Since proxied contracts do not make use of a constructor, it’s common to move constructor logic to an external initializer function, usually called initialize. It then becomes necessary to protect this initializer function so it can only be called once.
The solution uses:
“@openzeppelin/contracts”: “^4.2.0”,
“@openzeppelin/contracts-upgradeable”: “^4.2.0”,
These dependencies have a known high-severity vulnerability:
<https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-2320177>
<https://snyk.io/test/npm/@openzeppelin/contracts/4.0.0#SNYK-JS-OPENZEPPELINCONTRACTS-2320176>
Which makes these contracts vulnerable:
76: function initialize(IPoolAddressesProvider provider) external initializer {
MockInitializableImplementation.sol#L25.
25: ) external initializer {
39: function initialize() external initializer {
57: function initialize() external initializer
Upgrade @openzeppelin/contracts and @openzeppelin/contracts-upgradeable to version 4.4.1 or higher.
The text was updated successfully, but these errors were encountered:
All reactions