The June 9, 2025 exploit of Teller Finance v2 threw a spotlight on one of the most technically nuanced and dangerous areas of smart contract development: proxy upgrade patterns. This advanced tutorial examines the three major proxy patterns used in production DeFi protocols, explains their security properties and failure modes, and provides a practical framework for evaluating whether a protocol’s upgrade mechanism introduces unacceptable risk.
The Objective
By the end of this tutorial, you will understand how proxy contracts work, why they are necessary, what can go wrong when they are implemented incorrectly, and how to evaluate a protocol’s upgrade mechanism as a security-conscious user or developer. We will reference the Teller Finance v2 incident, where an unsafe delegatecall in a proxy contract enabled a complete protocol compromise, as our primary case study.
The broader context matters: Bitcoin trades at $110,294, Ethereum at $2,681, and over $114 million was lost to DeFi exploits in June 2025 alone. Understanding proxy security is not academic, it is a financial imperative for anyone interacting with upgradeable smart contracts.
Prerequisites
This tutorial assumes familiarity with basic Solidity concepts including contracts, functions, storage variables, and the Ethereum Virtual Machine execution model. You should understand that smart contracts on Ethereum are immutable by default: once deployed, their code cannot be changed. This immutability is a feature for trust minimization, but it creates a challenge when protocols need to fix bugs, add features, or respond to changing market conditions.
Proxy patterns solve this immutability problem by separating a contract’s interface from its implementation. Users interact with a proxy contract that forwards all calls to an implementation contract. When the protocol needs to upgrade, the proxy is pointed to a new implementation contract while maintaining the same address and storage.
The key Solidity opcodes to understand are CALL, DELEGATECALL, and the fallback function mechanism. A regular CALL executes code in the context of the called contract, with its own storage and msg.sender. A DELEGATECALL executes code in the context of the calling contract, preserving the caller’s storage layout and msg.sender. This distinction is where proxy vulnerabilities originate.
Step-by-Step Walkthrough
Step one: Understand the three major proxy patterns. The Transparent Proxy pattern, formalized as ERC-1967, uses an admin address that can upgrade the implementation while all other interactions are forwarded to the current implementation. The admin check happens in the fallback function, meaning the proxy itself intercepts admin calls and forwards everything else via delegatecall. This pattern is the most widely used and has the strongest security track record because the admin and user logic are cleanly separated.
The Universal Upgradeable Proxy Standard, or UUPS, places the upgrade logic in the implementation contract rather than the proxy. The proxy simply delegatecalls to the implementation, which includes its own upgrade function. This pattern is more gas-efficient but places a heavier burden on implementation contract developers to correctly manage the upgrade mechanism. A bug in the implementation’s upgrade function can permanently lock the protocol or, worse, allow unauthorized upgrades.
The Minimal Proxy pattern, used primarily for factory contracts that deploy many identical instances, is not truly upgradeable. Each instance is a minimal proxy that delegatecalls to a single implementation. While efficient, this pattern does not support individual upgrades and is typically used for standardized contracts like ERC-20 token deployments.
Step two: Analyze the Teller Finance v2 failure. The exploit occurred because the proxy contract contained an unsafe delegatecall that permitted attacker-controlled calldata execution. In a correctly implemented proxy, the delegatecall should only forward calls to the designated implementation address. In Teller’s case, the validation was insufficient, allowing the attacker to supply arbitrary calldata that the proxy executed against its own storage context.
The attack sequence followed a predictable pattern. First, the attacker identified the delegatecall pathway that lacked proper origin validation. Second, they crafted calldata that, when executed via delegatecall in the proxy’s context, modified storage slots controlling access permissions. Third, with elevated permissions established, the attacker executed withdrawal transactions that drained the protocol’s asset pools.
Step three: Learn to identify proxy pattern vulnerabilities. The most critical check is whether the proxy properly restricts which addresses can trigger the upgrade function. In ERC-1967, the admin role should be held by a time-locked multisig wallet, not an externally owned account. Any proxy where a single private key can change the implementation address carries extreme centralization risk.
The storage layout compatibility between proxy and implementation is the second critical check. When a new implementation adds storage variables, these must be appended after the existing layout, never inserted in the middle. Storage collisions, where the proxy’s variables and the implementation’s variables occupy the same slot, can lead to catastrophic state corruption.
The initializer pattern is the third check. Upgradeable contracts cannot use Solidity’s constructor because the constructor runs during the initial deployment, not during upgrades. Instead, they use initializer functions that should be protected against being called multiple times. Missing this protection allows anyone to reinitialize the contract and set themselves as the owner.
Troubleshooting
When evaluating a protocol’s proxy security, you may encounter several common issues. If the protocol does not publicly disclose which proxy pattern it uses, this is a red flag. Transparency about the upgrade mechanism is a basic expectation for any protocol managing user funds.
If you discover that the implementation contract can be changed without a time-lock delay, the protocol carries elevated centralization risk. A malicious or compromised admin could replace the implementation with one that drains all funds, and users would have no window to withdraw before the upgrade takes effect.
When the proxy contract’s source code is not verified on Etherscan or the relevant block explorer, you cannot independently verify the proxy pattern’s correctness. Unverified proxy contracts should be treated as high-risk regardless of the protocol’s reputation.
If you are a developer implementing a proxy pattern and encountering unexpected behavior, the most common cause is storage slot collision. Use OpenZeppelin’s storage gap pattern to reserve space in base contracts for future variables, and always test storage layout compatibility during upgrades using tools like Hardhat’s storage layout checker.
Mastering the Skill
Proxy contract security is a deep topic that rewards continued study. Start by reading the ERC-1967 standard specification and OpenZeppelin’s proxy library documentation. Deploy your own transparent proxy using Hardhat or Foundry and experiment with the upgrade flow. Practice identifying storage collisions by intentionally creating them in a test environment and observing the resulting state corruption.
Follow security research from firms like Trail of Bits and Spearbit that regularly publish analyses of proxy vulnerabilities. Study past exploits, from the Parity wallet freeze of 2017 to the more recent Teller Finance incident, to understand how the same fundamental vulnerability class manifests in different contexts.
For protocol developers, consider whether your application truly requires upgradeability. Many DeFi protocols can achieve their goals with immutable contracts and separate strategy contracts that users opt into. The security cost of upgradeability is real, and it should be weighed against the flexibility benefits in every design decision.
For users, develop a proxy security checklist: verify the pattern type, confirm the admin is a time-locked multisig, check storage layout compatibility after upgrades, and ensure initializers are properly protected. This checklist will serve you across every upgradeable protocol you encounter.
Disclaimer: This article is for educational purposes only and does not constitute financial, investment, or legal advice. Smart contract development carries inherent risks. Always conduct thorough testing and auditing before deploying code to production.
Great breakdown of the differences between UUPS and Transparent patterns. I’ve been debating which one to use for our next protocol launch, and the gas savings on UUPS are hard to ignore. Definitely keeping the storage collision risks in mind though!
SoliditySage UUPS gas savings are real but the upgrade bomb risk is underrated. one bad upgrade and the entire protocol is gone. transparent is safer for anything with real TVL
transparent proxy is safer but the gas overhead adds up fast for high-frequency contracts. UUPS with a 48h timelock on upgrades is a decent middle ground
Upgradability is always a double-edged sword. Every time I see a ‘decentralized’ protocol with a single multisig acting as the proxy admin, I cringe. We really need more standardization around timelocks and decentralized governance for these upgrades.
AuditArmor single multisig as proxy admin is basically a centralized kill switch with extra steps. timelocks should be mandatory
timelocks plus multisig should be table stakes for anything over $10M TVL. single admin upgrade paths are just honeypots with extra steps
Finally someone explained storage slots in a way that makes sense! I’ve seen so many projects get wrecked because they messed up the inheritance order in their implementation contracts. Super helpful guide for anyone starting with OpenZeppelin’s library.
The trade-offs between bytecode complexity and maintainability are often overlooked. While proxies offer flexibility, they add a layer of obfuscation that can be dangerous if the upgrade logic isn’t perfectly transparent. Good read on the security implications.