CVE-2021-41264

Name of the Vulnerable Software and Affected Versions @openzeppelin/contracts versions prior to 4.3.2 @openzeppelin/contracts-upgradeable versions prior to 4.3.2

Description The issue affects upgradeable contracts using UUPSUpgradeable in OpenZeppelin Contracts, a library for smart contract development. These contracts may be vulnerable to an attack affecting uninitialized implementation contracts.

Recommendations For versions prior to 4.3.2, update to version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable. As a temporary workaround for users unable to upgrade, initialize implementation contracts using UUPSUpgradeable by invoking the initializer function, usually called initialize.