Open code423n4 opened 2 years ago
ritik99
commented
2 years ago Cases of frontrunning initialize are easy to identify since they're only callable once. As mentioned by the warden, the only real issue would be the cost of redeployment. Hence the (0) non-critical label is apt
0xean
commented
2 years ago Upgrading to low-risk as this is really a state handling issue for the deployment
1 — Low: Low: Assets are not at risk. State handling, function incorrect as to spec, issues with comments.
Handle
WatchPug
Vulnerability details
The initializer function that initializes important contract state can be called by anyone.
Impact
The attacker can initialize the contract before the legitimate deployer, hoping that the victim continues to use the same contract.
In the best case for the victim, they notice it and have to redeploy their contract costing gas.
Recommendation
Use the constructor to initialize non-proxied contracts.
For initializing proxy contracts deploy contracts using a factory contract that immediately calls initialize after deployment or make sure to call it immediately after deployment and verify the transaction succeeded.
https://github.com/code-423n4/2021-12-sublime/blob/9df1b7c4247f8631647c7627a8da9bdc16db8b11/contracts/Pool/PoolFactory.sol#L188-L215