The bool initialized gets packed with address variable underlying (boolean is internally uint8 and address is 20 bytes, both of which fit in a 32B slot) and requires extra bytecode for masking whenever underlying is used while initialized is used rarely and only inside the initialize() function.
Handle
0xRajeev
Vulnerability details
Impact
The bool
initialized
gets packed with address variableunderlying
(boolean is internally uint8 and address is 20 bytes, both of which fit in a 32B slot) and requires extra bytecode for masking whenever underlying is used whileinitialized
is used rarely and only inside the initialize() function.Proof of Concept
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LPTokenMaster.sol#L21-L25
Tools Used
Manual Analysis
Recommended Mitigation Steps
Move declaration of bool
initialized
to after stringsymbol
.