`CompoundVeFNXManagedNFTStrategyFactoryUpgradeable` cannot be initialized

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa841fe85cd8f0fa727627aeebab2141eea4c3e3f1c9bf8212bda443667ff7687 Severity: medium

Description: Description\ The CompoundVeFNXManagedNFTStrategyFactoryUpgradeable contract is designed to be an upgradeable contract. However, it is missing the import and inheritance of the Initializable contract from OpenZeppelin. The Initializable contract is crucial for upgradeable contracts as it provides the initializer modifier, which ensures that the initialization function can only be called once.

Attack Scenario\ Without importing and inheriting the Initializable contract, the initializer modifier used in the initialize function will not be recognized, leading to potential issues with the initialization process. This can result in the contract being improperly initialized, which can have severe consequences for the security and functionality of the contract.

Attachments

1. Proof of Concept (PoC) File

   https://github.com/Satsyxbt/Fenix/blob/353c8e8e24454336e805e5c0e11e4e9ae1491d03/contracts/nest/CompoundVeFNXManagedNFTStrategyFactoryUpgradeable.sol

2. Revised Code File (Optional)

3. Import the Initializable contract:

   import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";

4. Inherit the Initializable contract:

   contract CompoundVeFNXManagedNFTStrategyFactoryUpgradeable is
      ICompoundVeFNXManagedNFTStrategyFactory,
      BlastGovernorClaimableSetup,
      AccessControlUpgradeable,
      Initializable // Add this inheritance
   {

   By making these changes, the contract will correctly utilize the Initializable contract, ensuring proper initialization functionality for upgradeable contracts.

[0xmahdirostami]

Initializable contract is already inherited by the AccessControlUpgradeable contract