Name of the Vulnerable Software and Affected Versions OpenZeppelin Upgradeable Contracts library versions 4.0.0 through 4.2.0

Description The storage layout of the ERC2771ContextUpgradeable contract is not constant between versions, which could result in breaking upgrades if someone upgrades from an affected version to a non-affected version. This issue affects upgrades from versions prior to 4.3.0 to version 4.3.0 or later. The risk of a breaking upgrade has been assessed for instances of this contract found on chain with publicly verified source code, and the corresponding teams have been notified.

Recommendations For versions 4.0.0 through 4.2.0, it is recommended to use the OpenZeppelin Upgrades Plugins for Hardhat and Truffle to catch potentially breaking upgrades. If an upgrade to a newer version of the Upgradeable Contracts library is necessary, copy the previous implementation of ERC2771ContextUpgradeable from the release-4.2 branch and package it with your code.