Use oz-upgrades-unsafe-allow-reachable in ERC1967Upgrade (#3971)

Co-authored-by: Francisco <fg@frang.io>
pull/3984/head
Hadrien Croubois 2 years ago committed by GitHub
parent 2a62fb4a2d
commit c404862cba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 5
      .changeset/strong-bulldogs-buy.md
  2. 5
      .changeset/yellow-swans-cover.md
  3. 2
      contracts/proxy/ERC1967/ERC1967Upgrade.sol
  4. 4
      contracts/proxy/utils/UUPSUpgradeable.sol

@ -0,0 +1,5 @@
---
'openzeppelin-solidity': minor
---
`ERC1967Upgrade`: removed contract-wide `oz-upgrades-unsafe-allow delegatecall` annotation, replaced by granular annotation in `UUPSUpgradeable`.

@ -0,0 +1,5 @@
---
'openzeppelin-solidity': minor
---
`UUPSUpgradeable`: added granular `oz-upgrades-unsafe-allow-reachable` annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with `@openzeppelin/upgrades-core@1.21.0`).

@ -13,8 +13,6 @@ import "../../utils/StorageSlot.sol";
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*
* @custom:oz-upgrades-unsafe-allow delegatecall
*/
abstract contract ERC1967Upgrade {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1

@ -62,6 +62,8 @@ abstract contract UUPSUpgradeable is IERC1822Proxiable, ERC1967Upgrade {
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeTo(address newImplementation) external virtual onlyProxy {
_authorizeUpgrade(newImplementation);
@ -75,6 +77,8 @@ abstract contract UUPSUpgradeable is IERC1822Proxiable, ERC1967Upgrade {
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);

Loading…
Cancel
Save