This security review step tackles contracts with build in upgradeability. Smart contract upgradeability allows smart contract code to be modified arbitrarily and presents a large risk surface. As such, reviewing upgradability implementations can be complex and dependent on the implementation but we offer some suggestions below.
Several standard upgradeability implementations are now available and ideally contracts should use one of them. If a custom upgradeability implementation has been developed (for good reason), its review should be much more extensive.
Slither has a built in scanner for upgradeability called slither-check-upgradeability. Use it to identify common issues with upgradeable contracts.
Follow OpenZeppelin's guidelines for upgradeable contracts and review the upgradeability implementation accordingly.