Open hats-bug-reporter[bot] opened 3 weeks ago
The current implementation allows for setting the implementation contract's constructor variables as immutable (for gas savings) and be used by the proxy. These immutable vars should v rarely be updated, in which case it would be like an upgrade to the protocol. Unless there are concrete issues with this, it's the intended effect.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xe4495010bcfd16cdb31e17485d23b4136359c097522a02693466d044fea295ca Severity: low
Description:
Issue Description
In the
USDE
contract, the constructor currently initializes thevalidator
address and calls_disableInitializers()
to prevent re-initializations. However, in a proxy-based contract, the constructor should only contain_disableInitializers()
without any other initialization logic. This is because, in a proxy deployment, any setup outside theinitialize
function might be inaccessible or function incorrectly.Currently, the constructor includes
validator
assignment, which is problematic in a proxy context, as all initialization logic should be explicitly included in theinitialize
function to be executed upon proxy deployment.Impact of the Vulnerability
Proof of Concept
The current constructor in the
USDE
contract is implemented as follows:This approach is inappropriate for a proxy-based contract, where the constructor should only contain
_disableInitializers()
.Recommendation
To mitigate these risks, it is recommended to only include
_disableInitializers()
in the constructor. All other initialization logic, such as the assignment ofvalidator
, should be moved to theinitialize
function.Example Fix:
Remove any assignment or additional logic in the constructor:
Move the initialization logic to the
initialize
function:This approach ensures that the contract is properly initialized in a proxy context and eliminates the risk of unauthorized re-initializations.
Additional Resources
For further information on
_disableInitializers()
and safe initialization practices in upgradeable contracts, refer to the OpenZeppelin documentation: OpenZeppelin Forum - _disableInitializers().