GMS-2021-26: Initializer reentrancy may lead to double initialization

December 14, 2021

Initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed.

References

github.com/OpenZeppelin/openzeppelin-contracts/pull/3006
github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9c22-pwxw-p6hx
github.com/advisories/GHSA-9c22-pwxw-p6hx

Code Behaviors & Features

Detect and mitigate GMS-2021-26 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →