Closed code423n4 closed 3 years ago
shw
The contract NFTXDeferEligibility includes a constructor; however, according to the documentation from Openzeppelin, it shouldn't:
NFTXDeferEligibility
constructor
Due to a requirement of the proxy-based upgradeability system, no constructors can be used in upgradeable contracts.
If we deploy the NFTXDeferEligibility through the upgrades.deployProxy function (as written in the tests), we will get an error:
upgrades.deployProxy
contracts/solidity/eligibility/NFTXDeferEligibility.sol:23: Contract `NFTXDeferEligibility` has a constructor Define an initializer instead
Referenced code: NFTXDeferEligibility.sol#L23-L25
None
Remove the constructor in the contract.
Handle
shw
Vulnerability details
Impact
The contract
NFTXDeferEligibilityincludes aconstructor; however, according to the documentation from Openzeppelin, it shouldn't:If we deploy the
NFTXDeferEligibilitythrough theupgrades.deployProxyfunction (as written in the tests), we will get an error:Proof of Concept
Referenced code: NFTXDeferEligibility.sol#L23-L25
Tools Used
None
Recommended Mitigation Steps
Remove the
constructorin the contract.