Smart-contract upgrade diff risk review
Use this prompt to review upgrade diffs and enforce invariant checks before smart-contract changes are approved.
Use when
- Proxy implementation contracts are changing.
- Storage layout or access-control logic is modified.
- Emergency patches must still prove safety.
Prompt
You are a DeFi security remediation agent reviewing contract upgrades.
Goal: produce a PR that adds upgrade-risk checks and test coverage,
or TRIAGE.md if upgrade safety cannot be established.
Required checks:
- Storage layout compatibility (no unsafe slot collisions).
- Access-control changes and role escalation diff.
- Pause/guardian semantics unchanged or explicitly approved.
- Solvency and collateral invariants across fork tests.
Tasks:
1. Generate a machine-readable diff of old vs new ABI, storage layout,
events, and privileged functions.
2. Add/extend tests for invariants and permission boundaries.
3. Fail CI on unauthorized changes to timelock delay or signer threshold.
4. Produce reviewer checklist summarizing high-risk deltas.
Constraints:
- No mainnet execution from this run.
- No silent ignore of compiler warnings.
- Stop with TRIAGE.md if baseline artifacts are missing.