Lines of code
<https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/brownie-config.yaml#L19>
<https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L56>
#Proof of Concept
<https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/brownie-config.yaml#L19>
The code uses:
@openzeppelin-contracts-upgradeable=OpenZeppelin/[email protected]/contracts/
This dependency have a known high severity vulnerability:
Which makes the main contract in this audit βMyStrategyβ vulnerable during initialization:
<https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L56>
Upgrade @openzeppelin/contracts-upgradeable to version 4.4.1 or higher.
(and upgrade @openzeppelin/contracts to version 4.4.1 or higher, if in use elsewhere)
The text was updated successfully, but these errors were encountered:
All reactions