search

code-423n4 / 2022-01-openleverage-findings

0 stars 0 forks source link

initialize can be call multiple times #234

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

wuwe1

Vulnerability details

Proof of Concept

There is no check on status of initializing.

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/ControllerV1.sol#L33-L50

If deployer set admin_ to be the same address as msg.sender, then initialize can be called multiple times by calling delegateToImplementation directly.

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/ControllerDelegator.sol#L34

The same problem occurs in OpenLevV1, XOLE and LPool as well.

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/OpenLevV1.sol#L38-L56

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/OpenLevDelegator.sol#L23-L37

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/XOLE.sol#L40-L53

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/XOLEDelegator.sol#L24-L36

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/liquidity/LPool.sol#L38

Recommended Mitigation Steps

Add a variable bool initialized

Set initialized to be true in the implementation contract's initialize function

Set initialized to be false in the delegator contract's setImplementation function

ColaM12 commented 2 years ago

Duplicate to #67