ERC1967 Explained in Detail
ERC1967 defines fixed storage slots for proxy metadata. The most important slots store the implementation address, admin address, and beacon address.
These slots are chosen to avoid normal Solidity storage allocation and reduce storage collision risk.
Smart contract example
implementation slot = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
Reading this slot tells auditors which implementation a proxy delegates to.
ERC1967 in Auditing
ERC1967 slots define who controls an upgradeable proxy and what code it runs. If these slots are wrong or writable through unsafe logic, the proxy can be hijacked.
Auditors inspect slots directly when reviewing proxy systems.
Red flags in code
-
Implementation slot points to an address with no code.
-
Admin slot is an EOA or weakly controlled account.
-
Implementation and beacon slots are both unexpectedly set.
-
Upgrade events are missing.
-
Custom proxy code uses nonstandard slots without clear reason.
How to test or review it
-
Read ERC1967 storage slots on the proxy address.
-
Verify implementation code and admin ownership.
-
Test upgrade paths and emitted events.
-
Check storage layout before and after upgrades.
-
Confirm implementation logic cannot overwrite proxy control slots.