How can you detect an upgradable Smart Contract and who is enabled to implement upgrades (has admin function)?
2 Likes
IF you want to get this upgrade information, May be you can try symbolic execution
1 Like
The symbolic execution technology is a traditional program static analysis method. It can calculate the condition for each branch in your code
Here is the example:
The code will exit EXIT_FAILURE as when input satisfy:
Then use a Theorem Prover (e.g. Z3 ) can get the x,y which satisfy the above constraint.
So when you analyze a smart contract by symbolic execution, you can get call constraints of the delegatecall.
2 Likes
Could you explain this approach on a more high-level basis? As I understand it, you simulate the smart contract logic by using a tool called symbolic execution which outputs a certain value [EXIT_FAILURE], if the smart contract doesn‘t contain any delegate calls to upgrade the contract? Is that right?
1 Like