The Myth of Immutability: A Multivocal Review on Smart Contract Upgradeability
Ilham Qasse, Isra M. Ali, Nafisa Ahmed, Mohammad Hamdaqa, Björn Þór Jónsson
TL;DR
The paper tackles the challenge of smart contract upgradeability by addressing the tension between immutability and the need for post deployment evolution. It adopts a multivocal literature review to synthesize both academic and grey literature, yielding a unified taxonomy of 17 upgrade approaches categorized as full or partial upgrades. Each approach is analyzed along core smart contract components and evaluated against software quality attributes such as complexity, flexibility, efficiency, security and usability. The findings illuminate significant trade offs among upgrade mechanisms and offer practical guidance for selecting patterns tailored to project requirements, while also discussing governance models and lifecycle management. The work highlights avenues for empirical research and tool development to improve secure and maintainable upgradeable contracts in the Ethereum ecosystem.
Abstract
The immutability of smart contracts on blockchain platforms like Ethereum promotes security and trustworthiness but presents challenges for updates, bug fixes, or adding new features post-deployment. These limitations can lead to vulnerabilities and outdated functionality, impeding the evolution and maintenance of decentralized applications. Despite various upgrade mechanisms proposed in academic research and industry, a comprehensive analysis of their trade-offs and practical implications is lacking. This study aims to systematically identify, classify, and evaluate existing smart contract upgrade mechanisms, bridging the gap between theoretical concepts and practical implementations. It introduces standardized terminology and evaluates the trade-offs of different approaches using software quality attributes. We conducted a Multivocal Literature Review (MLR) to analyze upgrade mechanisms from both academic research and industry practice. We first establish a unified definition of smart contract upgradeability and identify core components essential for understanding the upgrade process. Based on this definition, we classify existing methods into full upgrade and partial upgrade approaches, introducing standardized terminology to harmonize the diverse terms used in the literature. We then characterize each approach and assess its benefits and limitations using software quality attributes such as complexity, flexibility, security, and usability. The analysis highlights significant trade-offs among upgrade mechanisms, providing valuable insights into the benefits and limitations of each approach. These findings guide developers and researchers in selecting mechanisms tailored to specific project requirements.