Vulnerabilities

Upgrade Authorization

Upgrade authorization is the access-control logic that decides who can change a proxy implementation.

Upgrade authorization decides who is allowed to replace the contract logic.

Upgrade Authorization Explained in Detail

Upgrade authorization is the guard around changing implementation code. In UUPS proxies, it often appears as _authorizeUpgrade(address newImplementation).

The guard can be owner-based, role-based, governance-based, or custom.

Smart contract example

function _authorizeUpgrade(address) internal override onlyOwner {}

This is only safe if ownership is initialized and controlled by the intended authority.

Upgrade Authorization in Auditing

Weak upgrade authorization is one of the fastest paths to total compromise. If an attacker can upgrade to malicious logic, most other checks stop mattering.

Auditors review upgrade access with the same seriousness as direct fund movement.

Red flags in code

  • _authorizeUpgrade is empty or too broad.

  • Owner or role state is not initialized.

  • Role admin can self-grant upgrade rights.

  • Upgrade functions are callable on the implementation directly in an unsafe way.

  • Upgrade plus call can reinitialize critical state.

How to test or review it

  • Call upgrade functions as unauthorized users and expect rejection.

  • Verify owner, role, or governance initialization.

  • Test upgrade plus initialization calldata.

  • Check storage layout with storage gap and storage reports.

  • Confirm the new implementation is compatible with the proxy pattern.

Sources