Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0c4de6721d | |||
| 024cc50df4 |
@ -1,5 +1,9 @@
|
||||
# Changelog
|
||||
|
||||
## 4.3.2 (2021-09-14)
|
||||
|
||||
* `UUPSUpgradeable`: Add modifiers to prevent `upgradeTo` and `upgradeToAndCall` being executed on any contract that is not the active ERC1967 proxy. This prevents these functions being called on implementation contracts or minimal ERC1167 clones, in particular.
|
||||
|
||||
## 4.3.1 (2021-08-26)
|
||||
|
||||
* `TimelockController`: Add additional isOperationReady check.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@openzeppelin/contracts",
|
||||
"description": "Secure Smart Contract library for Solidity",
|
||||
"version": "4.3.1",
|
||||
"version": "4.3.2",
|
||||
"files": [
|
||||
"**/*.sol",
|
||||
"/build/contracts/*.json",
|
||||
|
||||
@ -17,6 +17,22 @@ import "../ERC1967/ERC1967Upgrade.sol";
|
||||
* _Available since v4.1._
|
||||
*/
|
||||
abstract contract UUPSUpgradeable is ERC1967Upgrade {
|
||||
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
|
||||
address private immutable __self = address(this);
|
||||
|
||||
/**
|
||||
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
|
||||
* a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
|
||||
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
|
||||
* function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
|
||||
* fail.
|
||||
*/
|
||||
modifier onlyProxy() {
|
||||
require(address(this) != __self, "Function must be called through delegatecall");
|
||||
require(_getImplementation() == __self, "Function must be called through active proxy");
|
||||
_;
|
||||
}
|
||||
|
||||
/**
|
||||
* @dev Upgrade the implementation of the proxy to `newImplementation`.
|
||||
*
|
||||
@ -24,9 +40,9 @@ abstract contract UUPSUpgradeable is ERC1967Upgrade {
|
||||
*
|
||||
* Emits an {Upgraded} event.
|
||||
*/
|
||||
function upgradeTo(address newImplementation) external virtual {
|
||||
function upgradeTo(address newImplementation) external virtual onlyProxy {
|
||||
_authorizeUpgrade(newImplementation);
|
||||
_upgradeToAndCallSecure(newImplementation, bytes(""), false);
|
||||
_upgradeToAndCallSecure(newImplementation, new bytes(0), false);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -37,7 +53,7 @@ abstract contract UUPSUpgradeable is ERC1967Upgrade {
|
||||
*
|
||||
* Emits an {Upgraded} event.
|
||||
*/
|
||||
function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual {
|
||||
function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual onlyProxy {
|
||||
_authorizeUpgrade(newImplementation);
|
||||
_upgradeToAndCallSecure(newImplementation, data, true);
|
||||
}
|
||||
|
||||
4
package-lock.json
generated
4
package-lock.json
generated
@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "openzeppelin-solidity",
|
||||
"version": "4.3.1",
|
||||
"version": "4.3.2",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "openzeppelin-solidity",
|
||||
"version": "4.3.1",
|
||||
"version": "4.3.2",
|
||||
"license": "MIT",
|
||||
"bin": {
|
||||
"openzeppelin-contracts-migrate-imports": "scripts/migrate-imports.js"
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "openzeppelin-solidity",
|
||||
"description": "Secure Smart Contract library for Solidity",
|
||||
"version": "4.3.1",
|
||||
"version": "4.3.2",
|
||||
"files": [
|
||||
"/contracts/**/*.sol",
|
||||
"/build/contracts/*.json",
|
||||
|
||||
Reference in New Issue
Block a user