Constructors of upgradeable contracts will not run / initialize

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xfe25a0c906257e4d19f35ede55b581b83d2a1dab4db90ac651fdcffa0cae5626 Severity: medium

Description:

Impact

Meta-transactions will remain unsupported in the affected contracts, unexpected functionality

Description

The below contracts use a proxy standard and intended to be upgradeable, however they use a constructor() and constructor arguments which will not execute.

• ModuleFactory_v1.sol
• Orchestrator_v1.sol
• ModuleManagerBase_v1.sol
• Module_v1.sol

These contracts mostly intend to pass the _trustedForwarder to support ERC2771 meta-transactions in the constructors, however because the constructor bytecode is never executed they will not initialize the ERC2771Context contract, therefore not support meta-transactions.

From Openzeppelin's Proxy documentation:

In Solidity, code that is inside a constructor or part of a global variable declaration is not part of a deployed contract’s runtime bytecode. This code is executed only once, when the contract instance is deployed. As a consequence of this, the code within a logic contract’s constructor will never be executed in the context of the proxy’s state. To rephrase, proxies are completely oblivious to the storage trie changes that are performed by the constructor. It’s simply as if they weren’t there for the proxy. (Note that immutable variables can be reflected in a proxy contract but should be used with caution.)

Recommendation

Consider to move ERC2771Context initialization to the init() function of the above mentioned contracts.

[0xmahdirostami]

_trustedForwarder is immutable.