Closed code423n4 closed 2 years ago
hyh
These contracts set configuration variables via initialize function without access controls, so whenever initialize is run not atomically with contract creation it can be front run by an attacker. The fix is to redeploy the contracts.
ERC20Facet https://github.com/code-423n4/2021-12-amun/blob/main/contracts/basket/contracts/facets/ERC20/ERC20Facet.sol#L16
MintableERC20 https://github.com/code-423n4/2021-12-amun/blob/main/contracts/bridge/contracts/amunBasketBridge/MintableERC20.sol#L12
PolygonERC20Wrapper https://github.com/code-423n4/2021-12-amun/blob/main/contracts/bridge/contracts/amunBasketBridge/PolygonERC20Wrapper.sol#L16
a. Either set access roles in the constructor and restrict initialize access rights
b. Or run initialize atomically along with contract construction each time
Duplicate of #185
0xleastwood
commented
2 years ago
Handle
hyh
Vulnerability details
Impact
These contracts set configuration variables via initialize function without access controls, so whenever initialize is run not atomically with contract creation it can be front run by an attacker. The fix is to redeploy the contracts.
Proof of Concept
ERC20Facet https://github.com/code-423n4/2021-12-amun/blob/main/contracts/basket/contracts/facets/ERC20/ERC20Facet.sol#L16
MintableERC20 https://github.com/code-423n4/2021-12-amun/blob/main/contracts/bridge/contracts/amunBasketBridge/MintableERC20.sol#L12
PolygonERC20Wrapper https://github.com/code-423n4/2021-12-amun/blob/main/contracts/bridge/contracts/amunBasketBridge/PolygonERC20Wrapper.sol#L16
Recommended Mitigation Steps
a. Either set access roles in the constructor and restrict initialize access rights
b. Or run initialize atomically along with contract construction each time