Closed sherlock-admin closed 2 years ago
GalloDaSballo
low
Initializer can be front-run setting the caller to the owner.
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/ContractWhitelist.sol#L25-L26
function initialize() public initializer {
Manual Review
It may be worth creating a constructor to set the only caller for initialize, or simply make sure you're the first one calling it
initialize
GalloDaSballo
low
L-02 Frontrun of initializers
Summary
Initializer can be front-run setting the caller to the owner.
Vulnerability Detail
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/ContractWhitelist.sol#L25-L26
Impact
Code Snippet
Tool used
Manual Review
Recommendation
It may be worth creating a constructor to set the only caller for
initialize, or simply make sure you're the first one calling it