CVE-2021-41264

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).

### Impact Upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon. ### Patches A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. ### Workarounds Initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). ### References [Post-mortem](https://forum.openzeppelin.com/t/uupsupgradeable-vulnerability-post-mortem/15680). ### For more information If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.

### Impact Upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon. ### Patches A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. ### Workarounds Initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). ### References [Post-mortem](https://forum.openzeppelin.com/t/uupsupgradeable-vulnerability-post-mortem/15680). ### For more information If you have any questions or comments about this advisory, or need assistance executing the mitigation, email us at security@openzeppelin.com.

OpenZeppelin Contracts es una biblioteca para el desarrollo de contratos inteligentes. En las versiones afectadas, los contratos actualizables que usan "UUPSUpgradeable" pueden ser vulnerables a un ataque que afecta a los contratos de implementación no inicializada. Se incluye una corrección en la versión 4.3.2 de "@openzeppelin/contracts" y "@openzeppelin/contracts-upgradeable". Para usuarios que no puedan actualizar; inicialice los contratos de implementación usando "UUPSUpgradeable" al invocar la función inicializadora (normalmente llamada "initialize"). Se proporciona un ejemplo [en el foro](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301)