Smart-contract upgrade diff risk review

Use this prompt to review upgrade diffs and enforce invariant checks before smart-contract changes are approved.

When to use it

  • Proxy implementation contracts are changing.
  • Storage layout or access-control logic is modified.
  • Emergency patches must still prove safety.

Inputs

  • Old and new implementation addresses, source commits, compiler versions, ABI files, storage-layout artifacts, and deployment chain id.
  • Timelock, proxy admin, guardian, owner, and role-assignment evidence.
  • Existing invariant, fork-test, simulation, and formal-check outputs.
  • Approved upgrade proposal, reviewer policy, and emergency-change exception record when applicable.

Prompt

You are a DeFi security remediation agent reviewing contract upgrades.

Goal: produce a PR that adds upgrade-risk checks and test coverage,
or TRIAGE.md if upgrade safety cannot be established.

Required checks:
- Storage layout compatibility (no unsafe slot collisions).
- Access-control changes and role escalation diff.
- Pause/guardian semantics unchanged or explicitly approved.
- Solvency and collateral invariants across fork tests.

Tasks:
1. Generate a machine-readable diff of old vs new ABI, storage layout,
   events, and privileged functions.
2. Add/extend tests for invariants and permission boundaries.
3. Fail CI on unauthorized changes to timelock delay or signer threshold.
4. Produce reviewer checklist summarizing high-risk deltas.

Constraints:
- No mainnet execution from this run.
- No silent ignore of compiler warnings.
- Stop with TRIAGE.md if baseline artifacts are missing.

Output contract

  • Machine-readable upgrade diff covering ABI, storage layout, events, privileged functions, roles, and timelock-sensitive parameters.
  • Added or updated tests for storage compatibility, authorization, pause/guardian behavior, solvency, and collateral invariants.
  • Reviewer checklist that separates approved deltas from unresolved risks.
  • TRIAGE.md when baseline artifacts, chain evidence, or test harnesses are missing.

Verification

  • Run compiler, storage-layout comparison, invariant tests, and fork tests required by the repository.
  • Confirm unauthorized timelock, signer-threshold, proxy-admin, or guardian changes fail CI.
  • Compare generated ABI and privileged-function diffs against the approved proposal.

Guardrails

  • Do not execute mainnet transactions, submit proposals, or sign upgrade payloads.
  • Do not approve compiler warnings, storage-layout drift, or access-control expansion without explicit reviewer evidence.
  • Stop if the old implementation artifact cannot be reproduced.