search

code-423n4 / 2021-11-vader-findings

0 stars 0 forks source link

Unused imported contract in xVader #269

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

hack3r-0m

Vulnerability details

https://github.com/code-423n4/2021-11-vader/blob/main/contracts/x-vader/XVader.sol#L5

imports ERC20Votes.sol and inherits from it, but the constructor uses ERC20Permit ( https://github.com/code-423n4/2021-11-vader/blob/main/contracts/x-vader/XVader.sol#L18 )

so import can be changed to ERC20Permit.

0xstormtrooper commented 2 years ago

XVader needs to be ERC20Vote to have voting capabilities.

ERC20Permit has an constructor to set name. ERC20Vote doesnt. We need to call ERC20Permit to initialize name

alcueca commented 2 years ago

But you are also calling the ERC20 constructor to set the name. Aren't you setting the name twice? @SamSteinGG?

SamSteinGG commented 2 years ago

@alcueca the name utilized in ERC-20 permit is for the EIP-712 signature domain which is distinct from the ERC20 name and symbol.