search

code-423n4 / 2021-05-88mph-findings

0 stars 0 forks source link

Use immutable keyword #9

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

gpersoon

Vulnerability details

Impact

In EMAOracle.sol several variables are initialized once and never changed. In the comments they are notified as immutable, however the keyword immutable isn't used.

Proof of Concept

EMAOracle.sol: contract EMAOracle is IInterestOracle, Initializable { ... /* Immutable parameters / uint256 public UPDATE_INTERVAL; uint256 public UPDATE_MULTIPLIER; uint256 public ONE_MINUS_UPDATE_MULTIPLIER;

function initialize(
..
    UPDATE_INTERVAL = _updateInterval;
..
    UPDATE_MULTIPLIER = updateMultiplier;
    ONE_MINUS_UPDATE_MULTIPLIER = PRECISION - updateMultiplier;

Tools Used

Editor

Recommended Mitigation Steps

Make the variables that are only set once immutable

ZeframLou commented 3 years ago

The variables are not immutable because they are set in the initialize function, not the constructor. The constructor is not used in order to make the contract cloneable using the EIP-1167 minimal proxy standard.

ghoul-sol commented 3 years ago

@ZeframLou is correct. Closing as invalid.