upgrade-cairo-contracts
Warn
Audited by Snyk on Mar 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about performing on-chain upgrades of Cairo smart contracts on Starknet. It documents integration with OpenZeppelin's UpgradeableComponent which wraps the native Starknet syscall replace_class_syscall to atomically replace a contract's class hash. That is a blockchain-specific, on-chain transaction capability (crypto/blockchain operation) that can change contract code controlling assets. This is a specific blockchain operation (not a generic browser/API tool), so it meets the "Direct Financial Execution" criterion.
Audit Metadata