts rely on proxies to manage upgradability efficiently. 

A fixed proxy contract maintains the system’s state while holding a changeable logic address. Unlike conventional contracts, users interact with the proxy, directing their calls to the business logic contract. 

This setup ensures that logic contracts don’t store user data, simplifying upgrades. When an upgrade is necessary, deploying a new logic contract involves only updating the address in the proxy contract.

Proxy Patterns and Their Variants

The three common variants of the proxy pattern are:

Simple Proxy Pattern

The simple proxy involves a fixed proxy contract and an execution contract (logic contract). The proxy maintains its execution context, storage, and ether balance. 

Using delegatecall, the proxy invokes the logic contract’s code within its execution context, allowing the logic contract to alter the proxy contract’s state while keeping the application’s state intact.

Transparent Proxy Pattern

In this pattern, the end-user calls directly access the logic contract, except for control functions managed by the proxy for upgradability. This approach mitigates function selector clashes but incurs additional gas costs due to loading logic contract addresses for each delegatecall.

Universal Upgradable Proxy Standard (UUPS) Pattern

The Universal Upgradable Proxy Standard (UUPS) establishes a standardized method for creating proxy contracts with universal compatibility across all contracts. Unlike traditional proxy patterns, UUPS alters the upgrade process by shifting the upgrade functionality to the logic contract itself. 

This is achieved through a specific design where the logic contract inherits from a designated “proxiable” parent contract that holds the upgrade functionality. By integrating the upgrade logic into a parent contract, this pattern allows the compiler to detect potential clashes within the same contract, reducing the likelihood of clashes between different contract components.

However, the implementation and maintenance of smart contracts using the UUPS pattern might pose some challenges compared to other proxy patterns due to their specific structure and inheritance requirements.

Action steps for implementing upgradable contracts

Here’s a step-by-step guide to creating and upgrading a smart contract. This process allows you to create, deploy, and upgrade your smart contracts using Hardhat and OpenZeppelin‘s upgradable contract libraries.

Ensure you have Node.js (version 12 or higher) and Hardhat (version 2 or higher) installed on your system.

Step 1: Setting Up the Project

1. Create a new project directory and navigate to it.

2. Initialize a new Node.js project:

3. Install necessary packages:

4. Set up your Hardhat project:

Step 2: Writing the Initial Contract

Create a new file named ‘MyContract.sol’ in the contracts directory and add the initial contract code. For example:

Step 3: Deploying the Initial Contract

Create a new file, ‘my-contract.js’ in the task folder and add the deployment code:

Step 4: Preparing the Upgraded Contract

Update ‘MyContract.sol’ to reflect the upgraded contract:

Step 5: Upgrading the Contract

Add an upgrade task in ‘my-contract.js’ to upgrade the contract:

Ensure to set up configurations in ‘.env’ and ‘hardhat.config.js’ and then execute the deployment and upgrade commands with Hardhat, adjusting the network flag as needed.

Wrapping Up,

Talking of the upgradable smart contracts, security risks lurk in various forms, from missing initialization calls and potential storage clashes to unauthorized upgrades and denial-of-service vulnerabilities post-upgrade.

If left unchecked, these risks can cascade into damaging exploits, posing a threat to both user funds and data integrity. 

To protect these contracts against such vulnerabilities, a meticulous smart contract audit from reputed firms like QuillAudits becomes imperative.

In the quest for the agility and flexibility that upgradable contracts offer, security must stand as an unwavering cornerstone. An audited and secure contract ensures that these contracts are void of errors or loopholes that could be exploited.


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+