Immutable in Principle, Upgradeable by Design: Exploratory Study of Smart Contract Upgradeability
Ilham Qasse, Mohammad Hamdaqa, Björn Þór Jónsson
TL;DR
The paper addresses the tension between blockchain immutability and the need for post-deployment updates in smart contracts by empirically studying upgradeable contracts on Ethereum. It constructs a dataset of contract versions and analyzes upgrade patterns using proxy standards (notably EIP-1967, UUPS, and Diamond) from Ethereum ETL and Etherscan. Key findings show upgradeable proxies are a small fraction of deployments ($3\%$) and upgrades occur rarely ($0.34\%$), with changes mainly for feature additions and vulnerability fixes when source code is accessible, and with user activity influenced by factors beyond upgrades. The work provides data, tooling, and insights to inform secure upgrade design and future research on contract evolution.
Abstract
Smart contracts, known for their immutable nature to ensure trust via automated enforcement, have evolved to require upgradeability due to unforeseen vulnerabilities and the need for feature enhancements post-deployment. This contradiction between immutability and the need for modifications has led to the development of upgradeable smart contracts. These contracts are immutable in principle yet upgradable by design, allowing updates without altering the underlying data or state, thus preserving the contract's intent while allowing improvements. This study aims to understand the application and implications of upgradeable smart contracts on the Ethereum blockchain. By introducing a dataset that catalogs the versions and evolutionary trajectories of smart contracts, the research explores key dimensions: the prevalence and adoption patterns of upgrade mechanisms, the likelihood and occurrences of contract upgrades, the nature of modifications post-upgrade, and their impact on user engagement and contract activity. Through empirical analysis, this study identifies upgradeable contracts and examines their upgrade history to uncover trends, preferences, and challenges associated with modifications. The evidence from analyzing over 44 million contracts shows that only 3% have upgradeable characteristics, with only 0.34% undergoing upgrades. This finding underscores a cautious approach by developers towards modifications, possibly due to the complexity of upgrade processes or a preference for maintaining stability. Furthermore, the study shows that upgrades are mainly aimed at feature enhancement and vulnerability mitigation, particularly when the contracts' source codes are accessible. However, the relationship between upgrades and user activity is complex, suggesting that additional factors significantly affect the use of smart contracts beyond their evolution.