Closed sherlock-admin2 closed 1 week ago
Little Mandarin Chameleon
Low/Info
Across the protocol, all contracts that are upgradeable are using the following import for AccessControl contract:
AccessControl.sol
EthosAttestation, EthosDiscussion EthosProfile, EthosReview, EthosVote
No response
OpenZeppelin has provided an upgradeable version of the same contract and that needs to be used here.
The same goes for any other OpenZeppelin Contract to be imported in an upgradeable contract.
Little Mandarin Chameleon
Low/Info
Non-upgradeable contracts inherited
Summary
Across the protocol, all contracts that are upgradeable are using the following import for AccessControl contract:
AccessControl.sol
Instances
EthosAttestation, EthosDiscussion EthosProfile, EthosReview, EthosVote
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
OpenZeppelin has provided an upgradeable version of the same contract and that needs to be used here.
The same goes for any other OpenZeppelin Contract to be imported in an upgradeable contract.