search

code-423n4 / 2022-01-insure-findings

2 stars 0 forks source link

pool can't be initialized #48

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

danb

Vulnerability details

https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L157

initialize requires initialize to be false, but it's set in the constructor to true.

oishun1112 commented 2 years ago

https://github.com/code-423n4/2022-01-insure/blob/main/test/unitary/PoolTemplate/pool.test.js#L745-L756

Create market is successfully done in the test. For all Pool/Index/CDSTemplates, two ways of deployment process is taken.

  1. Simply, deploy This way, constructor set initialized to true. initialize() cannot be executed and this is ok since this contract is used as original of future clones.

  2. deploy from Factory.sol This creates a contract that delegate-calls to the Pool/Index/CDSTemplate. From the test, you can see initialize() is executed successfully since the created contracts can only have the default value of the type (bool's default is false)

0xean commented 2 years ago

Lowering to non-critical as this could me made much clearer with some comments and can be thought of as a code clarity issue.