Characterizing Ethereum Upgradable Smart Contracts and Their Security Implications (2024)

1. INTRODUCTION

Smart contracts are critical building blocks for decentralized applications (DApps) such as decentralized finance (DeFi)(Qin etal., 2022) and NFT(Das etal., 2022). As of Sep 2023, more than $61$ million smart contracts have been deployed on Ethereum(Cloud, 2023), the largest blockchain supporting smart contracts. To enforce transparency and trust decentralization, Ethereum and many other contract-supporting blockchains adopt the immutable smart contract design. That is, a smart contract, once deployed, cannot be changed or upgraded by any centralized entities. However, immutability conflicts with various legitimate causes to upgrade a deployed smart contract, such as introducing new functional features or patching security vulnerabilities, leading to inconvenience in practice.Thus, since 2016, various design patterns for upgradable smart contracts (USCs) have been introduced on Ethereum(Barros, 2019; Mudge, 2018, 2020b, 2020a), and widely adopted by DApps(Uniswap, 2023; OpenSea, 2023).Also, many third-party libraries, such as OpenZeppelin(OpenZeppelin, 2023a), have been developed to ease and accelerate USC development and deployment.

Despite all these efforts, developing USCs is still challenging and requires developers to be trained with security awareness(Josselinfeist, 2018).Otherwise, security vulnerabilities might exist in USCs, allowing attackers to hijack USCs and further affect their users.Unfortunately, such vulnerabilities are not rare among USCs.For example, a widely adopted OpenZeppelin USC template is vulnerable to permanent state impairment that can potentially cause huge financial loss (e.g., over $50m)(Iosiro, 2021).Attackers have even successfully destroyed a USC and obtained all its ETH(uup, 2022).With more contracts integrating upgrade features, it becomes more likely that attackers target these upgradeable contracts in the future(YAcademy, 2022).

In this paper, we conduct a large-scale measurement study to characterize USCs and their security implications in the wild.We first introduce six commonly used USC patterns and their implementations.Specifically, our works cover the straightforward method (e.g., to deploy a new contract and migrate states), the Ethereum built-in method (i.e., Metamorphic contract), and four methods that decouple a contract into two sub-contracts (e.g., one immutable contract and one contract that can be modified).In addition, we present a series of security risks that could potentially cause serious consequences.Some vulnerabilities might enable off-path attackers to completely destroy target USCs (e.g., deny their service) and even hijack existing contracts.Other issues might put smart contract users into dangerous situations, such as losing assets or trading deprecated tokens.To the best of our knowledge, we are the first to systematically investigate several USC security issues on a large scale.

We develop a tool, USCDetector, to identify USCs and their security issues.Unlike previous work relying on source code analysis(BodellIII etal., 2023) and can only detect limited USC types (e.g., proxy-based(BodellIII etal., 2023)), USCDetector collects various information such as bytecode and transaction information, which are available for all contracts, to detect six types of USCs, construct their upgrade chains, and disclose potentially vulnerable ones.Thus, USCDetector can cover both unverified (i.e., without source code) and verified smart contracts.We evaluate USCDetector using a subset of verified smart contracts, and show that it can achieve high accuracy with an overall 96.26% precision.

We adopt USCDetector on Ethereum, covering a total of 60,251,064 smart contracts.USCDetecor constructs 10,218 upgrade chains with 91,959 USCs identified.Our results show some interesting observations: while the proxy-based approach is the most popular one, many developers attempt to mix different approaches to implementing USCs,which can offer more flexibility and facilitate batch processing.Moreover, USCDetector successfully discloses multiple real-world USCs with potential security issues.For example, we have identified 15 USCs lacking restrictive checks on the upgradable functions, potentially enabling anyone to hijack them.Additionally, we have discovered 118 vulnerable contracts that may completely disable USCs (e.g., become unusable forever).We have also identified tokens of many deprecated contracts are still listed in various decentralized exchanges, affecting many unaware users.

2. BACKGROUND

3. UPGRADING PATTERNS AND IMPLEMENTATIONS

Smart contract upgrading is to modify the code executed in an address while preserving the contract’s states.Understanding the implementation details of upgradeable smart contracts (USCs) is necessary to investigate their potential security threats.This section demystifies six commonly used upgrading patterns and their implementations.

4. POTENTIAL SECURITY ISSUES

This section presents several potential security issues in existing USCs, which might be exploited by independent attackers (e.g., not the developers of target USCs) to hijack USCs.Some might become serious bugs affecting USC users.

5. METHODOLOGY

We design an analysis tool, USCDetector, to characterize USCs and investigate their potential vulnerabilities in the existing Ethereum blockchain.Unlike previous work(BodellIII etal., 2023) that only detect proxy-based USCs based on source code analysis, USCDetector identifies multiple types of USCs based on bytecode, which are always publicly accessible, and thus enable us to characterize both verified and unverified USCs in the wild.The high-level idea is that developers attempt to use common keywords (e.g., upgrade, update) in their upgrading functions(BodellIII etal., 2023), which are available in bytecode.With the help of other collectable information (e.g., transactions), we can identify USCs with high accuracy.

The overall workflow is illustrated in Figure2.USCDetector first disassembles smart contract bytecode into opcodes and extracts function selectors.Then it filters a list of USC candidates based on a set of pre-defined common upgrade function keywords.Additionally, USCDetector collects various supplementary information such as logic contract addresses and transaction information.Finally, based on all collected information, a rule-based pattern detector identifies USCs and their upgrading patterns.

6. MEASUREMENT IN THE WILD

We utilize USCDetector to detect smart contracts collected from Bigquery(Cloud, 2023), which has exported 60,251,064 smart contracts (date: 6/5/2023) from the Ethereum blockchain.We first group smart contracts based on their bytecode, so that smart contracts in each group have identical bytecode.We take the smart contract with the earliest creation time from each group as the representative for further analysis.

In the total of 964,585 groups, we have identified 27,420 groups, with1,938,727individual USCs (column“Raw” in Table2).We find that proxy-based pattern dominates existing upgradable methods, with 1,866,904 USCs from 4,964 groups.However, most of them are dominated by one group, namely OwnableDelegateProxy(OwnableDelegateProxy, 2018), which includes 1,546,462 USCs.This group was created by the smart contract WyvernProxyRegistry(OpenSea, 2018), which is maintained by OpenSea(OpenSea, 2023), a popular NFT market.WyvernProxyRegistry creates a proxy contract for each seller on OpenSea (i.e., the seller owns the contract) for executing sellers’ actions.Obviously, this group of proxies is not for business logic upgrading. In addition to this specific group, there are several other groups adopting a similar approach. In these groups, USCs are created by another smart contract (i.e., a contract factory), instead of an EOA account. The main purpose of a contract factory is to allow DApps (or DeFi) users to generate smart contracts (e.g., create their own tokens (Academy, 2023)).In the following analysis (e.g., the numbers presented in Column “Number” in Table2), we exclude the smart contracts created by a factory smart contract as a practice of deduplication.

Basic Characterization.Table2 shows the detailed breakdown of each pattern.We also present the aggregated ETH and transaction volumes.The most popular is the proxy pattern, with 43,650 contracts containing more than 736k ETH and 51M transactions.One possible reason is the wide adoption of third-party templates (e.g., Openzeppelin(OpenZeppelin, 2023a)), which provide open source contract libraries for developing smart contracts.Figure4 presents the number of different patterns of USCs over time. The blue line indicates that data separation and strategy pattern were the main upgrade methods until the proxy method (green) was introduced.The Metamorphic contract comes after February 2019, and is not popular due to its drawback mentioned in Section3.

Upgrade Chains.In total, we have constructed 4,692 upgrade chains for proxy-based USCs, 4,337 for strategy-based or data separation patterns, 201 for mix pattern, 110 for metamorphic-based USCs, and 878 for contract migration.Figure4 shows the CDF of upgrade chains.Most of them have conducted less than 20 upgrades, while the longest chain contains 92 upgrades.Also, 89.1% of the contract migration approach have only 1 upgrade, which is reasonable as contract migration essentially is to deploy a new contract.

We also find that many upgrades are conducted by different owners (i.e., owner change): there are 185 proxy-based, 97 strategy/data separation, and 52 mix-pattern USCs.

Mix Pattern Demystified.We detect 23,725 (Raw) mix-based USCs, which combine features of both strategy and proxy patterns.We find that there are different ways to implement the mix pattern.One popular way (20,591) utilizes an upgradeable intermediate contract.The main (proxy) contract can CALL the intermediate contract to get the return address for the logic contract.Then, the main contract can delegate calls to the logic contract using the returned address.In this way, the main contract does not preserve the actual address of the logic contract.When performing an upgrade, developers simply modify the logic contract’s address in the intermediate contract.It does not require any operations on the main contract for upgrading.Thus, it enables uniform upgrades across multiple USCs that share a logic contract.

Another popular approach (704) is similar: the main contract preservers the logic contract’s address, and also contains the upgrade function.When upgrade, the main contract first CALL the logic contract to see if a new logic address is returned. If yes, the main contract updates the new logic address, and then delegate the call to the new one.

Hierarchy Upgrade. Interestingly, we find some developers utilize strategy-based USCs to further upgrade multiple proxy-based USCs.For example, a proxy-based USC already contains an upgrade function (in the proxy contract) that can upgrade its logic contracts.Then, the developers utilize a strategy-based main contract to directly CALL the upgrade function in the proxy contract to upgrade its logic contract.The advantage is that, developers can utilize one main contract to manage multiple proxy contracts.USCDetector finds 1,349 such strategy-based USCs, and 2,628 proxy-based USCs were upgraded in this way.

7. SECURITY ISSUE CHARACTERIZATIONS

This section presents the security issues related to upgrades.We first introduce the methods for identifying them. We also manually verify them based on decompiled code.

Disclosure. We have followed the approach of Proxy Hunting(BodellIII etal., 2023) to disclose the vulnerabilities by sending email alerts to contract creators via EthMail(ETHMail, 2023). We have also manually searched their personal social media information to report corresponding issues.

8. RELATED WORKS

Smart Contract Upgrades.USCs have attracted many research efforts(Meisami and BodellIII, 2023; Antonino etal., 2022; Rodler etal., 2021) on understanding their characteristics.For example, Antonino et al. proposed a framework(Antonino etal., 2022) to introduce a trusted deployer to vet smart contracts’ creation and upgrade.Rodler et al. designed EVMPatch(Rodler etal., 2021) to rewrite the bytecode of exploited smart contracts and deploy them as upgradeable proxy contracts.Our work focuses on characterizing existing mainstream smart contract upgrading patterns and their security implications.

One closely related work is Proxy Hunting(BodellIII etal., 2023), which focuses on security issues of proxy-based USCs from contracts’ source code.Instead, our work covers more USCs patterns (e.g., data separation and strategy pattern) on unverified smart contracts (i.e., without source code). We also investigate several security issues that have not been studied by previous literature.Finally, there are two works on detecting metamorphic contracts using opcode CREATE2(Blau, 2022; Fröwis and Böhme, 2022).Our work further utilizes transaction call traces to check whether CREATE2 is used to create smart contracts.

Smart Contract Security Analysis.Extensive research efforts have been conducted on analyzing various security issues (e.g., reentrancy vulnerabilities) of smart contracts(ConsenSys, 2023; Nikolić etal., 2018; So etal., 2020; Xue etal., 2022; Bose etal., 2022; Rodler etal., 2019; Permenev etal., 2020) at both the source code level(Stephens etal., 2021; Wang etal., 2019; Duan etal., 2022; Chen, 2020; Xue etal., 2020; Torres etal., 2021; Jiang etal., 2018; Torres etal., 2018; Tikhomirov etal., 2018; Frank etal., 2020; Grech etal., 2018; Grossman etal., 2017; Liu etal., 2018; Nguyen etal., 2020) and bytecode level(Luu etal., 2016; Rodler etal., 2021; Chen etal., 2021b; Shi etal., 2022; Chen etal., 2021a; Choi etal., 2021; FerreiraTorres etal., 2022; Zhang etal., 2020; Krupp and Rossow, 2018).For example, Wang et al. developed NPChecker(Wang etal., 2019) to detect nondeterministic vulnerabilities in smart contracts.DefectChecker(Chen etal., 2021b) is introduced to detect smart contracts’ defects from bytecode.Different from previous efforts, our work focuses on uncovering existing USCs that have security issues at the bytecode level.

9. CONCLUSION

This paper presents a large-scale measurement study on USCs and their potential security issues.We have developed USCDetector to identify six types of USC without needing source code.Particularly, USCDetector collects various information such as bytecode and transaction information to construct upgradechains for USCs and disclose potentially vulnerable ones.USCDetector can achieve 96.26% precisionon our collected ground truth data with verified smart contracts.We have used USCDetector to analyze 60,251,064 smart contracts, and discovered multiple real-world USCs that have potential security issues.

ACKNOWLEDGMENTS

We would like to thank the anonymous reviewers for their insightful comments.Xiaofan Li and Xing Gao are partially supported by National Science Foundation (NSF) grants CNS-2054657 and CNS-2317830.Jin Yang, Jiaqi Chen, and Yuzhe Tang are partially supported by NSF grants CNS-2139801, CNS-1815814, DGE2104532, and two Ethereum Foundation academic grants.

REFERENCES

• (1)
• uup (2022)2022.A Real-World UUPS USC Was Destroyed by Delegating a Call to a Pre-defined Destroy Function.https://etherscan.io/address/0xa0e377d9cb4fcc014b634d74de07a428d3896eff
• Abi-decoder (2018)Abi-decoder. 2018.Abi-decode-functions.https://www.npmjs.com/package/abi-decode-functions
• Academy (2023)Solidity Academy. 2023.Demystifying the Factory Pattern in Solidity: Efficient Contract Deployment with Factory Pattern.https://medium.com/@solidity101/demystifying-the-factory-pattern-in-solidity-efficient-contract-deployment-with-factory-pattern-e233ea6d1ec0
• Antonino etal. (2022)Pedro Antonino, Juliandson Ferreira, Augusto Sampaio, and AW Roscoe. 2022.Specification is Law: Safe Creation and Upgrade of Ethereum Smart Contracts. In International Conference on Software Engineering and Formal Methods.
• Bandara etal. (2020)HMNDilum Bandara, Xiwei Xu, and Ingo Weber. 2020.Patterns for Blockchain Data Migration. In Proceedings of the European Conference on Pattern Languages of Programs 2020.
• Barros (2019)Gabriel Barros. 2019.Universal Upgradeable Proxy Standard (UUPS).https://eips.ethereum.org/EIPS/eip-1822
• Blau (2022)Michael Blau. 2022.A Tool for Detecting Metamorphic Smart Contracts.https://a16zcrypto.com/posts/article/metamorphic-smart-contract-detector-tool/
• BodellIII etal. (2023)WilliamE BodellIII, Sajad Meisami, and Yue Duan. 2023.Proxy Hunting: Understanding and Characterizing Proxy-Based Upgradeable Smart Contracts in Blockchains. In 32nd USENIX Security Symposium.
• Bose etal. (2022)Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, and Giovanni Vigna. 2022.Sailfish: Vetting Smart Contract State-Inconsistency Bugs in Seconds. In 2022 IEEE Symposium on Security and Privacy.
• Buterin (2018)Vitalik Buterin. 2018.Skinny CREATE2.https://eips.ethereum.org/EIPS/eip-1014
• Center (2023)EtherscanInformation Center. 2023.Token Migration.https://info.etherscan.com/token-migration/
• ChainList (2023)ChainList. 2023.Ethereum Mainnet RPC and Chain Settings — Chainlist.https://chainlist.org/chain/1
• Chen (2020)Jiachi Chen. 2020.Finding Ethereum Smart Contracts Security Issues by Comparing History Versions. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering.
• Chen etal. (2021b)Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiapu Luo, and Ting Chen. 2021b.Defectchecker: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode.IEEE Transactions on Software Engineering (2021).
• Chen etal. (2021a)Ting Chen, Zihao Li, Xiapu Luo, Xiaofeng Wang, Ting Wang, Zheyuan He, Kezhao Fang, Yufei Zhang, Hang Zhu, Hongwei Li, etal. 2021a.SigRec: Automatic Recovery of Function Signatures in Smart Contracts.IEEE Transactions on Software Engineering (2021).
• Choi etal. (2021)Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, and SangKil Cha. 2021.Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering.
• Cloud (2018)Google Cloud. 2018.Ethereum in BigQuery: A Public Dataset for Smart Contract Analytics.https://cloud.google.com/blog/products/data-analytics/ethereum-bigquery-public-dataset-smart-contract-analytics
• Cloud (2023)Google Cloud. 2023.Bigquery.https://console.cloud.google.com/bigquery?ws=!1m4!1m3!3m2!1sbigquery-public-data!2scrypto_ethereum
• CoinMarketCap (2023)CoinMarketCap. 2023.Cryptocurrency Prices, Charts and Market Capitalizations.https://coinmarketcap.com/
• ConsenSys (2023)ConsenSys. 2023.Mythril: Security analysis tool for EVM bytecode.https://github.com/ConsenSys/mythril/
• CoreLibrary (2021)CoreLibrary. 2021.CoreLibrary.https://etherscan.io/address/0x57ff2cbf0d1dfd79b497795b2edd3b56f1a30397
• Das etal. (2022)Dipanjan Das, Priyanka Bose, Nicola Ruaro, Christopher Kruegel, and Giovanni Vigna. 2022.Understanding Security Issues in the NFT Ecosystem. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
• Database (2023)EthereumSignature Database. 2023.Ethereum Signature Database.https://www.4byte.directory/
• Decentraland (2023)Decentraland. 2023.Decentraland.https://decentraland.org/
• decompiler (2023)Panoramix decompiler. 2023.Panoramix Decompiler.https://oko.palkeo.com/
• Docs (2023a)Ethereum Docs. 2023a.Anatomy of Smart Contracts.https://ethereum.org/en/developers/docs/smart-contracts/anatomy/
• Docs (2023b)Ethereum Docs. 2023b.ERC-20 Token Standard.https://ethereum.org/en/developers/docs/standards/tokens/erc-20/
• Docs (2023c)Ethereum Docs. 2023c.Ethereum Accounts.https://ethereum.org/en/developers/docs/accounts/
• Docs (2023d)Ethereum Docs. 2023d.Ethereum Virtual Machine.https://ethereum.org/en/developers/docs/evm/
• Docs (2023e)Ethereum Docs. 2023e.Introduction to Dapps.https://ethereum.org/en/developers/docs/dapps/
• Docs (2023f)Ethereum Docs. 2023f.Upgrading Smart Contracts.https://ethereum.org/en/developers/docs/smart-contracts/upgrading/
• Docs (2023g)Solidity Docs. 2023g.List of Known Bugs.https://docs.soliditylang.org/en/latest/bugs.html
• Duan etal. (2022)Yue Duan, Xin Zhao, Yu Pan, Shucheng Li, Minghao Li, Fengyuan Xu, and Mu Zhang. 2022.Towards Automated Safety Vetting of Smart Contracts in Decentralized Applications. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
• Ethereum (2023)Ethereum. 2023.Decentralized Exchanges (DEXs).https://ethereum.org/en/get-eth/#dex
• Etherscan (2023a)Etherscan. 2023a.Etherscan Contracts API.https://docs.etherscan.io/api-endpoints/contracts
• Etherscan (2023b)Etherscan. 2023b.Etherscan (ETH) Blockchain Explorer.https://etherscan.io/
• ETHMail (2023)ETHMail. 2023.Email Services for Ethereum Community.https://ethmail.cc/
• ETL (2023)Blockchain ETL. 2023.Ethereum-Etl.https://github.com/blockchain-etl/ethereum-etl
• FerreiraTorres etal. (2022)Christof FerreiraTorres, Hugo Jonker, and Radu State. 2022.Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses.
• Foundation (2023)SafeEcosystem Foundation. 2023.ModuleManager.https://github.com/safe-global/safe-contracts/blob/v1.4.1/contracts/base/ModuleManager.sol
• Frank etal. (2020)Joel Frank, Cornelius Aschermann, and Thorsten Holz. 2020.ETHBMC: A Bounded Model Checker for Smart Contracts. In 29th USENIX Security Symposium.
• Fröwis and Böhme (2022)Michael Fröwis and Rainer Böhme. 2022.Not All Code Are Create2 Equal. In 6th Workshop on Trusted Smart Contracts.
• Grech etal. (2018)Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018.MadMax: Surviving Out-of-Gas Conditions in Ethereum Smart Contracts.Proceedings of the ACM on Programming Languages (2018).
• Grossman etal. (2017)Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017.Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts.Proceedings of the ACM on Programming Languages (2017).
• History (2019)Ethereum History. 2019.Constantinople.https://ethereum.org/en/history/#constantinople
• input-data decoder (2022)Ethereum input-data decoder. 2022.Ethereum-input-data-decoder.https://www.npmjs.com/package/ethereum-input-data-decoder
• Iosiro (2021)Iosiro. 2021.Perma-Brick UUPS Proxies with This One Trick.https://www.iosiro.com/blog/openzeppelin-uups-proxy-vulnerability-disclosure
• Jiang etal. (2018)Bo Jiang, Ye Liu, and WingKwong Chan. 2018.Contractfuzzer: Fuzzing Smart Contracts for Vulnerability Detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering.
• Josselinfeist (2018)Josselinfeist. 2018.Contract Upgrade Anti-Patterns.https://blog.trailofbits.com/2018/09/05/contract-upgrade-anti-patterns
• Krupp and Rossow (2018)Johannes Krupp and Christian Rossow. 2018.TEEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. In 27th USENIX Security Symposium.
• Liu etal. (2018)Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, and Bill Roscoe. 2018.Reguard: Finding Reentrancy Bugs in Smart Contracts. In Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings.
• Luu etal. (2016)Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016.Making Smart Contracts Smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.
• Meisami and BodellIII (2023)Sajad Meisami and WilliamEdward BodellIII. 2023.A Comprehensive Survey of Upgradeable Smart Contract Patterns.arXiv preprint arXiv:2304.03405 (2023).
• Mudge (2018)Nick Mudge. 2018.Transparent Contract Standard.https://eips.ethereum.org/EIPS/eip-1538
• Mudge (2020a)Nick Mudge. 2020a.Diamonds, Multi-Facet Proxy.https://eips.ethereum.org/EIPS/eip-2535
• Mudge (2020b)Nick Mudge. 2020b.Proxy Storage Slots.https://eips.ethereum.org/EIPS/eip-1967
• MVHQ (2022)MVHQ. 2022.A Proxy-Based USC Upgrades Four Times in a Row.https://etherscan.io/txs?a=0x2809a8737477a534df65c4b4cae43d0365e52035&p=36
• Nguyen etal. (2020)TaiD Nguyen, LongH Pham, Jun Sun, Yun Lin, and QuangTran Minh. 2020.sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.
• Nikolić etal. (2018)Ivica Nikolić, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018.Finding the Greedy, Prodigal, and Suicidal Contracts at Scale. In Proceedings of the 34th Annual Computer Security Applications Conference.
• Openchain (2023)Openchain. 2023.Transaction Tracer.https://openchain.xyz/trace
• OpenSea (2018)OpenSea. 2018.WyvernProxyRegistry.https://etherscan.io/address/0xa5409ec958c83c3f309868babaca7c86dcb077c1
• OpenSea (2023)OpenSea. 2023.OpenSea.https://opensea.io/
• OpenZeppelin (2021)OpenZeppelin. 2021.UUPSUpgradeable Vulnerability in OpenZeppelin Contracts.https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-q4h9-46xg-m3x9
• OpenZeppelin (2023a)OpenZeppelin. 2023a.Openzeppelin Contracts Upgradeable.https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
• OpenZeppelin (2023b)OpenZeppelin. 2023b.OwnableUpgradeable.https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/access/OwnableUpgradeable.sol
• OpenZeppelin (2023c)OpenZeppelin. 2023c.UUPSUpgradeable.https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/proxy/utils/UUPSUpgradeable.sol
• Ortner and Eskandari (2023)Martin Ortner and Shayan Eskandari. 2023.Smart Contract Sanctuary.(2023).https://github.com/tintinweb/smart-contract-sanctuary
• OwnableDelegateProxy (2018)OwnableDelegateProxy. 2018.OwnableDelegateProxy.https://etherscan.io/address/0x9b9c9daea6d5bf242fb1885b57d99a5a74433176
• Palladino (2020)Santiago Palladino. 2020.The State of Smart Contract Upgrades.https://blog.openzeppelin.com/the-state-of-smart-contract-upgrades
• Permenev etal. (2020)Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, and Martin Vechev. 2020.Verx: Safety Verification of Smart Contracts. In 2020 IEEE Symposium on Security and Privacy.
• Qin etal. (2022)Kaihua Qin, Liyi Zhou, and Arthur Gervais. 2022.Quantifying Blockchain Extractable Value: How Dark Is the Forest?. In 2022 IEEE Symposium on Security and Privacy.
• Rodler etal. (2019)Michael Rodler, Wenting Li, GhassanO Karame, and Lucas Davi. 2019.Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In 26th Annual Network and Distributed System Security Symposium.
• Rodler etal. (2021)Michael Rodler, Wenting Li, GhassanO Karame, and Lucas Davi. 2021.EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts. In 30th USENIX Security Symposium.
• Shi etal. (2022)Chaochen Shi, Yong Xiang, Jiangshan Yu, Longxiang Gao, Keshav Sood, and Robin RamMohan Doss. 2022.A Bytecode-Based Approach for Smart Contract Classification. In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering.
• So etal. (2020)Sunbeom So, Myungho Lee, Jisu Park, Heejo Lee, and Hakjoo Oh. 2020.VeriSmart: A Highly Precise Safety Verifier for Ethereum Smart Contracts. In 2020 IEEE Symposium on Security and Privacy.
• Solidity (2023)Solidity. 2023.Solidity Programming Language.https://soliditylang.org/
• Stephens etal. (2021)Jon Stephens, Kostas Ferles, Benjamin Mariano, Shuvendu Lahiri, and Isil Dillig. 2021.SmartPulse: Automated Checking of Temporal Properties in Smart Contracts. In 2021 IEEE Symposium on Security and Privacy.
• Tikhomirov etal. (2018)Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018.Smartcheck: Static Analysis of Ethereum Smart Contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain.
• Torres etal. (2021)ChristofFerreira Torres, AntonioKen Iannillo, Arthur Gervais, and Radu State. 2021.Confuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts. In 2021 IEEE European Symposium on Security and Privacy.
• Torres etal. (2018)ChristofFerreira Torres, Julian Schütte, and Radu State. 2018.Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts. In Proceedings of the 34th Annual Computer Security Applications Conference.
• Truffle (2018)Truffle. 2018.Truffle-code-utils.https://www.npmjs.com/package/truffle-code-utils
• Uniswap (2020)Uniswap. 2020.Introducing Token Lists.https://blog.uniswap.org/token-lists
• Uniswap (2023)Uniswap. 2023.Uniswap.https://uniswap.org/
• Vogelsteller (2015)Fabian Vogelsteller. 2015.Token Standard.https://eips.ethereum.org/EIPS/eip-20
• Wang etal. (2019)Shuai Wang, Chengyu Zhang, and Zhendong Su. 2019.Detecting Nondeterministic Payment Bugs in Ethereum Smart Contracts.Proceedings of the ACM on Programming Languages.
• Web3 (2023)Web3. 2023.getCode.https://web3js.readthedocs.io/en/v1.2.11/web3-eth.html#getcode
• Xue etal. (2020)Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, and Tianyong Peng. 2020.Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering.
• Xue etal. (2022)Yinxing Xue, Jiaming Ye, Wei Zhang, Jun Sun, Lei Ma, Haijun Wang, and Jianjun Zhao. 2022.xFuzz: Machine Learning Guided Cross-Contract Fuzzing.IEEE Transactions on Dependable and Secure Computing (2022).
• YAcademy (2022)YAcademy. 2022.Security Guide to Proxies.https://proxies.yacademy.dev/pages/security-guide/
• Zhang etal. (2020)Yuyao Zhang, Siqi Ma, Juanru Li, Kailai Li, Surya Nepal, and Dawu Gu. 2020.Smartshield: Automatic Smart Contract Protection Made Easy. In 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering.

Appendix A APPENDIX

I. USCDetector Details

Notations.

Rules.

Proxy Pattern Rule requires (1) DELEGATECALL, (2)fallback function, and (3) the upgrade function must exist either in the proxy or logic contract.

Strategy Pattern Rule requires three elements to exist in the main contract at the same time. These elements are the upgrade function, CALL or STATICCALL (or both of them), and the functions that the main calls the logic contract.

Data Separation Rule requires the upgrade function to exist in the data contract. If the data contract calls functions of other contracts, it then has the same features as the strategy pattern.

Mix Pattern Rule requires that both the proxy’s rule and strategy’s rule must be satisfied.

Metamorphic Contract Rule requires SELFDESTRUCT to exist in the contract, while the call trace of the transaction that creates the contract must contain CREATE2.

Contract Migration Rule requires the address of the old contract, and announcement, and the address of the new contract must exist in the records we obtain from Etherscan at the same time.

II. False Negative Evaluation Using Dataset from(BodellIII etal., 2023)

We evaluate USCDetector using a subset of the dataset from Proxy Hunting (BodellIII etal., 2023), including 775 smart contracts.The TP, FP, TN, and FN are 673, 1, 94, and 7, respectively.Particularly, for 2 out of 7 FNs, our dataset missed the upgrading functions. For the rest 5, the logic contract address is hardcoded in the source code of the proxy contract.Our approach cannot obtain it from the RPC and cause the FN.In particular, there are two reasons to only use a subset of their dataset:(1) As mentioned in their paper, Proxy Hunting cannot detect USCs if the source code of the logic contract is not available, while our approach relying on bytecode can.(2) We find that inconsistency between source code and bytecode exists in some cases. Basically, the source code provided by the developer at an address does not exactly match the bytecode deployed at that address.The reason could be that the developer attempts to provide all relevant source code to verify a smart contract, while the deployed contract is only part of it.For example, the contract CoreLibrary(CoreLibrary, 2021) is the deployed contract and does not have any upgrading function.However, the source code provided by the developer at this address also includes the code for AdminUpgradeabilityProxy (which is a proxy-based USC) and its dependent contracts.We thus excluded these contracts in our evaluation.

III. Additional Listings of Vulnerable Examples

List1 presents a simplified version of a Mix Pattern contract that has no restrictive check on contract admin, derived from a real-world DApp LANDProxy(Decentraland, 2023).There is no admin check on the upgrade function, and thus anyone can overwrite the logic address (Line 3).

Listing2 presents a case I example. It lists the decompiled code of a simplified version of a (unverified) vulnerable UUPS-based logic contract.There is a function initialize (Line 8) that can be called directly.This function can declare the owner of the contract (Line 9).Since this contract has no state, its ownership can be obtained by calling the initialize function.Attackers can further call the destruct (Line 4) function to destroy this contract, disabling its proxy contract and withdrawing all the ETHs (Line 7).

Listing3 presents a case II example: a simplified version of a UUPS-based logic contract.It does not contain SELFDESTRUCT opcode, but can still be destroyed through the function upgradeToAndCall.The upgrade mechanism is implemented correctly for the proxy: only the owner can perform upgrades (Line 10).However, the upgradeToAndCall function can be directly called by the logic contract owner.An attacker can call the function initialize (Line 3) to take ownership of the logic contract, and further destroy it by calling the function upgradeToAndCall (Line 10).

Particularly, the _upgradeToAndCallSecure function includes a rollback test to validate that the new logic address also has an upgrade function (Line 29).However, this test can be bypassed by performing twice upgrades: first by resetting the rollbackTesting value (Line 28) and then by calling _upgradeToAndCallSecure function to a function containing SELFDESTRUCT in the upgrading logic contract (Line 26).This would destroy the logic contract and cause the proxy’s DELEGATECALL to point to a self-destructed logic contract.

IV. Additional Figures of Vulnerable Examples

Figure5 presents a real-world example of proxy-based USC. Figure4(a) shows a transaction from a proxy’s admin to initialize the proxy contract.As the function initialize is supposed to exist in the logic contract, the proxy contract simply delegates the call to the logic contract (Figure4(b)).However, the logic address is actually an EOA.Thus, the initialize was not executed and eventually has no state change.