bareli - Not all imported contracts are upgradable.

Question

bareli - Not all imported contracts are upgradable.

Closed this issue 5 months ago · 1 comments

sherlock-admin3 commented 5 months ago

bareli

medium

Not all imported contracts are upgradable.

Summary

Not all imported contracts are upgradable.

Vulnerability Detail

@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/utils/Address.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

Impact

contracts/token/ERC20/IERC20.sol is not an upgradable contract.
import "@openzeppelin/contracts/utils/Address.sol" is not an upgradable contract.

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_S
mart.sol#L7

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L8

Tool used

Manual Review

Recommendation

use @openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol instead of @openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol " instead of @openzeppelin/contracts/utils/Address.sol.
import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol " instead of "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

Answer 1 · 2024-05-16T19:10:55.000Z

Invalid, interfaces imported need not be upgradeable