The Security of Upgradeable Ethereum Smart Contracts, and Why People Keep Losing Millions


Blockchain is an exciting new field, and a common and developer-friendly use of it is Ethereum smart contracts. Traditionally, these contracts are public but immutable. Historically this has led to various bugs introduced within the contracts’ code, yet with no way to fix them, malicious actors can freely abuse that. This has led to numerous million-dollar thefts. Upgradeable smart contracts promise to allow changing the contract code by the developer. This however opens additional security vulnerabilities which remain unresolved in the current widespread standards. This talk coves our research work in identifying these security issues, and proposing better programming models for upgradeable contracts without these disadvantages.