code-423n4 / 2023-01-biconomy-findings

7 stars 9 forks source link

SmartAccount Inherits from Initializable but the Initializable contract is not imported from openzepplin #455

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L27

Vulnerability details

Impact

This can lead to unexpected behavior regarding the upgradability of the contract or other aspects.

Proof of Concept

https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L27

Tools Used

Manual

Recommended Mitigation Steps

Consider importing @openzeppelin/contracts/proxy/utils/Initializable.sol in the SmartAccount contract.

c4-judge commented 1 year ago

gzeon-c4 marked the issue as unsatisfactory: Invalid