Hi @spalladino
Thanks for describing this and Raymond as well for finding it.
Quick question.
You mention this:
Given an UUPS implementation contract, an attacker can initialize it and appoint themselves as upgrade administrators
Yes, anyone can call initialize, but how can they appoint themselves as upgrade administrators ? probably, _authorizeUpgrade will have a check who can update and who can't and if this decision doesn't come into play in the initialize function, then they won't be able to call it. Does that make sense ?
Thanks a lot.