To Do: May 3

[PulpSpy]

Add security discussion

• Vulnerabilities with different methods
• How upgradability helps recover from security incidents
• Can you update a contract without broadcasting the fact that there is a problem (front-running resistant)

Add evaluation framework

• Frequency
• Decentralizatin
• Foreknowledge of changes
• Wholesale changes
• Efficiency: gas for those uninformed about upgrades
• Efficiency: gas for those informed about upgrades

Sample code

• Simple contract implemented each way

[GreatSoshiant]

Some Ideas:

• Time delay between changes
• Period between a change proposal and have it on chain
• GEV

[GreatSoshiant]

Check OpenZepplin upgrade patterns and find out the structure, events, and function names it used

[GreatSoshiant]

1. In addresses that the "Upgraded" event fired before, we can find the new version's code using the implementation address and check the amount of change on the code using some code diff algorithms.
2. In addresses that the "AdminChanged" event fired before, we can check if it changed from EOA to Multi-sig or another EOA or a governance structure.
3. Don't forget to check for Pauseability and TimeLock and other stuff