Proxy-based upgradeable contracts need to use public initializer functions instead of constructors that need to be explicitly called only once. Preventing multiple invocations of such initializer functions (e.g. via initializer modifier from OpenZeppelin’s Initializable library) is a must. (see here and here)
- Unprotected Initializers
- Proxy-based Contracts
- Constructors -> Initialize()
- Multiple Invocations -> Reinitialize Contract
- OZ Initializable Library