F-2025-0007·upgradability-design

Non-upgradeable contract may require complex migration for future changes

Fixedstakingnft-boostrewards
TL;DR

Contract is non-upgradeable despite the team planning future modifications, forcing complex user migrations and risk of parallel-contract confusion.

Severity
LOW
Impact
LOW
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

The contract is currently implemented as a non-upgradeable contract:

solidity
contract StakingContract is ReentrancyGuard {
    // No upgrade mechanism
}

However, the team has indicated plans for future modifications. Without upgradeability:

  1. New features will require new contract deployment.
  2. Users will need to migrate positions manually.
  3. Complex coordination for rewards and NFT boosts.
  4. Risk of user confusion during migration.
  5. Potential for parallel contracts running simultaneously.
03Section · Recommendation

Recommendation

Consider implementing an upgradeability pattern of your choice.

04Section · Resolution

Resolution

Ample Protocol: Fixed. Implemented TransparentUpdatableProxy.

Zealynx: A new issue (F-2025-0010) was found and reported during the upgradeable migration. Update: fixed and verified.

Status
Fixed
ZEALYNX SECURITY · published 2025-05-19
F-2025-0007

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx