Hey miohtama,
We’ve reviewed lots of projects that use those two patterns. For the proxy pattern, we have two simple recommendations:
- Don’t use it. It adds unnecessary complexity to most projects when the much simpler contract migration pattern would do. Proxy upgrades require manipulation of low-level Solidity, are filled with “footguns”, and have so many things that we have empirically seen go wrong. You can find our detailed review of each upgrade strategy on our blog.
- If you have to use it, review its use with Slither. Slither, our static analysis framework for Ethereum smart contracts, includes the most extensive set of checks available for reviewing proxy upgrade code. We’ve been able to catalog 17 specific failure conditions for proxy upgrades and build checks for them into the
slither-check-upgradeabilityutility. You can also use https://crytic.io to check many of these issues via a simple, Github-integrated web application.
Feel free to reach out if you have other questions. We’re on a Slack, Empire Hacking, in the #ethereum and #crytic channels.