Closed sherlock-admin closed 1 year ago
Sm4rty
medium
Contract V2 uses a vulnerable and deprecated version of openzeppelin Library which has known
This dependency has a known high-severity vulnerability: https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTS-2320176
It is always safest to be on the newest OZ. This includes for contracts and contracts-upgradeable packages.
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/package.json#L15-L16
"@openzeppelin/contracts": "^3.4.2-solc-0.7", "@openzeppelin-4.6/contracts": "npm:@openzeppelin/contracts@^4.6.0",
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/package.json#L12
"@openzeppelin/contracts": "^4.6.0", "@openzeppelin/contracts-upgradeable": "^4.6.0"
Manual Review
Update the version of OZ libraries.
Sm4rty
medium
Use of Depreciated version of Openzeppelin Libraries
Summary
Contract V2 uses a vulnerable and deprecated version of openzeppelin Library which has known
Vulnerability Detail
This dependency has a known high-severity vulnerability: https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTS-2320176
Impact
It is always safest to be on the newest OZ. This includes for contracts and contracts-upgradeable packages.
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/package.json#L15-L16
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/package.json#L12
Tool used
Manual Review
Recommendation
Update the version of OZ libraries.