bareli - Not all imported contracts are upgradable.
Closed this issue · 1 comments
bareli
medium
Not all imported contracts are upgradable.
Summary
Not all imported contracts are upgradable.
Vulnerability Detail
@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/utils/Address.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
Impact
contracts/token/ERC20/IERC20.sol is not an upgradable contract.
import "@openzeppelin/contracts/utils/Address.sol" is not an upgradable contract.
Code Snippet
Tool used
Manual Review
Recommendation
use @openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol instead of @openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol " instead of @openzeppelin/contracts/utils/Address.sol.
import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol " instead of "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
Invalid, interfaces imported need not be upgradeable