The SherXERC20.initializeSherXERC20 function has initialize in its name which indicates that it should only be called once to initialize the storage. But it can be repeatedly called to overwrite and update the ERC20 name and symbol.
Recommendation
Consider an initializer modifier or reverting if name or symbol is already set.
Handle
cmichel
Vulnerability details
The
SherXERC20.initializeSherXERC20function hasinitializein its name which indicates that it should only be called once to initialize the storage. But it can be repeatedly called to overwrite and update the ERC20 name and symbol.Recommendation
Consider an
initializermodifier or reverting ifnameorsymbolis already set.