Closed c4-bot-2 closed 2 months ago
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/PanopticFactory.sol#L134-L139
There is no access control, so mev bot can manipulate s_owner address and become address of PanopticFactory contract
s_owner
PanopticFactory
function initialize(address _owner) public { if (!s_initialized) { s_owner = _owner; s_initialized = true; } }
Manual code review
Add access control or call it in constructor
constructor
MEV
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/PanopticFactory.sol#L134-L139
Vulnerability details
Impact
There is no access control, so mev bot can manipulate
s_owner
address and become address ofPanopticFactory
contractProof of Concept
Tools Used
Manual code review
Recommended Mitigation Steps
Add access control or call it in
constructor
Assessed type
MEV