search

code-423n4 / 2022-01-openleverage-findings

0 stars 0 forks source link

the initialize function should be a constructor #262

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

rfa

Vulnerability details

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/XOLE.sol#L34-L53 the comment said it expected to not be called multiple time. but nothing is prevent it to called multiple time. i think, instead of using initialize function, just put them all in the constructor which is currently empty

Recommended Mitigation Steps

put them in constructor

ColaM12 commented 2 years ago

Not see any risk of this. Recommend severity 0 (Non-critical)

0xleastwood commented 2 years ago

Duplicate of #67

initialize function is necessary for proxy deployments.