ramenforbreakfast
commented
2 years ago First claim is duplicate of #4 Second claim is duplicate of #14
Open code423n4 opened 2 years ago
ramenforbreakfast
commented
2 years ago First claim is duplicate of #4 Second claim is duplicate of #14
initialize() can be frontrun
The
initialize()function of the deployed contracts isn't called within the same transaction according to the deployment scripts. Thus, someone could frontrun the initialize call forcing you to redeploy.PrePOMarketFactory doesn't initialize ReentrancyGuardUpgradeable
The
PrePOMarketFactory.initialize()function doesn't initializeReentrancyGuardUpgradeable.https://github.com/code-423n4/2022-03-prepo/blob/main/contracts/core/PrePOMarketFactory.sol#L21
Add
__ReentrancyGuard_init_unchained();