Some subtleties to consider with upgradeable contracts using the OpenZeppelin SDK:
(I split this into a new topic as I thought it was an interesting discussion on its own.)
Need to consider the governance mechanisms to decide when and how to upgrade the contracts that will earn the trust of users:
Verify
Currently we can verify logic contracts on Etherscan with OpenZeppelin SDK and we can manually verify proxy contracts on Etherscan.
Etherscan doesn't currently support OpenZeppelin SDK proxy contracts.
Audits
Suggest reading the audits of the OpenZeppelin SDK contracts: