Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Usage of SafeERC20 makes contract not upgrade-safe

See original GitHub issue

SafeERC20 from the Openzepelin contracts is a very popular Lib. However, using it in an upgradable contracts makes them non upgrade-safe according to the plugin.

More specifically, the following error is thrown

Error: Contract `Contract` is not upgrade safe
@openzeppelin/contracts/utils/Address.sol:185: Use of delegatecall is not allowed
    https://zpl.in/upgrades/error-002

At the moment I’m ignoring that error by setting

unsafeAllow: ['delegatecall']

However, this is unclear whether it will cause issues or not.

Would it be possible to clarify this point. SafeERC20 is a very popular lib so I believe many users will experience this issue.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:6 (3 by maintainers)

Top GitHub Comments

8reactions

Amxxcommented, Nov 6, 2021

Hello @ppoliani

SafeERC20, found in the @openzeppelin/contracts repository, does depend on Address, which contains non-upgrade-safe functions. Due to current limitations, we are not able to clearly identity which function in library are called, and if they are upgrade-safe… Thus making the SafeERC20 flagged as potentially upgrade-unsafe.

A good option for you would be to use SafeERC20Upgradeable from the @openzeppelin/contracts-upgradeable repository. This version depends on AddressUpgradeable which is upgrade-safe.

0reactions

frangiocommented, Sep 2, 2022

@jmendiola222 Issue https://github.com/OpenZeppelin/openzeppelin-upgrades/issues/240 is what would fix this problem.