search

code-423n4 / 2022-04-phuture-findings

0 stars 0 forks source link

QA Report #8

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

1. Low - factory address never set

Impact

The factory state variable is never set in ManagedIndex and TopNMarketCapIndex. This will cause the initialize function to be uncalled unless the zero address calls the function, which is not possible for the Phuture Finance team to do.

Proof of Concept

These line checks if the caller of the initialize function is the factory address https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L28 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TopNMarketCapIndex.sol#L45 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndex.sol#L30

But the factory address is never set before it is referenced, so it will have a value of address(0). The factory address state variable is imported from the BaseIndex contract, but the value of this state variable is not borrowed from importing the contract.

Tools Used

Manual analysis

Recommended Mitigation Steps

Set the value of the factory state variable in the constructor of ManagedIndex

2. Low - Missing initializer modifier

Impact

The ManagedIndex initializer function does not have an initializer modifier. This could allow the function to be called more than once y the factory contract, unexpectedly changing important state variable values.

Proof of Concept

These initialize functions should have the initializer modifier, like the other initialize functions in the project have https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L27 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TopNMarketCapIndex.sol#L37 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndex.sol#L25

Tools Used

Manual analysis

Recommended Mitigation Steps

Add the initializer modifier to all initialize functions

moose-code commented 2 years ago

1 - It is set e.g .https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L19

moose-code commented 2 years ago

2- Hard to tell because I can't see factory source code, only IIndexFactory.sol - I imagine its possibly intended behavior that the factory can reinitialize things if needed? If the factory is upgradeable it can be an issue. Worth flagging.