ColaM12
commented
2 years ago Duplicate to #67
Closed code423n4 closed 2 years ago
ColaM12
commented
2 years ago Duplicate to #67
0xleastwood
commented
2 years ago In favour of selecting #242 but as this issue is from the same warden, I'll mark this as invalid.
Handle
sirhashalot
Vulnerability details
Impact
The
initialize()function in OpenLevV1.sol has a comment of "This function is not supposed to call multiple times" but it has no checks that prevent it from being called multiple times. An initialization function should only be possible to call once. One side effect of this is that the OpenLevV1.sol initializer function can overwrite the values of the addressConfig struct with the initializer, a potentially unexpected condition.Proof of Concept
The
initialize()function in OpenLevV1.sol specifically states that it should not be called multiple times, but the code does not match the intent because there are no checks that prevent the initializer from being called twice or more.Recommended Mitigation Steps
Use the initializer modifier from OpenZeppelin or a similar piece of code to validate that the
initializer()function is only callable once.