CVE-2021-46320

Name of the Vulnerable Software and Affected Versions: OpenZeppelin versions <=v4.4.0

Description: Initializer functions that are invoked separate from contract creation, such as minimal proxies, may be reentered if they make an untrusted non-view external call. Normally, once an initializer has finished running, it can never be re-executed. However, an exception to support multiple inheritance made reentrancy possible, breaking the expectation of a single execution. The impact of this issue is believed to be minor, as upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible.

Recommendations: For OpenZeppelin versions <=v4.4.0, update to version v4.4.1 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable to fix the issue. As a temporary workaround, avoid making untrusted external calls during initialization.