UUPS Upgradable - vague documentation in FAQ

The documentation states:

This contract adds the required upgradeTo function, but also contains a built-in mechanism that will check on-chain, at the time of an upgrade, that the new implementation proposed preserves upgradeTo .

You can find this here:

Question 1: Though, It's so vague how it checks ON-CHAIN that new implementation contains upgradeTo ? all I can see is it calls proxiableUUID and that's it...

What am I missing ? Thank you.

Question 2: Documentation also mentions:

This prevents upgrades to an implementation contract that wouldn’t contain the necessary upgrade mechanism, as it would lock the upgradeability of the proxy forever. This security mechanism can be bypassed by either of:

  • Adding a flag mechanism in the implementation that will disable the upgrade function when triggered.

What do you mean by flag ? you mean overriding upgradeTo and adding revert statement in it ?

Your first quote refers to a mechanism that we later removed in favor of a simpler mechanism. The new one does not check for the existence of upgradeTo but it does check that the contract reports to be UUPS-compatible.

I will update the docs to reflect that.

By "flag" we mean something like this pseudocode

bool upgradesDisabled = false;

function upgradeTo(...) override {
    if (upgradesDisabled) {
    } else {