JasoonS
commented
1 year ago This is just simply wrong. We call the initializer in the constructor so that no-one can initialize the implementations again.
All contracts use proxies.
See the fix to your snippet:
The other contracts in that file also need to use a proxy.
obront
high
Pools cannot be initialized because of incorrectly used initializer modifier
Summary
The
MarketExtended.sol:initializePools()function is called as adelegatecallfrom MarketCore.sol. This function has aninitializermodifier, but MarketCore.sol will have already run a function with aninitializermodifier. The result is that this function cannot be called, and pools cannot be initialized.Vulnerability Detail
The
initializermodifier from OpenZeppelin only allows a function to be called once, and then writes the storage variable_initialized = trueto ensure it is not called again.Because the
initializePools()function is called as adelegatecallfrom MarketCore.sol, it will operate on the storage of the calling contract. This storage already has an_initializedvariable, which will have been set totrueby theinitializermodifier on MarketCore.sol's constructor.Here is a Gist with a copy & paste Forge test that can be used to verify the error.
Impact
The
initializePools()function is required for the market to operate. Without this function being called, no market will be able to add an admin, setup roles, connect to an oracle, set a liquidity manager, set maxPercentChange or set latestExecutedEpochIndex correctly to begin operating.Code Snippet
https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L677-L689
https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketExtended.sol#L23
Tool used
Manual Review, Foundry
Recommendation
Remove the
initializermodifier from the constructor in MarketCore.sol.