A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open" allow anyone to use the executor role, thus leaving the timelock at risk of being taken over by an attacker.
Patches
A fix is included in the following releases of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable:
4.3.1
3.4.2
3.4.2-solc-0.7
Deployed instances of TimelockController should be replaced with a fixed version by migrating all assets, ownership, and roles.
Workarounds
Revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.
Upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon.
Patches
A fix is included in version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable.
Workarounds
Initialize implementation contracts using UUPSUpgradeable by invoking the initializer function (usually called initialize). An example is provided in the forum.
When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of tokens in circulation.
Impact
If a system relies on accurately reported supply, an attacker may be able to mint tokens and invoke that system after receiving the token balance but before the supply is updated.
Patches
A fix is included in version 4.3.3 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable.
Workarounds
If accurate supply is relevant, do not mint tokens to untrusted receivers.
Credits
The issue was identified and reported by @ChainSecurityAudits.
Initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call.
Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution.
Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor.
Patches
A fix is included in the version v4.4.1 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable.
Workarounds
Avoid untrusted external calls during initialization.
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.
SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected.
The contracts that may be affected are those that use SignatureChecker to check the validity of a signature and handle invalid signatures in a way other than reverting. We believe this to be unlikely.
ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1.
The contracts that may be affected are those that use ERC165Checker to check for support for an interface and then handle the lack of support in a way other than reverting.
The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.
The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single bytes argument, and not the functions that take r, v, s or r, vs as separate arguments.
The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection.
Patches
The issue has been patched in 4.7.3.
For more information
If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at security@openzeppelin.com.
Release Notes
OpenZeppelin/openzeppelin-contracts
### [`v4.7.3`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#473)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.7.2...v4.7.3)
##### Breaking changes
- `ECDSA`: `recover(bytes32,bytes)` and `tryRecover(bytes32,bytes)` no longer accept compact signatures to prevent malleability. Compact signature support remains available using `recover(bytes32,bytes32,bytes32)` and `tryRecover(bytes32,bytes32,bytes32)`.
### [`v4.7.2`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#472)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.7.1...v4.7.2)
- `LibArbitrumL2`, `CrossChainEnabledArbitrumL2`: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. ([#3578](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3578))
- `GovernorVotesQuorumFraction`: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. ([#3561](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3561))
- `ERC165Checker`: Added protection against large returndata. ([#3587](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3587))
### [`v4.7.1`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#471)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.7.0...v4.7.1)
- `SignatureChecker`: Fix an issue that causes `isValidSignatureNow` to revert when the target contract returns ill-encoded data. ([#3552](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3552))
- `ERC165Checker`: Fix an issue that causes `supportsInterface` to revert when the target contract returns ill-encoded data. ([#3552](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3552))
### [`v4.7.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#470-2022-06-29)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.6.0...v4.7.0)
- `TimelockController`: Migrate `_call` to `_execute` and allow inheritance and overriding similar to `Governor`. ([#3317](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3317))
- `CrossChainEnabledPolygonChild`: replace the `require` statement with the custom error `NotCrossChainCall`. ([#3380](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3380))
- `ERC20FlashMint`: Add customizable flash fee receiver. ([#3327](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3327))
- `ERC4626`: add an extension of `ERC20` that implements the ERC4626 Tokenized Vault Standard. ([#3171](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3171))
- `SafeERC20`: add `safePermit` as mitigation against phantom permit functions. ([#3280](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3280))
- `Math`: add a `mulDiv` function that can round the result either up or down. ([#3171](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3171))
- `Math`: Add a `sqrt` function to compute square roots of integers, rounding either up or down. ([#3242](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3242))
- `Strings`: add a new overloaded function `toHexString` that converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. ([#3403](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3403))
- `EnumerableMap`: add new `UintToUintMap` map type. ([#3338](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3338))
- `EnumerableMap`: add new `Bytes32ToUintMap` map type. ([#3416](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3416))
- `SafeCast`: add support for many more types, using procedural code generation. ([#3245](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3245))
- `MerkleProof`: add `multiProofVerify` to prove multiple values are part of a Merkle tree. ([#3276](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3276))
- `MerkleProof`: add calldata versions of the functions to avoid copying input arrays to memory and save gas. ([#3200](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3200))
- `ERC721`, `ERC1155`: simplified revert reasons. ([#3254](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3254), ([#3438](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3438)))
- `ERC721`: removed redundant require statement. ([#3434](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3434))
- `PaymentSplitter`: add `releasable` getters. ([#3350](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3350))
- `Initializable`: refactored implementation of modifiers for easier understanding. ([#3450](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3450))
- `Proxies`: remove runtime check of ERC1967 storage slots. ([#3455](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3455))
##### Breaking changes
- `Initializable`: functions decorated with the modifier `reinitializer(1)` may no longer invoke each other.
### [`v4.6.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#460-2022-04-26)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.5.0...v4.6.0)
- `crosschain`: Add a new set of contracts for cross-chain applications. `CrossChainEnabled` is a base contract with instantiations for several chains and bridges, and `AccessControlCrossChain` is an extension of access control that allows cross-chain operation. ([#3183](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3183))
- `AccessControl`: add a virtual `_checkRole(bytes32)` function that can be overridden to alter the `onlyRole` modifier behavior. ([#3137](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3137))
- `EnumerableMap`: add new `AddressToUintMap` map type. ([#3150](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3150))
- `EnumerableMap`: add new `Bytes32ToBytes32Map` map type. ([#3192](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3192))
- `ERC20FlashMint`: support infinite allowance when paying back a flash loan. ([#3226](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3226))
- `ERC20Wrapper`: the `decimals()` function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. ([#3259](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3259))
- `draft-ERC20Permit`: replace `immutable` with `constant` for `_PERMIT_TYPEHASH` since the `keccak256` of string literals is treated specially and the hash is evaluated at compile time. ([#3196](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3196))
- `ERC1155`: Add a `_afterTokenTransfer` hook for improved extensibility. ([#3166](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3166))
- `ERC1155URIStorage`: add a new extension that implements a `_setURI` behavior similar to ERC721's `_setTokenURI`. ([#3210](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3210))
- `DoubleEndedQueue`: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. ([#3153](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3153))
- `Governor`: improved security of `onlyGovernance` modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. ([#3147](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3147))
- `Governor`: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The `params` argument added to `_countVote` method, and included in the newly added `_getVotes` method, can be used by counting and voting modules respectively for such purposes. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043))
- `Governor`: rewording of revert reason for consistency. ([#3275](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3275))
- `Governor`: fix an inconsistency in data locations that could lead to invalid bytecode being produced. ([#3295](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3295))
- `Governor`: Implement `IERC721Receiver` and `IERC1155Receiver` to improve token custody by governors. ([#3230](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3230))
- `TimelockController`: Implement `IERC721Receiver` and `IERC1155Receiver` to improve token custody by timelocks. ([#3230](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3230))
- `TimelockController`: Add a separate canceller role for the ability to cancel. ([#3165](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3165))
- `Initializable`: add a reinitializer modifier that enables the initialization of new modules, added to already initialized contracts through upgradeability. ([#3232](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3232))
- `Initializable`: add an Initialized event that tracks initialized version numbers. ([#3294](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3294))
- `ERC2981`: make `royaltyInfo` public to allow super call in overrides. ([#3305](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3305))
##### Upgradeability notice
- `TimelockController`: **(Action needed)** The upgrade from <4.6 to >=4.6 introduces a new `CANCELLER_ROLE` that requires set up to be assignable. After the upgrade, only addresses with this role will have the ability to cancel. Proposers will no longer be able to cancel. Assigning cancellers can be done by an admin (including the timelock itself) once the role admin is set up. To do this, we recommend upgrading to the `TimelockControllerWith46MigrationUpgradeable` contract and then calling the `migrateTo46` function.
##### Breaking changes
- `Governor`: Adds internal virtual `_getVotes` method that must be implemented; this is a breaking change for existing concrete extensions to `Governor`. To fix this on an existing voting module extension, rename `getVotes` to `_getVotes` and add a `bytes memory` argument. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043))
- `Governor`: Adds `params` parameter to internal virtual `_countVote` method; this is a breaking change for existing concrete extensions to `Governor`. To fix this on an existing counting module extension, add a `bytes memory` argument to `_countVote`. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043))
- `Governor`: Does not emit `VoteCast` event when params data is non-empty; instead emits `VoteCastWithParams` event. To fix this on an integration that consumes the `VoteCast` event, also fetch/monitor `VoteCastWithParams` events. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043))
- `Votes`: The internal virtual function `_getVotingUnits` was made `view` (which was accidentally missing). Any overrides should now be updated so they are `view` as well.
### [`v4.5.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#450-2022-02-09)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.4.2...v4.5.0)
- `ERC2981`: add implementation of the royalty standard, and the respective extensions for `ERC721` and `ERC1155`. ([#3012](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3012))
- `GovernorTimelockControl`: improve the `state()` function to have it reflect cases where a proposal has been canceled directly on the timelock. ([#2977](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2977))
- Preset contracts are now deprecated in favor of [Contracts Wizard](https://wizard.openzeppelin.com). ([#2986](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2986))
- `Governor`: add a relay function to help recover assets sent to a governor that is not its own executor (e.g. when using a timelock). ([#2926](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2926))
- `GovernorPreventLateQuorum`: add new module to ensure a minimum voting duration is available after the quorum is reached. ([#2973](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2973))
- `ERC721`: improved revert reason when transferring from wrong owner. ([#2975](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2975))
- `Votes`: Added a base contract for vote tracking with delegation. ([#2944](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2944))
- `ERC721Votes`: Added an extension of ERC721 enabled with vote tracking and delegation. ([#2944](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2944))
- `ERC2771Context`: use immutable storage to store the forwarder address, no longer an issue since Solidity >=0.8.8 allows reading immutable variables in the constructor. ([#2917](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2917))
- `Base64`: add a library to parse bytes into base64 strings using `encode(bytes memory)` function, and provide examples to show how to use to build URL-safe `tokenURIs`. ([#2884](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2884))
- `ERC20`: reduce allowance before triggering transfer. ([#3056](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3056))
- `ERC20`: do not update allowance on `transferFrom` when allowance is `type(uint256).max`. ([#3085](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3085))
- `ERC20`: add a `_spendAllowance` internal function. ([#3170](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3170))
- `ERC20Burnable`: do not update allowance on `burnFrom` when allowance is `type(uint256).max`. ([#3170](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3170))
- `ERC777`: do not update allowance on `transferFrom` when allowance is `type(uint256).max`. ([#3085](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3085))
- `ERC777`: add a `_spendAllowance` internal function. ([#3170](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3170))
- `SignedMath`: a new signed version of the Math library with `max`, `min`, and `average`. ([#2686](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2686))
- `SignedMath`: add an `abs(int256)` method that returns the unsigned absolute value of a signed value. ([#2984](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2984))
- `ERC1967Upgrade`: Refactor the secure upgrade to use `ERC1822` instead of the previous rollback mechanism. This reduces code complexity and attack surface with similar security guarantees. ([#3021](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3021))
- `UUPSUpgradeable`: Add `ERC1822` compliance to support the updated secure upgrade mechanism. ([#3021](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3021))
- Some more functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior.
##### Breaking changes
- `ERC1967Upgrade`: The function `_upgradeToAndCallSecure` was renamed to `_upgradeToAndCallUUPS`, along with the change in security mechanism described above.
- `Address`: The Solidity pragma is increased from `^0.8.0` to `^0.8.1`. This is required by the `account.code.length` syntax that replaces inline assembly. This may require users to bump their compiler version from `0.8.0` to `0.8.1` or later. Note that other parts of the code already include stricter requirements.
### [`v4.4.2`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#442-2022-01-11)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.4.1...v4.4.2)
##### Bugfixes
- `GovernorCompatibilityBravo`: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. ([#3100](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3100))
### [`v4.4.1`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#441-2021-12-14)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.4.0...v4.4.1)
- `Initializable`: change the existing `initializer` modifier and add a new `onlyInitializing` modifier to prevent reentrancy risk. ([#3006](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3006))
##### Breaking change
It is no longer possible to call an `initializer`-protected function from within another `initializer` function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new `onlyInitializing` modifier in the following way:
```diff
contract A {
- function initialize() public initializer { ... }
+ function initialize() internal onlyInitializing { ... }
}
contract B is A {
function initialize() public initializer {
A.initialize();
}
}
```
### [`v4.4.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#440-2021-11-25)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.3...v4.4.0)
- `Ownable`: add an internal `_transferOwnership(address)`. ([#2568](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2568))
- `AccessControl`: add internal `_grantRole(bytes32,address)` and `_revokeRole(bytes32,address)`. ([#2568](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2568))
- `AccessControl`: mark `_setupRole(bytes32,address)` as deprecated in favor of `_grantRole(bytes32,address)`. ([#2568](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2568))
- `AccessControlEnumerable`: hook into `_grantRole(bytes32,address)` and `_revokeRole(bytes32,address)`. ([#2946](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2946))
- `EIP712`: cache `address(this)` to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. ([#2852](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2852))
- Add internal `_setApprovalForAll` to `ERC721` and `ERC1155`. ([#2834](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2834))
- `Governor`: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. ([#2892](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2892))
- `GovernorCompatibilityBravo`: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. ([#2974](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2974))
- `GovernorSettings`: a new governor module that manages voting settings updatable through governance actions. ([#2904](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2904))
- `PaymentSplitter`: now supports ERC20 assets in addition to Ether. ([#2858](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2858))
- `ECDSA`: add a variant of `toEthSignedMessageHash` for arbitrary length message hashing. ([#2865](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2865))
- `MerkleProof`: add a `processProof` function that returns the rebuilt root hash given a leaf and a proof. ([#2841](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2841))
- `VestingWallet`: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. ([#2748](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2748))
- `Governor`: enable receiving Ether when a Timelock contract is not used. ([#2849](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2849))
- `GovernorTimelockCompound`: fix ability to use Ether stored in the Timelock contract. ([#2849](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2849))
### [`v4.3.3`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#433)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.2...v4.3.3)
- `ERC1155Supply`: Handle `totalSupply` changes by hooking into `_beforeTokenTransfer` to ensure consistency of balances and supply during `IERC1155Receiver.onERC1155Received` calls.
### [`v4.3.2`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#432-2021-09-14)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.1...v4.3.2)
- `UUPSUpgradeable`: Add modifiers to prevent `upgradeTo` and `upgradeToAndCall` being executed on any contract that is not the active ERC1967 proxy. This prevents these functions being called on implementation contracts or minimal ERC1167 clones, in particular.
### [`v4.3.1`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#431-2021-08-26)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.0...v4.3.1)
- `TimelockController`: Add additional isOperationReady check.
### [`v4.3.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#430-2021-08-17)
[Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.2.0...v4.3.0)
- `ERC2771Context`: use private variable from storage to store the forwarder address. Fixes issues where `_msgSender()` was not callable from constructors. ([#2754](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2754))
- `EnumerableSet`: add `values()` functions that returns an array containing all values in a single call. ([#2768](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2768))
- `Governor`: added a modular system of `Governor` contracts based on `GovernorAlpha` and `GovernorBravo`. ([#2672](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2672))
- Add an `interfaces` folder containing solidity interfaces to final ERCs. ([#2517](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2517))
- `ECDSA`: add `tryRecover` functions that will not throw if the signature is invalid, and will return an error flag instead. ([#2661](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2661))
- `SignatureChecker`: Reduce gas usage of the `isValidSignatureNow` function for the "signature by EOA" case. ([#2661](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2661))
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
4.2.0->4.7.3GitHub Vulnerability Alerts
CVE-2021-39167
Impact
A vulnerability in
TimelockControllerallowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open" allow anyone to use the executor role, thus leaving the timelock at risk of being taken over by an attacker.Patches
A fix is included in the following releases of
@openzeppelin/contractsand@openzeppelin/contracts-upgradeable:Deployed instances of
TimelockControllershould be replaced with a fixed version by migrating all assets, ownership, and roles.Workarounds
Revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.
References
Post-mortem.
Credits
The issue was identified by an anonymous white hat hacker through Immunefi.
For more information
If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.
CVE-2021-41264
Impact
Upgradeable contracts using
UUPSUpgradeablemay be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon.Patches
A fix is included in version 4.3.2 of
@openzeppelin/contractsand@openzeppelin/contracts-upgradeable.Workarounds
Initialize implementation contracts using
UUPSUpgradeableby invoking the initializer function (usually calledinitialize). An example is provided in the forum.References
Post-mortem.
For more information
If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.
GHSA-wmpv-c2jp-j2xg
When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the
ERC1155Supplyextension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of tokens in circulation.Impact
If a system relies on accurately reported supply, an attacker may be able to mint tokens and invoke that system after receiving the token balance but before the supply is updated.
Patches
A fix is included in version 4.3.3 of
@openzeppelin/contractsand@openzeppelin/contracts-upgradeable.Workarounds
If accurate supply is relevant, do not mint tokens to untrusted receivers.
Credits
The issue was identified and reported by @ChainSecurityAudits.
For more information
Read TotalSupply Inconsistency in ERC1155 NFT Tokens by @ChainSecurityAudits for a more detailed breakdown.
If you have any questions or comments about this advisory, email us at security@openzeppelin.com.
CVE-2022-39384
Impact
Initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call.
Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution.
Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor.
Patches
A fix is included in the version v4.4.1 of
@openzeppelin/contractsand@openzeppelin/contracts-upgradeable.Workarounds
Avoid untrusted external calls during initialization.
References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3006
Credits
This issue was identified and reported by @chaitinblockchain through our bug bounty on Immunefi.
For more information
If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.
CVE-2021-46320
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.
CVE-2022-31172
Impact
SignatureChecker.isValidSignatureNowis not expected to revert. However, an incorrect assumption about Solidity 0.8'sabi.decodeallows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected.The contracts that may be affected are those that use
SignatureCheckerto check the validity of a signature and handle invalid signatures in a way other than reverting. We believe this to be unlikely.Patches
The issue was patched in 4.7.1.
References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552
For more information
If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at security@openzeppelin.com.
CVE-2022-31170
Impact
ERC165Checker.supportsInterfaceis designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8'sabi.decodeallows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1.The contracts that may be affected are those that use
ERC165Checkerto check for support for an interface and then handle the lack of support in a way other than reverting.Patches
The issue was patched in 4.7.1.
References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552
For more information
If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at security@openzeppelin.com.
CVE-2022-35915
Impact
The target contract of an EIP-165
supportsInterfacequery can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.Patches
The issue has been fixed in v4.7.2.
References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587
For more information
If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at security@openzeppelin.com.
CVE-2022-35961
Impact
The functions
ECDSA.recoverandECDSA.tryRecoverare vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a singlebytesargument, and not the functions that taker, v, sorr, vsas separate arguments.The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection.
Patches
The issue has been patched in 4.7.3.
For more information
If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at security@openzeppelin.com.
Release Notes
OpenZeppelin/openzeppelin-contracts
### [`v4.7.3`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#473) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.7.2...v4.7.3) ##### Breaking changes - `ECDSA`: `recover(bytes32,bytes)` and `tryRecover(bytes32,bytes)` no longer accept compact signatures to prevent malleability. Compact signature support remains available using `recover(bytes32,bytes32,bytes32)` and `tryRecover(bytes32,bytes32,bytes32)`. ### [`v4.7.2`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#472) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.7.1...v4.7.2) - `LibArbitrumL2`, `CrossChainEnabledArbitrumL2`: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. ([#3578](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3578)) - `GovernorVotesQuorumFraction`: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. ([#3561](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3561)) - `ERC165Checker`: Added protection against large returndata. ([#3587](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3587)) ### [`v4.7.1`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#471) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.7.0...v4.7.1) - `SignatureChecker`: Fix an issue that causes `isValidSignatureNow` to revert when the target contract returns ill-encoded data. ([#3552](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3552)) - `ERC165Checker`: Fix an issue that causes `supportsInterface` to revert when the target contract returns ill-encoded data. ([#3552](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3552)) ### [`v4.7.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#470-2022-06-29) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.6.0...v4.7.0) - `TimelockController`: Migrate `_call` to `_execute` and allow inheritance and overriding similar to `Governor`. ([#3317](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3317)) - `CrossChainEnabledPolygonChild`: replace the `require` statement with the custom error `NotCrossChainCall`. ([#3380](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3380)) - `ERC20FlashMint`: Add customizable flash fee receiver. ([#3327](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3327)) - `ERC4626`: add an extension of `ERC20` that implements the ERC4626 Tokenized Vault Standard. ([#3171](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3171)) - `SafeERC20`: add `safePermit` as mitigation against phantom permit functions. ([#3280](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3280)) - `Math`: add a `mulDiv` function that can round the result either up or down. ([#3171](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3171)) - `Math`: Add a `sqrt` function to compute square roots of integers, rounding either up or down. ([#3242](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3242)) - `Strings`: add a new overloaded function `toHexString` that converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. ([#3403](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3403)) - `EnumerableMap`: add new `UintToUintMap` map type. ([#3338](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3338)) - `EnumerableMap`: add new `Bytes32ToUintMap` map type. ([#3416](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3416)) - `SafeCast`: add support for many more types, using procedural code generation. ([#3245](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3245)) - `MerkleProof`: add `multiProofVerify` to prove multiple values are part of a Merkle tree. ([#3276](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3276)) - `MerkleProof`: add calldata versions of the functions to avoid copying input arrays to memory and save gas. ([#3200](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3200)) - `ERC721`, `ERC1155`: simplified revert reasons. ([#3254](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3254), ([#3438](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3438))) - `ERC721`: removed redundant require statement. ([#3434](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3434)) - `PaymentSplitter`: add `releasable` getters. ([#3350](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3350)) - `Initializable`: refactored implementation of modifiers for easier understanding. ([#3450](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3450)) - `Proxies`: remove runtime check of ERC1967 storage slots. ([#3455](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3455)) ##### Breaking changes - `Initializable`: functions decorated with the modifier `reinitializer(1)` may no longer invoke each other. ### [`v4.6.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#460-2022-04-26) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.5.0...v4.6.0) - `crosschain`: Add a new set of contracts for cross-chain applications. `CrossChainEnabled` is a base contract with instantiations for several chains and bridges, and `AccessControlCrossChain` is an extension of access control that allows cross-chain operation. ([#3183](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3183)) - `AccessControl`: add a virtual `_checkRole(bytes32)` function that can be overridden to alter the `onlyRole` modifier behavior. ([#3137](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3137)) - `EnumerableMap`: add new `AddressToUintMap` map type. ([#3150](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3150)) - `EnumerableMap`: add new `Bytes32ToBytes32Map` map type. ([#3192](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3192)) - `ERC20FlashMint`: support infinite allowance when paying back a flash loan. ([#3226](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3226)) - `ERC20Wrapper`: the `decimals()` function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. ([#3259](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3259)) - `draft-ERC20Permit`: replace `immutable` with `constant` for `_PERMIT_TYPEHASH` since the `keccak256` of string literals is treated specially and the hash is evaluated at compile time. ([#3196](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3196)) - `ERC1155`: Add a `_afterTokenTransfer` hook for improved extensibility. ([#3166](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3166)) - `ERC1155URIStorage`: add a new extension that implements a `_setURI` behavior similar to ERC721's `_setTokenURI`. ([#3210](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3210)) - `DoubleEndedQueue`: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. ([#3153](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3153)) - `Governor`: improved security of `onlyGovernance` modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. ([#3147](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3147)) - `Governor`: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The `params` argument added to `_countVote` method, and included in the newly added `_getVotes` method, can be used by counting and voting modules respectively for such purposes. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) - `Governor`: rewording of revert reason for consistency. ([#3275](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3275)) - `Governor`: fix an inconsistency in data locations that could lead to invalid bytecode being produced. ([#3295](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3295)) - `Governor`: Implement `IERC721Receiver` and `IERC1155Receiver` to improve token custody by governors. ([#3230](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3230)) - `TimelockController`: Implement `IERC721Receiver` and `IERC1155Receiver` to improve token custody by timelocks. ([#3230](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3230)) - `TimelockController`: Add a separate canceller role for the ability to cancel. ([#3165](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3165)) - `Initializable`: add a reinitializer modifier that enables the initialization of new modules, added to already initialized contracts through upgradeability. ([#3232](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3232)) - `Initializable`: add an Initialized event that tracks initialized version numbers. ([#3294](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3294)) - `ERC2981`: make `royaltyInfo` public to allow super call in overrides. ([#3305](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3305)) ##### Upgradeability notice - `TimelockController`: **(Action needed)** The upgrade from <4.6 to >=4.6 introduces a new `CANCELLER_ROLE` that requires set up to be assignable. After the upgrade, only addresses with this role will have the ability to cancel. Proposers will no longer be able to cancel. Assigning cancellers can be done by an admin (including the timelock itself) once the role admin is set up. To do this, we recommend upgrading to the `TimelockControllerWith46MigrationUpgradeable` contract and then calling the `migrateTo46` function. ##### Breaking changes - `Governor`: Adds internal virtual `_getVotes` method that must be implemented; this is a breaking change for existing concrete extensions to `Governor`. To fix this on an existing voting module extension, rename `getVotes` to `_getVotes` and add a `bytes memory` argument. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) - `Governor`: Adds `params` parameter to internal virtual `_countVote` method; this is a breaking change for existing concrete extensions to `Governor`. To fix this on an existing counting module extension, add a `bytes memory` argument to `_countVote`. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) - `Governor`: Does not emit `VoteCast` event when params data is non-empty; instead emits `VoteCastWithParams` event. To fix this on an integration that consumes the `VoteCast` event, also fetch/monitor `VoteCastWithParams` events. ([#3043](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3043)) - `Votes`: The internal virtual function `_getVotingUnits` was made `view` (which was accidentally missing). Any overrides should now be updated so they are `view` as well. ### [`v4.5.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#450-2022-02-09) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.4.2...v4.5.0) - `ERC2981`: add implementation of the royalty standard, and the respective extensions for `ERC721` and `ERC1155`. ([#3012](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3012)) - `GovernorTimelockControl`: improve the `state()` function to have it reflect cases where a proposal has been canceled directly on the timelock. ([#2977](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2977)) - Preset contracts are now deprecated in favor of [Contracts Wizard](https://wizard.openzeppelin.com). ([#2986](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2986)) - `Governor`: add a relay function to help recover assets sent to a governor that is not its own executor (e.g. when using a timelock). ([#2926](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2926)) - `GovernorPreventLateQuorum`: add new module to ensure a minimum voting duration is available after the quorum is reached. ([#2973](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2973)) - `ERC721`: improved revert reason when transferring from wrong owner. ([#2975](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2975)) - `Votes`: Added a base contract for vote tracking with delegation. ([#2944](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2944)) - `ERC721Votes`: Added an extension of ERC721 enabled with vote tracking and delegation. ([#2944](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2944)) - `ERC2771Context`: use immutable storage to store the forwarder address, no longer an issue since Solidity >=0.8.8 allows reading immutable variables in the constructor. ([#2917](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2917)) - `Base64`: add a library to parse bytes into base64 strings using `encode(bytes memory)` function, and provide examples to show how to use to build URL-safe `tokenURIs`. ([#2884](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2884)) - `ERC20`: reduce allowance before triggering transfer. ([#3056](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3056)) - `ERC20`: do not update allowance on `transferFrom` when allowance is `type(uint256).max`. ([#3085](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3085)) - `ERC20`: add a `_spendAllowance` internal function. ([#3170](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3170)) - `ERC20Burnable`: do not update allowance on `burnFrom` when allowance is `type(uint256).max`. ([#3170](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3170)) - `ERC777`: do not update allowance on `transferFrom` when allowance is `type(uint256).max`. ([#3085](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3085)) - `ERC777`: add a `_spendAllowance` internal function. ([#3170](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3170)) - `SignedMath`: a new signed version of the Math library with `max`, `min`, and `average`. ([#2686](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2686)) - `SignedMath`: add an `abs(int256)` method that returns the unsigned absolute value of a signed value. ([#2984](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2984)) - `ERC1967Upgrade`: Refactor the secure upgrade to use `ERC1822` instead of the previous rollback mechanism. This reduces code complexity and attack surface with similar security guarantees. ([#3021](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3021)) - `UUPSUpgradeable`: Add `ERC1822` compliance to support the updated secure upgrade mechanism. ([#3021](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3021)) - Some more functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior. ##### Breaking changes - `ERC1967Upgrade`: The function `_upgradeToAndCallSecure` was renamed to `_upgradeToAndCallUUPS`, along with the change in security mechanism described above. - `Address`: The Solidity pragma is increased from `^0.8.0` to `^0.8.1`. This is required by the `account.code.length` syntax that replaces inline assembly. This may require users to bump their compiler version from `0.8.0` to `0.8.1` or later. Note that other parts of the code already include stricter requirements. ### [`v4.4.2`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#442-2022-01-11) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.4.1...v4.4.2) ##### Bugfixes - `GovernorCompatibilityBravo`: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. ([#3100](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3100)) ### [`v4.4.1`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#441-2021-12-14) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.4.0...v4.4.1) - `Initializable`: change the existing `initializer` modifier and add a new `onlyInitializing` modifier to prevent reentrancy risk. ([#3006](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/3006)) ##### Breaking change It is no longer possible to call an `initializer`-protected function from within another `initializer` function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new `onlyInitializing` modifier in the following way: ```diff contract A { - function initialize() public initializer { ... } + function initialize() internal onlyInitializing { ... } } contract B is A { function initialize() public initializer { A.initialize(); } } ``` ### [`v4.4.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#440-2021-11-25) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.3...v4.4.0) - `Ownable`: add an internal `_transferOwnership(address)`. ([#2568](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2568)) - `AccessControl`: add internal `_grantRole(bytes32,address)` and `_revokeRole(bytes32,address)`. ([#2568](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2568)) - `AccessControl`: mark `_setupRole(bytes32,address)` as deprecated in favor of `_grantRole(bytes32,address)`. ([#2568](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2568)) - `AccessControlEnumerable`: hook into `_grantRole(bytes32,address)` and `_revokeRole(bytes32,address)`. ([#2946](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2946)) - `EIP712`: cache `address(this)` to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. ([#2852](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2852)) - Add internal `_setApprovalForAll` to `ERC721` and `ERC1155`. ([#2834](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2834)) - `Governor`: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. ([#2892](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2892)) - `GovernorCompatibilityBravo`: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. ([#2974](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2974)) - `GovernorSettings`: a new governor module that manages voting settings updatable through governance actions. ([#2904](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2904)) - `PaymentSplitter`: now supports ERC20 assets in addition to Ether. ([#2858](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2858)) - `ECDSA`: add a variant of `toEthSignedMessageHash` for arbitrary length message hashing. ([#2865](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2865)) - `MerkleProof`: add a `processProof` function that returns the rebuilt root hash given a leaf and a proof. ([#2841](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2841)) - `VestingWallet`: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. ([#2748](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2748)) - `Governor`: enable receiving Ether when a Timelock contract is not used. ([#2849](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2849)) - `GovernorTimelockCompound`: fix ability to use Ether stored in the Timelock contract. ([#2849](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2849)) ### [`v4.3.3`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#433) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.2...v4.3.3) - `ERC1155Supply`: Handle `totalSupply` changes by hooking into `_beforeTokenTransfer` to ensure consistency of balances and supply during `IERC1155Receiver.onERC1155Received` calls. ### [`v4.3.2`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#432-2021-09-14) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.1...v4.3.2) - `UUPSUpgradeable`: Add modifiers to prevent `upgradeTo` and `upgradeToAndCall` being executed on any contract that is not the active ERC1967 proxy. This prevents these functions being called on implementation contracts or minimal ERC1167 clones, in particular. ### [`v4.3.1`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#431-2021-08-26) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.3.0...v4.3.1) - `TimelockController`: Add additional isOperationReady check. ### [`v4.3.0`](https://togithub.com/OpenZeppelin/openzeppelin-contracts/blob/HEAD/CHANGELOG.md#430-2021-08-17) [Compare Source](https://togithub.com/OpenZeppelin/openzeppelin-contracts/compare/v4.2.0...v4.3.0) - `ERC2771Context`: use private variable from storage to store the forwarder address. Fixes issues where `_msgSender()` was not callable from constructors. ([#2754](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2754)) - `EnumerableSet`: add `values()` functions that returns an array containing all values in a single call. ([#2768](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2768)) - `Governor`: added a modular system of `Governor` contracts based on `GovernorAlpha` and `GovernorBravo`. ([#2672](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2672)) - Add an `interfaces` folder containing solidity interfaces to final ERCs. ([#2517](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2517)) - `ECDSA`: add `tryRecover` functions that will not throw if the signature is invalid, and will return an error flag instead. ([#2661](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2661)) - `SignatureChecker`: Reduce gas usage of the `isValidSignatureNow` function for the "signature by EOA" case. ([#2661](https://togithub.com/OpenZeppelin/openzeppelin-contracts/pull/2661))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.