bareli - Not all imported contracts are upgradable.

[sherlock-admin3]

bareli

medium

Not all imported contracts are upgradable.

Summary

Not all imported contracts are upgradable.

Vulnerability Detail

@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/utils/Address.sol"; import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

Impact

contracts/token/ERC20/IERC20.sol is not an upgradable contract. import "@openzeppelin/contracts/utils/Address.sol" is not an upgradable contract.

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_S mart.sol#L7

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L8

Tool used

Manual Review

Recommendation

use @openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol instead of @openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol " instead of @openzeppelin/contracts/utils/Address.sol. import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol " instead of "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

[nevillehuang]

Invalid, interfaces imported need not be upgradeable