An upgradable wallet is a blockchain wallet, typically a smart contract account, whose core logic and functionality can be modified or replaced after deployment without compromising user assets or requiring migration to a new address. This is achieved through architectural patterns like the Proxy Pattern, where a lightweight proxy contract holds the user's funds and delegates all logic calls to a separate, updatable implementation contract. This separation allows developers to fix bugs, add new features (like social recovery or new signature schemes), or adapt to new cryptographic standards, all while the user's persistent address and asset ownership remain unchanged.
LABS
Glossary
Upgradable Wallet
An Upgradable Wallet is a smart contract wallet whose core logic can be modified or replaced after deployment, enabling feature updates and security patches without changing the user's address or moving assets.
Chainscore © 2026
definition
BLOCKCHAIN INFRASTRUCTURE
What is an Upgradable Wallet?
A technical overview of smart contract wallets designed for future modifications.
The primary mechanism enabling this is the use of a proxy contract. The proxy is the permanent address users interact with and where assets are stored. It contains minimal code, primarily a function to forward, or delegatecall, to the current logic contract's address stored in its memory. When an upgrade is required, only the reference in the proxy is updated to point to a new, audited implementation contract. This process is often governed by a multi-signature scheme or a decentralized autonomous organization (DAO) to ensure upgrades are secure and consensus-driven, preventing unilateral or malicious changes.
Key benefits of upgradable wallets include future-proofing against evolving standards (e.g., quantum-resistant cryptography), enhanced security through post-deployment bug fixes, and improved user experience via the addition of new features like batch transactions or subscription payments. Prominent examples include Safe (formerly Gnosis Safe) and other smart account implementations within ERC-4337 (Account Abstraction). However, the upgrade capability introduces a trust assumption, as users must trust the governance mechanism controlling the proxy, making decentralized and transparent upgrade governance critical for non-custodial integrity.
From a developer's perspective, creating an upgradable wallet requires careful design to avoid storage collisions—a common pitfall where new logic unintentionally corrupts the proxy's existing data layout. Standards like the Universal Upgradeable Proxy Standard (UUPS) and Transparent Proxy Pattern provide frameworks to mitigate these risks. Upgradable wallets are a foundational component for account abstraction, aiming to make blockchain wallets as flexible and user-friendly as traditional web applications while maintaining the security and self-custody principles of decentralized finance.
how-it-works
ARCHITECTURE
How Does an Upgradable Wallet Work?
An upgradable wallet is a smart contract wallet that separates its core logic from its storage, allowing its functionality to be updated without changing its on-chain address or requiring users to migrate assets.
An upgradable wallet operates on a proxy pattern, a foundational smart contract architecture. In this model, a user's wallet is represented by a lightweight proxy contract that holds all assets and state (the storage). This proxy does not contain the main business logic itself; instead, it delegates all function calls via a delegatecall to a separate implementation contract (the logic). The proxy's only job is to forward calls and use the logic contract's code in its own context, meaning the logic contract's code executes as if it were running inside the proxy, thereby accessing the proxy's stored data.
The upgrade mechanism is controlled by a proxy admin or a built-in upgrade function. When developers need to add features, fix bugs, or improve gas efficiency, they deploy a new version of the logic contract. An authorized address (often the user or a governance module) then instructs the proxy to update its reference to point to the new implementation address. Crucially, this change is a single storage slot update on the proxy. From that moment forward, all subsequent calls are delegated to the new code, while the wallet's address, transaction history, token balances, and permissions remain intact on the unchanged proxy.
This architecture introduces important security considerations. A transparent proxy pattern is commonly used to prevent function selector clashes between the proxy's own upgrade functions and the implementation's functions, mitigating a class of attacks. Furthermore, the upgrade authority must be carefully managed—often through multi-signature schemes or decentralized governance—to prevent malicious upgrades. Standards like EIP-1967 and EIP-1822 formalize the storage slots for implementation addresses, creating a predictable and auditable upgrade pattern that tools like Etherscan can recognize and display correctly.
For users, the experience is seamless. They continue to use the same Ethereum address or ENS name. Wallets like Argent and Gnosis Safe are prominent examples of upgradable smart contract wallets. This design enables them to iteratively add features such as social recovery, batch transactions, new signature schemes (like passkeys or EIP-4337 Account Abstraction), and integrations with new Layer 2 networks, all without the immense friction of asking users to move funds to a new wallet address.
key-features
ARCHITECTURE
Key Features of Upgradable Wallets
Upgradable wallets, also known as smart contract wallets, separate a user's account logic from their signing key, enabling modular security and functionality updates without changing the core address.
02
Modular Security & Recovery
Replaces the irreversible loss of a private key with programmable recovery mechanisms. Key features include:
- Guardians: Designated addresses (friends, hardware wallets) that can help recover access.
- Time-delayed actions: A security cooldown for sensitive operations like changing owners.
- Spending limits: Rules to cap transaction values per day or per session.
03
Gas Flexibility & Sponsorship
Decouples fee payment from the transaction sender, enabling novel user experiences.
- Paymasters: Third parties (dApps, employers) can pay gas fees on a user's behalf.
- Gas Abstraction: Users can pay fees in ERC-20 tokens instead of the network's native coin.
- Batch Transactions: Multiple actions are bundled, paying gas only once for the entire operation.
04
Implementation Examples
Real-world projects building on the upgradable wallet model:
- Safe (formerly Gnosis Safe): The canonical multi-signature wallet with a modular guard and module system.
- ZeroDev & Biconomy: SDKs and infrastructure for deploying ERC-4337 smart accounts.
- Argent & Ambire: Consumer-focused wallets with built-in social recovery and gas abstraction.
05
Proxy Pattern Architecture
The technical foundation for upgradable smart contracts. It uses:
- Proxy Contract: Holds the state and user funds, delegating logic calls.
- Implementation Contract: Contains the executable code; can be swapped for a new version.
- This separation allows the wallet's logic to be upgraded while preserving the user's address, transaction history, and asset holdings.
06
Transaction Batching & Automation
Enables complex, multi-step operations executed as a single atomic transaction.
- Batch Calls: Approve a token and swap it in one click, saving time and gas.
- Automated Rules: Set conditions for recurring payments or automated investing (DCA).
- This reduces user friction and enables more sophisticated DeFi strategies directly from the wallet.
examples
UPGRADABLE WALLET
Examples & Implementations
Upgradable wallets are implemented through various architectural patterns, primarily using proxy contracts to separate logic from storage, enabling seamless updates without user intervention.
06
Security & Governance
Upgradability introduces centralization and security risks, managed through governance models.
- Timelock Controllers: A mandatory delay between an upgrade proposal and its execution, allowing users to exit.
- Multi-sig Admins: Upgrade authority is distributed among multiple keys (e.g., a 5-of-9 council).
- Immutable Options: Some projects offer an optional, immutable "frozen" version after audits for maximum trustlessness.
- Transparency: All upgrade proposals and code are typically verified and published on-chain for community review.
SMART CONTRACT WALLET COMPARISON
Upgradable Wallet vs. Traditional EOA
A technical comparison of programmable smart contract wallets and standard Externally Owned Accounts (EOAs).
| Feature / Capability | Upgradable Wallet (Smart Contract Account) | Traditional EOA |
|---|---|---|
Account Logic | Programmable via deployed smart contract code. | Fixed by the protocol; defined by a cryptographic key pair. |
Upgradability & Recovery | ||
Transaction Batching | ||
Gas Abstraction (Sponsored Tx) | ||
Signature Flexibility | Supports social recovery, multisig, session keys. | Only supports a single ECDSA signature from the private key. |
On-Chain Footprint | Requires contract deployment (~0.02-0.1 ETH). | Created for free upon first transaction. |
Transaction Cost | Higher base cost due to contract execution. | Lower base cost for simple transfers. |
Inherent Security Model | Depends on contract code audit and access logic. | Depends solely on private key secrecy. |
security-considerations
UPGRADABLE WALLET
Security Considerations & Risks
An upgradable wallet is a smart contract wallet whose core logic can be modified after deployment, introducing unique security trade-offs between flexibility and immutability.
01
The Upgrade Mechanism
The primary security model revolves around the upgrade mechanism itself. Common patterns include:
- Proxy Pattern: A minimal proxy contract holds user funds and delegates logic calls to a separate, updatable implementation contract.
- Diamond Pattern (EIP-2535): A modular approach where a single proxy delegates to multiple implementation contracts (facets).
- Governance-Controlled Upgrades: Upgrade authority is often held by a multi-signature wallet, a DAO, or a timelock contract, adding layers of process and delay.
The security of the entire system depends on the integrity of this upgrade path and its administrators.
02
Admin Key Risk & Centralization
The entity or mechanism with upgrade authority represents a centralized point of failure. Risks include:
- Private Key Compromise: If upgrade keys are stolen, an attacker can deploy malicious logic to drain all wallets.
- Malicious Admin: A rogue administrator could act maliciously.
- Governance Attacks: If controlled by a token vote, the system is vulnerable to 51% attacks or vote manipulation.
Mitigations include using timelocks (enforcing a delay before an upgrade executes) and multi-signature schemes requiring consensus among trusted parties.
03
Implementation Contract Risks
Each new implementation contract introduces its own attack surface. A flawed upgrade can:
- Introduce critical bugs or vulnerabilities (e.g., reentrancy, logic errors) into all wallets instantly.
- Break integrations with dApps expecting a specific wallet interface.
- Change security guarantees unexpectedly for users (e.g., altering signature verification).
Rigorous audits, formal verification, and staged rollouts (e.g., via a canary upgrade) are essential for every new implementation.
04
Storage Collision & State Corruption
A critical technical risk during upgrades is storage collision. The new implementation contract's variables must be declared in the exact same order and type as the previous version. If not:
- User data (balances, nonces, allowances) can be corrupted or overwritten.
- Funds can become permanently inaccessible.
Using structured storage patterns (like unstructured storage in proxies) or the Diamond Standard helps mitigate this by isolating storage layouts.
05
User Transparency & Consent
Upgrades can happen without the explicit consent of individual users, leading to risks:
- Loss of Immutability: The core promise of a non-custodial wallet can be undermined if logic changes against user expectations.
- Stealth Upgrades: Users may be unaware a change occurred, especially if interfaces don't change.
- Exit Rights: Users need clear communication and the ability to exit (withdraw funds) if they disagree with an upgrade's direction.
Transparent governance and upgrade announcements are critical for user trust.
06
Comparison to Immutable Wallets
Upgradable Wallets trade the absolute security of immutability for the ability to fix bugs and add features. Key comparisons:
- Immutable Wallet: Code is final. Vulnerabilities are permanent, but there is zero admin risk.
- Upgradable Wallet: Vulnerabilities can be patched, but the system inherits admin key risk and upgrade process complexity.
The choice is a fundamental design decision between resilience through immutability and adaptability through upgradeability.
technical-details-proxy-pattern
UPGRADABLE WALLET
Technical Deep Dive: The Proxy Pattern
An explanation of the proxy pattern, a foundational smart contract design that enables the creation of upgradable wallets and decentralized applications (dApps) by separating logic from storage.
The proxy pattern is a smart contract architectural design that separates an application's logic and state into distinct contracts to enable upgradability. A proxy contract holds all the storage (state variables like user balances) and delegates function calls to a separate logic contract (or implementation contract) using the delegatecall opcode. This separation allows developers to deploy a new logic contract with bug fixes or new features, then point the proxy to the new address, effectively upgrading the system's behavior without migrating user data or assets.
The core mechanism enabling this is delegatecall, which executes code from the logic contract within the context of the proxy's storage. This means the logic contract can read and write to the proxy's state as if it were its own. To manage upgrades securely, a proxy admin contract or a specific upgrade function is typically used, often governed by a multi-signature wallet or a decentralized autonomous organization (DAO). Prominent implementations include the Transparent Proxy pattern, which prevents function selector clashes, and the UUPS (Universal Upgradeable Proxy Standard), where upgrade logic is built into the implementation contract itself.
For upgradable wallets like smart contract wallets, this pattern is critical. It allows wallet functionality—such as adding social recovery, new signature schemes, or batch transaction capabilities—to be improved over time. However, the pattern introduces significant security considerations. A malicious or buggy upgrade can compromise the entire system, making timelocks and rigorous auditing essential. Furthermore, developers must ensure storage layout compatibility between old and new logic contracts to prevent catastrophic data corruption during an upgrade.
UPGRADABLE WALLET
Frequently Asked Questions (FAQ)
Common questions about smart contract wallets that can be updated after deployment, a core feature of account abstraction.
An upgradable wallet is a smart contract-based wallet whose core logic can be modified or replaced after its initial deployment on the blockchain. Unlike traditional Externally Owned Accounts (EOAs) with fixed code, an upgradable wallet uses a proxy pattern, where a lightweight proxy contract holds the user's assets and delegates all logic calls to a separate, updatable implementation contract. This allows developers to fix bugs, add new features (like social recovery or new signature schemes), or improve gas efficiency without requiring users to migrate to a new wallet address. Key protocols implementing this include Safe{Wallet} (formerly Gnosis Safe), Argent, and wallets built on ERC-4337 account abstraction standards.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall