SamSteinGG
commented
3 years ago As the finding indicates, the DAO would need to maliciously vote to reset these variables and as such this finding is not of medium risk.
Open code423n4 opened 3 years ago
SamSteinGG
commented
3 years ago As the finding indicates, the DAO would need to maliciously vote to reset these variables and as such this finding is not of medium risk.
alcueca
commented
2 years ago Agree with sponsor.
Handle
pauliax
Vulnerability details
Impact
These functions do not check if the contract is already initialized or not, only if the new values are not empty. It transfers the ownership to the new gov but does not forbid calling this function again later. I am not entirely sure about the intentions here, maybe this is intentional but usually "init" keyword indicates that it is expected to be called only once. It does not cause any serious risk to the protocol itself but increases the reliance on the fairness of the governance and decreases trust from users because an ability to override the 'nativeAsset' or 'router' doesn't sound fair unless this is clearly mentioned somewhere.
Recommended Mitigation Steps
Depends on the intentions but my suggestion is to either forbid initializing it again or rename the function to avoid confusion.