Skip to main content

Managing changeable contracts

On Tezos, contracts cannot be changed after they are originated. However, there are ways to make contracts changeable or upgradable.

In some cases, it's important to make a contract upgradeable. For example, if it needs to store an address, there should be a way to change that address in case the account is compromised or needs to change for any other reason.

There are two main ways to make a contract upgradable:

  • Put part of the logic in a piece of code (a lambda), in the storage of the contract (also known as dynamic entrypoints in LIGO)
  • Put part of the logic in a separate contract and store the address of that contract in your contract

In either case, provide an entry point that an administrator can call to change these values and therefore change the behavior of the contract.

Of course, making the contract upgradeable also introduces risks. Contracts that you rely on for financial reasons could change for malicious reasons and you could lose out.

Before you use a contract, directly or as part of your own contract, make sure this contract can't be upgraded in a way that breaks the key aspects that you rely on.

If the contract you want to use is upgradable, make sure the upgrade system follows a very safe process, where the new version is known well in advance, and the decision to activate the upgrade is done by a large enough set of independent users.

Last updated on