Description
The non-upgradeable standard version of OpenZeppelin's library, such as Ownable
, Pausable
, Address
, Context
, SafeERC20
, ERC1967Upgrade
etc, are inherited / used by both the proxy and the implementation contracts.
As a result, when attempting to use the upgrades plugin mentioned, the following errors are raised:
Having reviewed these errors, none had any adversarial impact:
totalSupply_
and paused
are explictly assigned the default values 0
and false
the implementation contracts utilises the internal _transferOwnership()
in the initializer, thus transferring ownership to newOwner
regardless of who the current owner is
Address's
delegatecall
is only used by the ERC1967Upgrade
contract. Comparing both the Address
and ERC1967Upgrade
contracts against their upgradeable counterparts show similar behaviour (differences are some refactoring done to shift the delegatecall into the ERC1967Upgrade
contract).
Nevertheless, it would be safer to use the upgradeable versions of the library contracts to avoid unexpected behaviour.
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/LiquidationPool.sol#L6
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/LiquidationPoolManager.sol#L5
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultManagerV5.sol#L7
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L5
Where applicable, use the contracts from @openzeppelin/contracts-upgradeable
instead of @openzeppelin/contracts
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.