Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add support for OpenZeppelin UUPSUpgradeable reinitializer function #874

Merged
merged 10 commits into from
Mar 27, 2025
Merged

fix: Add support for OpenZeppelin UUPSUpgradeable reinitializer function #874

merged 10 commits into from
Mar 27, 2025

Conversation

sumitvekariya
Copy link
Contributor

Description

This PR fixes issue #836, where Aderyn was generating false positives for the "Unprotected Initializer" detector when analyzing contracts that use OpenZeppelin's UUPSUpgradeable reinitializer(n) modifier.

The detector is now enhanced to recognize both initializer and reinitializer modifiers as adequate protection for initialization functions, thus reducing false positives.

Changes

  • Modified the UnprotectedInitializerDetector to check for modifiers whose names start with "reinitializer", in addition to the existing check for the "initializer" modifier.
  • Added a test contract (ReinitializerTest.sol) with both protected and unprotected initializer functions to validate the changes.
  • Added a test case to ensure the fix works correctly.

Testing

The changes have been tested with:

  • A new test case specifically for the reinitializer modifier
  • The existing test case for the initializer modifier
  • The full test suite to ensure no regressions

Related Issue

Fixes: #836

@sumitvekariya sumitvekariya requested a review from alexroan as a code owner March 27, 2025 07:38
@TilakMaddy TilakMaddy force-pushed the fix/unprotected-initializer-reinitializer-support branch from 29dd85b to 27e196b Compare March 27, 2025 08:56
@TilakMaddy
Copy link
Contributor

LGTM

@TilakMaddy TilakMaddy merged commit 90c470d into Cyfrin:dev Mar 27, 2025
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TilakMaddy TilakMaddy TilakMaddy left review comments

@alexroan alexroan Awaiting requested review from alexroan alexroan is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OpenZeppelin UUPSUpgradeable reinitializer function triggers Unprotected Initializer
2 participants
@sumitvekariya @TilakMaddy