Transpile 85c278b

Author: github-actions[bot]

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 4.3.2 (2021-09-14)
+
+ * `UUPSUpgradeable`: Add modifiers to prevent `upgradeTo` and `upgradeToAndCall` being executed on any contract that is not the active ERC1967 proxy. This prevents these functions being called on implementation contracts or minimal ERC1167 clones, in particular.
+
 ## 4.3.1 (2021-08-26)
 
  * `TimelockController`: Add additional isOperationReady check.

contracts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@openzeppelin/contracts-upgradeable",
   "description": "Secure Smart Contract library for Solidity",
-  "version": "4.3.1",
+  "version": "4.3.2",
   "files": [
     "**/*.sol",
     "/build/contracts/*.json",

contracts/proxy/utils/UUPSUpgradeable.sol

@@ -25,16 +25,32 @@ abstract contract UUPSUpgradeable is Initializable, ERC1967UpgradeUpgradeable {
 
     function __UUPSUpgradeable_init_unchained() internal initializer {
     }
+    /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
+    address private immutable __self = address(this);
+
+    /**
+     * @dev Check that the execution is being performed through a delegatecall call and that the execution context is
+     * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
+     * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
+     * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
+     * fail.
+     */
+    modifier onlyProxy() {
+        require(address(this) != __self, "Function must be called through delegatecall");
+        require(_getImplementation() == __self, "Function must be called through active proxy");
+        _;
+    }
+
     /**
      * @dev Upgrade the implementation of the proxy to `newImplementation`.
      *
      * Calls {_authorizeUpgrade}.
      *
      * Emits an {Upgraded} event.
      */
-    function upgradeTo(address newImplementation) external virtual {
+    function upgradeTo(address newImplementation) external virtual onlyProxy {
         _authorizeUpgrade(newImplementation);
-        _upgradeToAndCallSecure(newImplementation, bytes(""), false);
+        _upgradeToAndCallSecure(newImplementation, new bytes(0), false);
     }
 
     /**
@@ -45,7 +61,7 @@ abstract contract UUPSUpgradeable is Initializable, ERC1967UpgradeUpgradeable {
      *
      * Emits an {Upgraded} event.
      */
-    function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual {
+    function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual onlyProxy {
         _authorizeUpgrade(newImplementation);
         _upgradeToAndCallSecure(newImplementation, data, true);
     }

package-lock.json

@@ -2,7 +2,7 @@
   "private": true,
   "name": "openzeppelin-solidity",
   "description": "Secure Smart Contract library for Solidity",
-  "version": "4.3.1",
+  "version": "4.3.2",
   "files": [
     "/contracts/**/*.sol",
     "/build/contracts/*.json",

package.json

@@ -0,0 +1,16 @@
+diff --git a/contracts/proxy/utils/UUPSUpgradeable.sol b/contracts/proxy/utils/UUPSUpgradeable.sol
+index a9568729..860e66d7 100644
+--- a/contracts/proxy/utils/UUPSUpgradeable.sol
++++ b/contracts/proxy/utils/UUPSUpgradeable.sol
+@@ -24,10 +24,9 @@ abstract contract UUPSUpgradeable is Initializable, ERC1967UpgradeUpgradeable {
+     }
+ 
+     function __UUPSUpgradeable_init_unchained() internal initializer {
+-        __self = address(this);
+     }
+     /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
+-    address private __self;
++    address private immutable __self = address(this);
+ 
+     /**
+      * @dev Check that the execution is being performed through a delegatecall call and that the execution context is