Hi everyone,
I've been using the Openzeppelin contracts upgradeable in my project and today I decided to run the slither tool to check how is it going. Well ... apparently it isn't very good. But I can't understand where is the real problem (or if it's a false positive), so I'm in need of your help.
The detector says:
CalculatorUpgradeable (contracts/Calculator.sol#13-59) is an upgradeable contract that does not protect its initiliaze functions: CalculatorUpgradeable.initialize() (contracts/Calculator.sol#31-33). Anyone can delete the contract with: UUPSUpgradeable.upgradeTo(address) (node_modules/@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol#72-75)UUPSUpgradeable.upgradeToAndCall(address,bytes) (node_modules/@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol#85-88)
What does it mean by "does not protect its initiliaze functions"? The initialize function has the onlyOwner modifier.
On the documentation, it recommends to add a constructor to ensure "initialize" cannot be called on the logic contract. Sorry but I didn't get the idea 
Here is the code of the contract caught by this detector:
// SPDX-License-Identifier: MIT
pragma solidity >=0.4.22 <0.9.0;
import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
contract CalculatorUpgradeable is Initializable, OwnableUpgradeable, UUPSUpgradeable {
function initialize() external initializer onlyOwner {
__Ownable_init();
}
function calcPercentage(uint256 amount, uint256 percentage)
external
pure
returns (uint256)
{
return (amount * percentage * 100) / 10000;
}
function _authorizeUpgrade(address newImplementation)
internal
override
onlyOwner
{}
}
Thanks a lot for any clarification,