Look into what upgrade safety means

[martriay]

In Solidity, we say a contract is upgrade safe if it doesn't have a constructor, call selfdestruct or delegatecall. It also checks proper initializer usage. For upgrades, it checks whether there's any storage structure compatibility issues between implementations.

Since most of these does not apply to Cairo, we should look into what upgrade safety means so we can develop proper tooling.

[martriay]

if there's any selfdestruct on Cairo, we should look into potential known UUPS vulns around upgradeToAndCall

[frangio]

AFAICT, the concerns about selfdestruct with UUPS are mitigated by delegatecall working with class hashes instead of implementation deployments.

The other concern about UUPS is with preserving upgradeability: making sure that the upgrade functionality is not accidentally removed in an upgrade, because that bricks the upgrade mechanism. On the Solidity side this is done in two ways: 1) the contract performs a best-effort on-chain check (see proxiableUUID, though we extended the semantics so it has to return the storage slot that is used instead, in our case a different value than specified in the EIP currently), and 2) off-chain the plugins check that the upgraded implementation contains an upgradeTo function prior to executing the upgrade.