From 38448c104aa5725bb07d35b591156cd59402c929 Mon Sep 17 00:00:00 2001
From: Francisco Giordano <frangio.1@gmail.com>
Date: Mon, 13 Sep 2021 18:07:29 -0300
Subject: [PATCH] Add recommendation to initialize all contracts that use
 Initializable

---
 contracts/proxy/utils/Initializable.sol | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/contracts/proxy/utils/Initializable.sol b/contracts/proxy/utils/Initializable.sol
index 7bd696bd8..6e6c906ea 100644
--- a/contracts/proxy/utils/Initializable.sol
+++ b/contracts/proxy/utils/Initializable.sol
@@ -13,6 +13,22 @@ pragma solidity ^0.8.0;
  *
  * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
  * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
+ *
+ * [CAUTION]
+ * ====
+ * Avoid leaving a contract uninitialized.
+ *
+ * An uninitialized contract can be used in certain kinds of exploits since it may allow an attacker to take control of
+ * the contract. This includes the implementation contract behind a proxy. You can either invoke the initializer
+ * manually, independently of initialization of the proxy, or you can include a constructor to automatically mark it as
+ * initialized when it is deployed:
+ *
+ * [.hljs-theme-light.nopadding]
+ * ```
+ * /// @custom:oz-upgrades-unsafe-allow constructor
+ * constructor() initializer {}
+ * ```
+ * ====
  */
 abstract contract Initializable {
     /**