Add __gap array to all upgradeable contracts to prevent future storage collisions

Configuration must be in initializer not constructor, state set in proxy storage

All critical state variables initialized during proxy deployment, no zero-value defaults

Initialization front-running protection, atomic deploy-and-initialize

Reentrancy guards on initializers, atomic state setup, consistent state

Use onlyInitializing modifier, chain parent initializers, disable on implementation

Validate storage layout between old and new implementations, no variable reordering

New implementations must inherit all required functions from previous versions

Ownership continuity across upgrades, admin address preservation

Verify target has code before delegatecall, extcodesize validation

Check success boolean and returndata, bubble up revert reasons

Full admin delegation to governance, no residual deployer privileges

Signatures bound to contract address, replay prevention across upgrades

Validate new implementation before upgrade, code audit gates, interface checks

Validate target exists before call/delegatecall/staticcall, zero-address checks

No 4-byte selector collisions between proxy and implementation functions

Public proxy methods that shadow implementation functions, admin-only proxy calls

Predictable CREATE2 salts, address pre-computation attacks, deployment DoS

Reentrancy in delegatecall chains, cross-function reentrancy via proxy

Proxy address registry consistency, correct address resolution

Validate implementation before proxy reuse, stale implementation references