search

hats-finance / Euro-Dollar-0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd

Audit competition repository for Euro-Dollar (0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd)
https://hats.finance
MIT License
3 stars 2 forks source link

Upgradeable contract not initialized #11

Open hats-bug-reporter[bot] opened 3 weeks ago

hats-bug-reporter[bot] commented 3 weeks ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x315dfb2fb8554c58ecec1d74ffae951070be39a601b3437de3771055dede0184 Severity: low

Description: Description\ Upgradeable contracts are initialized via an initializer function rather than by a constructor. Leaving such a contract uninitialized may lead to it being taken over by a malicious user

Instances (43):

File: InvestToken.sol

5: import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";

6: import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";

7: import {ERC20PausableUpgradeable} from

8:     "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PausableUpgradeable.sol";

9: import {ERC20PermitUpgradeable} from

10:     "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PermitUpgradeable.sol";

11: import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";

12: import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";

25:     ERC20Upgradeable,

26:     ERC20PausableUpgradeable,

27:     ERC20PermitUpgradeable,

29:     AccessControlUpgradeable,

30:     UUPSUpgradeable

69:         _disableInitializers();

76:     function initialize(

83:         initializer

85:         __ERC20_init(_name, _symbol);

86:         __ERC20Pausable_init();

87:         __ERC20Permit_init(_name);

88:         __AccessControl_init();

89:         __UUPSUpgradeable_init();

110:         override(ERC20Upgradeable, ERC20PausableUpgradeable)

File: USDE.sol

5: import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";

6: import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";

7: import {ERC20PausableUpgradeable} from

8:     "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PausableUpgradeable.sol";

9: import {ERC20PermitUpgradeable} from

10:     "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PermitUpgradeable.sol";

11: import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";

12: import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";

22:     ERC20Upgradeable,

23:     ERC20PausableUpgradeable,

24:     ERC20PermitUpgradeable,

25:     AccessControlUpgradeable,

26:     UUPSUpgradeable

56:         _disableInitializers();

63:     function initialize(address _initialOwner) public initializer {

64:         __ERC20_init("EuroDollar", "USDE");

65:         __ERC20Pausable_init();

66:         __ERC20Permit_init("EuroDollar");

67:         __AccessControl_init();

68:         __UUPSUpgradeable_init();

87:         override(ERC20Upgradeable, ERC20PausableUpgradeable)
AndreiMVP commented 3 weeks ago

Not sure what the issue is; initialize() is there, no?