Uninitialized State Variables

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatMarketController.sol#L255-L268

Vulnerability details

Impact

in The _resetTmpMarketParameters function is an internal function, which means it can only be called from within the WildcatMarketController contract itself. If a child contract inherits from WildcatMarketController and calls _resetTmpMarketParameters before _tmpMarketParameters is initialized, it could indeed lead to unexpected behavior. The _resetTmpMarketParameters() function resets the _tmpMarketParameters struct to its default state. If a child contract calls this function before _tmpMarketParameters is initialized, it will overwrite the _tmpMarketParameters struct with the default values, which could disrupt the logic of the parent contract.

Proof of Concept

Attack Vector:

• A child contract inherits from the WildcatMarketController contract.
• The child contract calls the _resetTmpMarketParameters() function before the _tmpMarketParameters state variable is initialized.
• This call to _resetTmpMarketParameters() overwrites the _tmpMarketParameters struct with the default values.
• The parent contract then uses the _tmpMarketParameters struct in its operations, leading to unexpected behavior

Tools Used

manual review

Recommended Mitigation Steps

ensure that _tmpMarketParameters is always properly initialized before it's used.

Assessed type

Other

[c4-pre-sort]

minhquanym marked the issue as low quality report

[minhquanym]

QA

[c4-judge]

MarioPoneder marked the issue as unsatisfactory: Insufficient quality