Описание
UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeable
Impact
Upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon.
Patches
A fix is included in version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable.
Workarounds
Initialize implementation contracts using UUPSUpgradeable by invoking the initializer function (usually called initialize). An example is provided in the forum.
References
A post-mortem will be published in a few days in the OpenZeppelin Forum.
For more information
If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.
Пакеты
@openzeppelin/contracts-upgradeable
>= 4.1.0, < 4.3.2
4.3.2