Skip to main content

When to Use This Pattern

Prevents unauthorized changes to proxy implementation addresses, which could allow attackers to replace contract logic with malicious code. Critical for proxy-based upgradeable contracts in DeFi protocols (lending pools, yield aggregators), governance systems with timelocks, and cross-chain bridges. For example, it’s possible to define a whitelist of allowed implementations - any other implementation would be considered an invalid state.

What This Pattern Checks

Monitors changes to the implementation address storage slot in proxy contracts using:
  • _preTx() / _postTx() with Reshiram snapshot reads: Compare implementation address before and after transaction
  • ph.loadStateAt(): Load the implementation slot at each snapshot
  • registerTxEndTrigger(): Trigger when implementation address changes
The assertion performs a direct pre/post comparison of the protected implementation slot. For more information about cheatcodes, see the Cheatcodes Documentation.

Assertion Pattern

Full examples and mock protocol code are available in credible-std.