slither icon indicating copy to clipboard operation
slither copied to clipboard
verified publisher icon crytic

Question about upgradeability bug checker

Open ryang-max opened this issue 3 years ago • 2 comments

Hello, I'm wondering if there is some other resources for the upgradability bugs? I could almost find nothing by searching the keywords like "upgradeable smart contract vulnerability" but no related pages are found. I'm just curious about how to summarize so many upgradable bug patterns and do they really exist in some real-world contracts?

Thanks a lot!

ryang-max avatar Jun 20 '22 14:06 ryang-max

@montyly Really sorry to bother you, but I see the wiki page is mainly edited by you so I'm wondering if you can solve my problems...

ryang-max avatar Jun 21 '22 00:06 ryang-max

Hi @y1cunhui,

You can learn more about these issues through our blogposts:

  • https://blog.trailofbits.com/2018/09/05/contract-upgrade-anti-patterns/
  • https://blog.trailofbits.com/2020/10/30/good-idea-bad-design-how-the-diamond-standard-falls-short/
  • https://blog.trailofbits.com/2020/12/16/breaking-aave-upgradeability/

Every detector in slither-check-upgradeability has been built as a result of a one of our audits, so these issues do exist in real-world contracts.

montyly avatar Jun 21 '22 07:06 montyly