In contract USDV blockDelay is not initialized and needs to be explicitly set by calling function setParams. Otherwise, it gets a default value of 0 so flashProof is not effective unless the value is set.
Recommended Mitigation Steps
It depends on the intentions, you can initialize it in the constructor (or init function) or maybe this precaution is intended to be turned on later.
Handle
paulius.eth
Vulnerability details
Impact
In contract USDV blockDelay is not initialized and needs to be explicitly set by calling function setParams. Otherwise, it gets a default value of 0 so flashProof is not effective unless the value is set.
Recommended Mitigation Steps
It depends on the intentions, you can initialize it in the constructor (or init function) or maybe this precaution is intended to be turned on later.