Open hats-bug-reporter[bot] opened 3 days ago
Github username: @krkbaa Twitter username: 0xkrkba Submission hash (on-chain): 0x85bb6985d2b4a173688a5f750c2b1a2377aa4f614a07ba47015bfe1704ef26a6 Severity: medium
Description: Description\ there is an unprotected initializer in: https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/fee/FeeModule.sol#L20-L32 2- https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/mock/upgradeability/FeeModuleV3_2.sol#L27-L39
--- initializers must be protected with modifiers.
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
The FeeModule is being initialized in the Factory and the FeeConfig contract has the initializer modifier. @krkbaa
Github username: @krkbaa Twitter username: 0xkrkba Submission hash (on-chain): 0x85bb6985d2b4a173688a5f750c2b1a2377aa4f614a07ba47015bfe1704ef26a6 Severity: medium
Description: Description\ there is an unprotected initializer in: https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/fee/FeeModule.sol#L20-L32 2- https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/mock/upgradeability/FeeModuleV3_2.sol#L27-L39
--- initializers must be protected with modifiers.
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)