GHSA-7J52-6FJP-58GR

Vulnerability from github – Published: 2022-03-14 23:22 – Updated: 2022-03-14 23:22
VLAI
Summary
Inconsistent storage layout for ERC2771ContextUpgradeable
Details

Impact

The storage layout of the ERC2771ContextUpgradeable is not constant between versions. - versions 4.0.0, 4.1.0 and 4.2.0, the contract has a length of 51 slots. - since 4.3.0, the contract has a length of 50 slots - future versions will continue using 50 slots.

This difference in layout could result in breaking upgrades if someone upgrades from an affected version to a non-affected version. It is thus recommended to be extremely careful when upgrading from a contract that uses ERC2771ContextUpgradeable <4.3.0 to a newer version that uses >=4.3.0.

We've assessed the instances of this contract found on chain (with publicly verified source code) and notified the corresponding teams of the risk that an upgrade could cause.

Workarounds

Potentially breaking upgrades would be caught by the OpenZeppelin Upgrades Plugins for Hardhat and Truffle. It is recommended to use this tooling for all your upgrades.

If you need to upgrade to a newer version of the Upgradeable Contracts library, we recommend copying the previous implementation ERC2771ContextUpgradeable (available in the release-4.2 branch) and packaging it with your code.

Reference

https://github.com/OpenZeppelin/openzeppelin-transpiler/pull/86

For more information

If you have any questions, comments, or need assistance regarding this advisory, email us at security@openzeppelin.com.

To submit security reports please use our bug bounty on Immunefi.

Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openzeppelin/contracts-upgradeable"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-14T23:22:27Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\n\nThe storage layout of the ERC2771ContextUpgradeable is not constant between versions. \n- versions `4.0.0`, `4.1.0` and `4.2.0`, the contract has a length of 51 slots. \n- since `4.3.0`, the contract has a length of 50 slots\n- future versions will continue using 50 slots. \n\nThis difference in layout could result in breaking upgrades if someone upgrades from an affected version to a non-affected version. It is thus recommended to be extremely careful when upgrading from a contract that uses ERC2771ContextUpgradeable `\u003c4.3.0` to a newer version that uses `\u003e=4.3.0`.\n\nWe\u0027ve assessed the instances of this contract found on chain (with publicly verified source code) and notified the corresponding teams of the risk that an upgrade could cause.\n\n### Workarounds\n\nPotentially breaking upgrades would be caught by the OpenZeppelin Upgrades Plugins for Hardhat and Truffle. It is recommended to use this tooling for all your upgrades.\n\nIf you need to upgrade to a newer version of the Upgradeable Contracts library, we recommend copying the previous implementation ERC2771ContextUpgradeable (available in the `release-4.2` branch) and packaging it with your code.\n\n### Reference\n\nhttps://github.com/OpenZeppelin/openzeppelin-transpiler/pull/86\n\n### For more information\n\nIf you have any questions, comments, or need assistance regarding this advisory, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).\n\nTo submit security reports please use [our bug bounty on Immunefi](https://immunefi.com/bounty/openzeppelin/).\n",
  "id": "GHSA-7j52-6fjp-58gr",
  "modified": "2022-03-14T23:22:27Z",
  "published": "2022-03-14T23:22:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-7j52-6fjp-58gr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-transpiler/pull/86"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Inconsistent storage layout for ERC2771ContextUpgradeable"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.