Storage collision reentrancy is the core vulnerability. A proxy contract's storage layout must remain consistent across upgrades. A flawed upgrade that reorders variables creates a mismatch where a new function writes to a storage slot the old logic treats as a user-controlled address, enabling reentrancy.
smart-contract-auditing-and-best-practices
Blog
Why Upgrade Proxies Introduce a New Class of Reentrancy
The proxy upgrade pattern, a cornerstone of DeFi, harbors a subtle reentrancy flaw. An attacker can hijack the upgrade flow to execute code in a future, vulnerable implementation. This is a systemic risk for protocols using UUPS or Transparent Proxies.
introduction
THE PROXY TRAP
The Illusion of Safety in Upgradeable Contracts
Upgradeable proxies create a systemic vulnerability by decoupling storage from logic, introducing a novel reentrancy vector that standard audits miss.
Standard audits are insufficient because they analyze a single, static codebase. This misses the dynamic risk of a future, incompatible implementation. The security model shifts from code correctness to governance correctness, a far more complex and failure-prone system.
The UUPS vs. Transparent Proxy choice is critical. UUPS (EIP-1822) places upgrade logic in the implementation, making it auditable but introducing a self-destruct risk. Transparent proxies (EIP-1967) use an external ProxyAdmin, which adds a centralization vector and a more complex attack surface.
Evidence: The 2021 SushiSwap MISO auction hack exploited a storage collision. A privileged function in a new implementation contract wrote to a storage slot that the previous logic interpreted as the auction wallet address, allowing the attacker to drain funds.
thesis-statement
THE VULNERABILITY
Core Thesis: The Upgrade is a State-Modifying Function
Proxy upgrades are state-modifying calls that create a unique, systemic reentrancy vector ignored by traditional security models.
Upgrade is a state change. A proxy's upgradeTo(address) function modifies the core _implementation storage slot, a critical state transition equivalent to a SELFDESTRUCT for logic. This is not an admin function; it is a high-impact state mutation that must be treated with the same caution as a token transfer.
Reentrancy guard bypass. Standard reentrancy guards like OpenZeppelin's only protect against reentrant calls within the same logic contract. A malicious implementation upgrade resets all storage context, allowing an attacker to re-enter the proxy with a new, unguarded contract and bypass existing protections entirely.
The delegatecall reentrancy pattern. This attack vector, exploited in the Umbria Network hack, involves an attacker causing a reentrant call before the upgrade completes, then having that call execute in the new, malicious implementation. Tools like Slither and MythX often miss this because they analyze single contracts, not the proxy system's lifecycle.
Evidence: The 2022 Beanstalk Farms $182M exploit was a governance attack, but the final execution weaponized a malicious proposal to upgrade the protocol's core contracts, demonstrating the catastrophic power of an unguarded upgradeTo function as a state-modifying payload.
key-insights
UPGRADE PROXIES & REENTRANCY
Executive Summary: Three Uncomfortable Truths
The industry-standard upgrade pattern creates a systemic, often overlooked vulnerability that redefines the attack surface for smart contracts.
01
The Proxy is the Attack Surface, Not the Logic
Every call to a proxy-based contract (like OpenZeppelin's TransparentUpgradeableProxy) must pass through the proxy's fallback function. This creates a universal entry point for reentrancy before any logic is executed.\n- Vulnerability is in the pattern, not the implementation\n- Bypasses traditional function-level security analysis\n- Affects $100B+ in DeFi TVL across protocols like Aave, Compound, and Uniswap v3.
$100B+
TVL At Risk
100%
Proxy Contracts
02
Storage Collision is a Ticking Time Bomb
Upgradeable contracts use delegatecall and specific storage slot schemes. A reentrant call during an upgrade or initialization can corrupt this mapping, leading to permanent fund loss or arbitrary logic execution.\n- Reentrancy corrupts the storage layout pointer\n- Makes UUPS proxies (EIP-1822) particularly vulnerable\n- Exploit is silent; doesn't require a visible state change.
EIP-1967
Slot Standard
Permanent
Damage Risk
03
The Solution: Proactive Reentrancy Guards & Static Analysis
Mitigation requires moving beyond guarding individual functions. The entire proxy callflow must be hardened.\n- Implement a reentrancy guard at the proxy level (e.g., in the fallback function)\n- Use static analysis tools (Slither, MythX) configured for proxy patterns\n- Adopt immutable designs or delayable timelocks for critical upgrades.
Layer 1
Guard Required
~0ms
Overhead
deep-dive
THE VULNERABILITY
Mechanics of the Attack: A Step-by-Step Breakdown
Upgradeable smart contracts create a reentrancy attack vector by allowing a malicious implementation to hijack the proxy's storage during a delegatecall.
The Proxy Storage Slot is the root vulnerability. A standard proxy contract stores the current implementation address in a specific, predictable storage slot. An attacker who gains control of this slot can point the proxy to a malicious contract.
Delegatecall Context Hijacking enables the attack. When a user calls the proxy, it delegatecalls to the implementation, executing the malicious logic within the proxy's own storage context. This is a function selector clash attack, where the attacker's fallback() function re-enters the proxy.
The Reentrancy Loop begins. The malicious implementation's fallback function can call back into the proxy before the original call finishes. Because the proxy's storage still points to the attacker's contract, each re-entry executes more malicious code, draining funds.
Real-World Precedent: Audius Hack. The 2022 Audius governance attack exploited this exact pattern. An attacker passed a malicious proposal to upgrade the contract, then used the new implementation's initialization function to steal governance tokens, demonstrating the upgrade-as-a-weapon model.
UPGRADEABILITY RISKS
Proxy Pattern Vulnerability Matrix
Comparison of reentrancy attack surfaces introduced by different proxy patterns, focusing on the critical initialization and upgrade phases.
| Vulnerability Vector | Transparent Proxy (OpenZeppelin) | UUPS Proxy (EIP-1822) | Beacon Proxy |
|---|---|---|---|
Admin Function Reentrancy | |||
Implementation Slot Clash | |||
Initialize() Reentrancy | |||
UpgradeTo() Reentrancy | |||
Selfdestruct via Delegatecall | Requires | ||
Gas Cost for State Corruption | $50-200k | $10-50k | $100k+ |
Time-Lock Bypass Surface | Admin address | Implementation logic | Beacon contract |
Post-Upgrade State Invariant Break | Controlled by proxy | Controlled by new logic | Controlled by beacon |
case-study
UPGRADE PROXY VULNERABILITIES
Real-World Attack Vectors & Near-Misses
Transparent upgrade proxies, while essential for protocol evolution, create a unique and often overlooked attack surface by decoupling storage from logic.
01
The Storage Collision Nightmare
The proxy's storage layout must be perfectly compatible with new implementations. A mismatch can corrupt state, leading to permanent fund loss or unexpected access control bypasses.\n- Incompatible Layouts: New logic writing to wrong storage slots (e.g., treating a uint256 as an address).\n- Silent Corruption: Bugs may not manifest until specific, rare conditions are met, making detection pre-deployment nearly impossible.
100%
Irreversible
EIP-1967
Standard Mitigation
02
The Function Clash Reentrancy
The proxy's fallback function delegates calls to the implementation. If the implementation contains a function selector that matches the proxy's own admin functions (like upgradeTo), a malicious contract can hijack the proxy.\n- Selector Overlap: Attacker calls proxy.someFunction() which the proxy mistakenly routes to upgradeTo(address).\n- Admin Takeover: This allows an attacker to point the proxy to a malicious contract and drain all funds, as seen in the Audius (2022) governance hack.
$6M+
Audius Loss
UUPS
Safer Pattern
03
The Initialization Race Condition
Initializer functions replace constructors for upgradeable contracts. If not protected, they can be front-run, allowing an attacker to become the contract owner.\n- Re-initialization Attack: Malicious actor calls initialize() before the legitimate deployer, setting themselves as admin.\n- Permanent Backdoor: This grants full upgrade rights, a critical flaw in early OpenZeppelin upgradeable templates before the initializer modifier was introduced.
0
Safe Calls
initializer
Key Modifier
04
The Phantom Function Exploit
When a function is removed in a new implementation, the proxy's delegatecall will fallback to the previous logic if the selector still exists there. This can resurrect old, vulnerable code.\n- Unintended Code Path: Users or integrators may continue calling a deprecated function, executing outdated logic with new storage.\n- Regression Risk: A bug patched in v2 remains exploitable if the function signature persists in v1's bytecode, creating a versioning hell scenario.
High
Integration Risk
Slither
Detection Tool
FREQUENTLY ASKED QUESTIONS
FAQ: Mitigation Strategies for Builders
Common questions about the security risks and mitigation strategies for upgradeable proxy patterns in smart contracts.
A reentrancy attack in upgradeable proxies occurs when a malicious implementation contract calls back into the proxy's storage before an upgrade is finalized. This exploits the time gap between the proxy delegating a call to the old logic and updating its pointer to the new one, allowing state corruption. This is a distinct risk from standard call.value() reentrancy.
takeaways
UPGRADEABLE CONTRACT RISKS
TL;DR: Actionable Security Mandates
Upgradeable proxies are a critical attack vector, creating a new class of reentrancy that bypasses traditional defenses.
01
The Storage Collision Reentrancy
Proxies separate logic from storage, creating a hidden state. An attacker can call a vulnerable function in the new implementation, which then calls back (delegatecall) into the old, deprecated logic contract. This old logic operates on the new, shared storage layout, leading to corrupted state and fund theft.\n- Bypasses Checks-Effects-Interactions: Attack occurs within a single transaction via delegatecall.\n- Example: The 2021 Audius exploit ($1M+ loss) leveraged this exact pattern.
1 TX
Attack Scope
$1M+
Historic Loss
02
The Initializer Function Race
Proxies use initialize functions instead of constructors. If not protected, a malicious actor can front-run the legitimate deployment to become the owner. This grants full control over the proxy's upgrade mechanism and all associated funds.\n- Critical Vulnerability: Found in early OpenZeppelin upgradeable templates.\n- Mandate: Use a transparent or UUPS proxy with an access-controlled, one-time initializer.
100%
Control Loss
Zero-Day
Risk Window
03
Function Clashing & Selector Poisoning
A malicious upgrade can introduce a function with the same 4-byte selector as a critical function in a commonly used contract (e.g., a token). Users or integrators may inadvertently call the malicious function, approving fund transfers.\n- Attack Vector: Relies on selector collision between the proxy and external contracts.\n- Mitigation: Use the TransparentProxy pattern or implement comprehensive function shadowing checks.
4 Bytes
Attack Surface
High
Deception Risk
04
The UUPS vs. Transparent Proxy Trade-Off
UUPS (EIP-1822) embeds upgrade logic in the implementation, making it cheaper but riskier—if the logic self-destructs, upgrades are permanently disabled. TransparentProxy separates admin logic, adding gas overhead but containing failure.\n- Action: For high-value systems (>$100M TVL), default to TransparentProxy for its robustness.\n- Audit Focus: For UUPS, rigorously audit the upgradeToAndCall function for reentrancy.
-40%
Gas (UUPS)
Single Point
Failure (UUPS)
05
The Time-Lock & Multi-Sig Imperative
Upgrade authority must be decentralized and delayed. A single admin key is a $1B+ bug bounty. Implement a minimum 48-hour timelock on all upgrades, governed by a 5/9+ multi-signature wallet or DAO.\n- Real-World Failure: Without a timelock, a compromised admin key led to the $80M Wormhole bridge exploit.\n- Tooling: Use OpenZeppelin's TimelockController with Gnosis Safe.
48h+
Min. Delay
5/9+
Multi-Sig
06
The Storage Gap Non-Negotiable
When writing upgradeable contracts, always append a uint256[50] __gap at the end of your storage layout. This reserves space for future variables, preventing catastrophic storage collisions during upgrades. Omitting this is a protocol-killer mistake.\n- First-Principles: Ethereum storage is a key-value map; collisions corrupt all data.\n- Framework Enforcement: Modern tools like @openzeppelin/upgrades enforce this.
50 Slots
Safety Buffer
Irreversible
If Missed
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall