c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as duplicate of #203
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-04-eigenlayer/blob/5e4872358cd2bda1936c29f460ece2308af4def6/src/contracts/core/StrategyManager.sol#L35-L42
Vulnerability details
Impact
Due to a requirement of the proxy-based upgradeability system, no constructors can be used in upgradeable contracts. State variables are initialized in an upgradeable contract https://github.com/code-423n4/2023-04-eigenlayer/blob/5e4872358cd2bda1936c29f460ece2308af4def6/src/contracts/core/StrategyManager.sol#L129
Proof of Concept
See https://docs.openzeppelin.com/upgrades-plugins/1.x/writing -upgradeable#avoid-initial-values-in-field-declarations
Tools Used
Recommended Mitigation Steps
Make sure that all initial values are set in an initializer function.
Assessed type
Upgradable