Upgrade Stylus Contracts
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only smart-contract upgrade guide with no executable code or credentials, but users should manually verify any on-chain upgrade transaction and the guide’s provenance.
Before installing or using this skill for production, verify the guidance against official sources, test upgrades on a fork or testnet, confirm storage-layout compatibility, and manually approve any wallet transaction or governance proposal.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken deployment or upgrade transaction could affect a live contract, but the skill does not execute transactions by itself.
The skill describes deployment steps that, if the user executes them, can create or alter smart-contract infrastructure. This is expected for the skill’s stated purpose and is not automatic in the artifact.
Deploy the proxy with `set_version` as the initialization call data. Use `cargo stylus deploy` or a deployer contract.
Manually review generated deployment or upgrade calldata, contract addresses, and network selection before signing any transaction.
A bad beacon implementation could break or alter all proxies that depend on that beacon.
Beacon upgrades can intentionally propagate one implementation change to multiple proxy contracts, so a mistake can affect many deployed contracts at once.
Updating the beacon upgrades all proxies in one transaction.
Use staging tests, storage-layout checks, audits, and multisig or governance review before beacon upgrades.
Users may over-trust the guidance if they assume the package is officially sourced.
The skill presents an OpenZeppelin author attribution, while the registry context lists the source as unknown and no homepage. This is not evidence of deception, but the attribution should be verified before relying on it for production contract upgrades.
metadata: author: OpenZeppelin
Cross-check critical upgrade guidance against official OpenZeppelin Stylus documentation and repositories before applying it to live contracts.