Closed code423n4 closed 1 year ago
141345 marked the issue as low quality report
141345 marked the issue as primary issue
invalid, this is logic contract.
https://github.com/code-423n4/2023-07-lens-findings/issues/73 is different code place, but same issue
donosonaumczuk marked the issue as sponsor disputed
Follow NFTs are using a Beacon Proxy pattern, the initialize
function is being called through DELEGATECALL, so it's using the state of the fresh deployed FollowNFTProxy
.
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L43-L45 https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L48-L52
Vulnerability details
Impact
This function Initializes the follow NFT.
To check if a function has already been initialized use: if (_initialized) { revert Errors.Initialized(); } This condition will always end with revert Errors.Initialized(), because in the constructor, when expanding the contract, _initialized = true is set (https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L43-L45).
Tools Used
VSCode
Recommended Mitigation Steps
Set _initialized = false in constructor https://github.com/code-423n4/2023-07-lens/blob/main/contracts/FollowNFT.sol#L44
Assessed type
Context