The absence of an initializer in the initializeAMMPool function poses a moderate risk to the stability and integrity of the contract. Without proper initialization control, there is a potential for re-initialization issues, which could compromise the functionality and security of the contract.
Proof of Concept
Add this function in SemiFungiblePositionManager.t.sol
function test_Success_initializeAMMPool_multipleInitialize(uint256 x) public {
_initPool(x);
_initPool(x);
}
Output
Ran 1 test for test/foundry/core/SemiFungiblePositionManager.t.sol:SemiFungiblePositionManagerTest
[PASS] test_Success_initializeAMMPool_multipleInitialize(uint256) (runs: 2, μ: 1823079, ~: 1823079)
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L350-L391
Vulnerability details
Impact
The absence of an initializer in the
initializeAMMPool
function poses a moderate risk to the stability and integrity of the contract. Without proper initialization control, there is a potential for re-initialization issues, which could compromise the functionality and security of the contract.Proof of Concept
Add this function in SemiFungiblePositionManager.t.sol
Output
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L350-L391
Tools Used
Code review
Recommended Mitigation Steps
Add initializer modifier from openzeppeline library or use mutex to change value from false to true
Assessed type
Invalid Validation