c4-pre-sort
commented
1 year ago 141345 marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 141345 marked the issue as low quality report
c4-pre-sort
commented
1 year ago 141345 marked the issue as primary issue
141345
commented
1 year ago invalid, this is logic contract.
https://github.com/code-423n4/2023-07-lens-findings/issues/73 is different code place, but same issue
c4-sponsor
commented
1 year ago donosonaumczuk marked the issue as sponsor disputed
donosonaumczuk
commented
1 year ago Follow NFTs are using a Beacon Proxy pattern, the initialize function is being called through DELEGATECALL, so it's using the state of the fresh deployed FollowNFTProxy.
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L43-L45 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L48-L52
Vulnerability details
Impact
This function Initializes the follow NFT.
To check if a function has already been initialized use: if (_initialized) { revert Errors.Initialized(); } This condition will always end with revert Errors.Initialized(), because in the constructor, when expanding the contract, _initialized = true is set (https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L43-L45).
Tools Used
VSCode
Recommended Mitigation Steps
Set _initialized = false in constructor https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L44
Assessed type
Context