in The _resetTmpMarketParameters function is an internal function, which means it can only be called from within the WildcatMarketController contract itself. If a child contract inherits from WildcatMarketController and calls _resetTmpMarketParameters before _tmpMarketParameters is initialized, it could indeed lead to unexpected behavior.
The _resetTmpMarketParameters() function resets the _tmpMarketParameters struct to its default state. If a child contract calls this function before _tmpMarketParameters is initialized, it will overwrite the _tmpMarketParameters struct with the default values, which could disrupt the logic of the parent contract.
Proof of Concept
Attack Vector:
A child contract inherits from the WildcatMarketController contract.
The child contract calls the _resetTmpMarketParameters() function before the _tmpMarketParameters state variable is initialized.
This call to _resetTmpMarketParameters() overwrites the _tmpMarketParameters struct with the default values.
The parent contract then uses the _tmpMarketParameters struct in its operations, leading to unexpected behavior
Tools Used
manual review
Recommended Mitigation Steps
ensure that _tmpMarketParameters is always properly initialized before it's used.
Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatMarketController.sol#L255-L268
Vulnerability details
Impact
in The _resetTmpMarketParameters function is an internal function, which means it can only be called from within the WildcatMarketController contract itself. If a child contract inherits from WildcatMarketController and calls _resetTmpMarketParameters before _tmpMarketParameters is initialized, it could indeed lead to unexpected behavior. The _resetTmpMarketParameters() function resets the _tmpMarketParameters struct to its default state. If a child contract calls this function before _tmpMarketParameters is initialized, it will overwrite the _tmpMarketParameters struct with the default values, which could disrupt the logic of the parent contract.
Proof of Concept
Attack Vector:
Tools Used
manual review
Recommended Mitigation Steps
ensure that _tmpMarketParameters is always properly initialized before it's used.
Assessed type
Other