What starting position does this attack require?

The first step is Every proxy DELEGATECALL fails forever (T1486) — a impact primitive. Assumed environment: target deployed UUPS proxies via OpenZeppelin Upgrades.

What is the final impact of this kill-chain?

The final step lands on Call initialize() — become owner (W3-PROXY-INIT), which falls under Privilege Escalation. From here, an operator typically pivots into post-exploitation or maintains persistence.

How can defenders detect or prevent this attack?

Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

← RegistryDossier · 4 steps · 3 edges

Approved

Uninitialised UUPS proxy implementation → brick contracts

UUPS upgradeable contracts must initialise the implementation contract itself. If skipped, anyone can call `initialise()` and become its owner — then call `selfdestruct` to brick every proxy referencing it (Parity Multisig 2017).

Filed by AD Knowledge BasePublished 2026-05-26

§ Kill-chainDrag · zoom · scroll

Impact

Every proxy DELEGATECALL fails forever

T1486 · Data Encrypted for Impact

Reconnaissance

Spot uninitialised implementation contract

W-RECON-FINGERPRINT · Tech Stack Fingerprinting

Impact

Trigger selfdestruct via owner-only function

T1485 · Data Destruction

Privilege Escalation

Call initialize() — become owner

W3-PROXY-INIT · Uninitialised UUPS Proxy Implementation

§ Context

Assumed environment: target deployed UUPS proxies via OpenZeppelin Upgrades. The deploy script didn't disable initialisers on the implementation, or didn't disable selfdestruct semantics on pre-0.8.18 Solidity.

§ Steps

01
Every proxy DELEGATECALL fails foreverImpact
T1486— Data Encrypted for Impact
02
Spot uninitialised implementation contractReconnaissance
W-RECON-FINGERPRINT— Tech Stack Fingerprinting
03
Trigger selfdestruct via owner-only functionImpact
T1485— Data Destruction
04
Call initialize() — become ownerPrivilege Escalation
W3-PROXY-INIT— Uninitialised UUPS Proxy Implementation

§ References

T1486Data Encrypted for Impact
T1485Data Destruction

§ Frequently asked

What is the "Uninitialised UUPS proxy implementation → brick contracts" attack path?: UUPS upgradeable contracts must initialise the implementation contract itself. If skipped, anyone can call `initialise()` and become its owner — then call `selfdestruct` to brick every proxy referencing it (Parity Multisig 2017). It chains 4 steps drawn from real-world offensive-security techniques.
What starting position does this attack require?: The first step is Every proxy DELEGATECALL fails forever (T1486) — a impact primitive. Assumed environment: target deployed UUPS proxies via OpenZeppelin Upgrades.
What is the final impact of this kill-chain?: The final step lands on Call initialize() — become owner (W3-PROXY-INIT), which falls under Privilege Escalation. From here, an operator typically pivots into post-exploitation or maintains persistence.
How can defenders detect or prevent this attack?: Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

Uninitialised UUPS proxy implementation → brick contracts

§ Context

§ Steps

§ References

§ Frequently asked

§ Related dossiers

ERC-4337 paymaster sponsor drain

MOVEit Transfer (CVE-2023-34362) → mass data exfil (Cl0p)