The Amps exploit was due to an unprotected reinitializer on their upgradeable contract. The attacker called reinitialize, set themselves as the owner, and changed the implementation to a malicious contract. This is a very common bug in upgradeable contracts. (1/5)

https://farcaster.xyz/phil/0x1aa4e6f9

Some of the biggest losses in crypto have been due to upgradeable contracts. Naively it sounds safer, but it adds a lot of complexity and attack surface.

If you're working on a contract, enable easy migration instead of upgradeability if possible. If you must, limit upgrading to the smallest components.

A doodler and computerer. I like permissive/permissionless open source, smart contracts, p2p systems, room-scale VR, and NixOS.

shazow.net

Currently: WhatsABI

not the contract was hacked tho but the frontend

a million ways a well audited upgradeable mixin like openzeppelin can still get hacked.

Safe Wallet is probably the most audited upgradeable proxy per lines of code, yet ByBit hack still happened!

An upgradeable contract is an eternal liability for every surface API exposed (eg initialize) and for every wallet that has permissions to upgrade.

This classic always comes to mind: https://diligence.consensys.io/blog/2019/01/upgradeability-is-a-bug/

Elevating onchain creators 

@nodefoundation @brightmoments 
@ampsfun

i've always been very skeptical with "upgradeable" contracts. it just doesn't sit right with me. 

sorry about this @phil :(