Impact
Upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon.
Patches
A fix is included in version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable.
Workarounds
Initialize implementation contracts using UUPSUpgradeable by invoking the initializer function (usually called initialize). An example is provided in the forum.
References
Post-mortem.
For more information
If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.
Impact
Upgradeable contracts using
UUPSUpgradeablemay be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon.Patches
A fix is included in version 4.3.2 of
@openzeppelin/contractsand@openzeppelin/contracts-upgradeable.Workarounds
Initialize implementation contracts using
UUPSUpgradeableby invoking the initializer function (usually calledinitialize). An example is provided in the forum.References
Post-mortem.
For more information
If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.