langnavina97
commented
3 days ago The FeeModule is being initialized in the Factory and the FeeConfig contract has the initializer modifier. @krkbaa
Open hats-bug-reporter[bot] opened 3 days ago
langnavina97
commented
3 days ago The FeeModule is being initialized in the Factory and the FeeConfig contract has the initializer modifier. @krkbaa
Github username: @krkbaa Twitter username: 0xkrkba Submission hash (on-chain): 0x85bb6985d2b4a173688a5f750c2b1a2377aa4f614a07ba47015bfe1704ef26a6 Severity: medium
Description: Description\ there is an unprotected initializer in: https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/fee/FeeModule.sol#L20-L32 2- https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/mock/upgradeability/FeeModuleV3_2.sol#L27-L39
--- initializers must be protected with modifiers.
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)