Proxy Contract — Rug Check Risk Guide
Proxy contracts — the hidden upgrade trap
What is a proxy contract in crypto?
A proxy contract is a smart contract pattern where the user interacts with a thin proxy that forwards calls to a separate implementation contract. The implementation can be swapped at any time by the proxy's admin — and that's exactly the trap. A dev ships a benign ERC-20 implementation, passes an audit, attracts liquidity, then upgrades the implementation to include honeypot logic, hidden taxes, blacklist functions, or unlimited mint. Because the proxy address stays the same, holders have no signal that anything changed. The two standard patterns on Ethereum are EIP-1967 (OpenZeppelin transparent and UUPS proxies) and EIP-1822 (ERC-1822 UUPS). Both store the implementation address in a specific storage slot, which any scanner can read. A proxy is not automatically a rug — many legitimate protocols use upgradeable contracts for bug fixes, governed via multisig or timelock. The red flag is a proxy contract with a single EOA admin and no governance, a recently upgraded implementation, or an implementation that fails to match the verified source on Etherscan. Sharpe's Rug Check detects proxy patterns by reading the EIP-1967 storage slot, flags the admin type, compares source verification, and warns if the implementation was swapped within the last 30 days.
Frequently Asked Questions
- What is a proxy contract in Ethereum?
- A proxy contract is a smart contract that forwards all calls to a separate implementation contract. The implementation can be replaced by the proxy admin, which means logic can change after deployment.
- Are all proxy contracts risky?
- No. Many legitimate protocols use upgradeable contracts for bug fixes and upgrades, governed via multisig or timelock. The risk is a proxy controlled by a single EOA with no governance — that admin can swap the implementation to a honeypot at will.
- How do I check if a token is a proxy?
- Sharpe's Rug Check reads the EIP-1967 implementation storage slot and reports proxy status, admin type (EOA vs multisig vs timelock), and whether the implementation has been upgraded recently. A single-EOA admin with a recent upgrade is a near-certain red flag.
How to detect proxy contract risk
- Contract has non-zero bytes at EIP-1967 implementation slot
- Proxy admin is a 1-of-1 EOA (not multisig or timelock)
- Implementation was upgraded in the last 30 days
- Verified source of implementation does not match current bytecode
- Admin wallet was funded by a bridge or mixer (Tornado Cash, etc.)
Historical proxy contract incidents
- Multiple ERC-20 rugs where dev upgraded to honeypot implementation post-launch
- Forsage, Gala Games — legitimate proxy usage with multisig governance (not rugs)