Open hats-bug-reporter[bot] opened 11 months ago
true, but what __Pausable_init
does is to set the variable to false, which is already set to false.
and it does not expose any attack vector for protocol fund
@bunbuntigery This is not an issue, It is correctly described by @seongyun-ko
Github username: -- Submission hash (on-chain): 0x1274cbca355a783ecb5177b1555e86a7e05e99e7f0b918f595d14154a3b73e80 Severity: low
Description: Description
PausableUpgradeable is not initialized in EtherFiOracle.sol. In other words,
__Pausable_init();
is not called in the initialize function.Attack Scenario
A similar issue is found in the OpenZeppelin forum.
https://forum.openzeppelin.com/t/defender-pausableupgradeable/7148/3
Documentation also state that Upgradeable Contracts should be initialized.
https://docs.openzeppelin.com/contracts/4.x/upgradeable#usage
Attachments
Add __Pausable_init() to the initialization.
https://github.com/hats-finance/ether-fi-0x36c3b77853dec9c4a237a692623293223d4b9bc4/blob/180c708dc7cb3214d68ea9726f1999f67c3551c9/src/EtherFiOracle.sol#L55-L60
How other contracts does it:
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumPlayer.sol#L16-L23