talegift
commented
2 years ago The reason for not using a constructor is the user of the transparent proxy pattern. It's simply not possible.
LendingPair contracts are created in a single atomic transaction inside of the PairFactory which performs the initialization during the pair creation.
Duplicate of #24
ghoul-sol
Handle
tensors
Vulnerability details
Impact
Throughout the code constructors are forgone for initialization functions instead. This can lead to increased gas costs, griefing/frontrunning and in the worst case they lead to hacks simply because the protocol developers forget to initialize them. This has happened on multiple occasions.
If everything is done through the PairFactory.sol then this isn't a problem, but there's no reason not to use a constructor.
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L74
Recommendations
Consider using constructors instead. If not, make sure to not forget to initialize the contract / use the factory.