Proxy upgradeability means contracts can change after audits. This is not disclosed in product UIs.
Pillar: Safety
The problem
Most major DeFi protocols use upgradeable proxy contracts. Whether a contract can be changed after deployment — and by whom, under what process — is almost never disclosed in the product UI.
An audit of an old implementation is not an audit of what the contract does today. Users have no way to know when an upgrade has occurred or what changed.
Why it matters
- Safety: The contract I deposited into may not be the contract holding my funds.
- Agency: I cannot consent to a system I don’t know has changed.
What exists today
OpenZeppelin’s UUPS and Transparent proxy patterns are well-documented. No standard for surfacing upgrade history to end users.
The gap
No standard for tying audit validity to contract version and notifying depositors of upgrades.
Open questions
- What’s the right mechanism for user notification when a contract they’ve interacted with is upgraded?
- Should upgrades require a disclosure period?