Smart Contract Upgrades

How can you detect an upgradable Smart Contract and who is enabled to implement upgrades (has admin function)?

2 Likes

IF you want to get this upgrade information, May be you can try symbolic execution

1 Like

@jie_cai thanks so much for the solution. Do you mind elaborating on why it would work?

The symbolic execution technology is a traditional program static analysis method. It can calculate the condition for each branch in your code

Here is the example:

The code will exit EXIT_FAILURE as when input satisfy:
image

Then use a Theorem Prover (e.g. Z3 ) can get the x,y which satisfy the above constraint.

So when you analyze a smart contract by symbolic execution, you can get call constraints of the delegatecall.

2 Likes

Could you explain this approach on a more high-level basis? As I understand it, you simulate the smart contract logic by using a tool called symbolic execution which outputs a certain value [EXIT_FAILURE], if the smart contract doesn‘t contain any delegate calls to upgrade the contract? Is that right?

1 Like