Upgradeable Proxies

Upgradeable proxies let you fix bugs and ship new features without migrating users to a new address. The proxy holds storage and delegates calls to a logic contract, while an admin can point the proxy at a fresh implementation when upgrades are approved.

Reserve storage gaps — arrays of unused uint256 slots — in base contracts so future versions can add state without shifting existing layout. OpenZeppelin's upgradeable variants use initializer functions instead of constructors because constructors do not run on the proxy's storage context.

Upgrade governance should match your threat model: timelocks, multisigs, and on-chain votes each trade speed for trust. Document who can upgrade, how long users have to react, and whether upgrades can be renounced permanently.