Udsen - MISSING CALLS TO __REENTRANCYGUARD_INIT FUNCTIONS OF INHERITED CONTRACTS

[github-actions[bot]]

Udsen

false

MISSING CALLS TO __REENTRANCYGUARD_INIT FUNCTIONS OF INHERITED CONTRACTS

Summary

SoftVault.sol and HardVault.sol contracts are Upgradeable contracts and hence their implementations require the use of initialize() functions instead of constructors. This requires derived contracts to call the corresponding init functions of their inherited base contracts.

Vulnerability Detail

ReentrancyGuardUpgradeable is inherited as base contract but Missing call to __ReentrancyGuard_init in the initialize() function.

Impact

The inherited base classes do not get initialized which may lead to undefined behavior.

Code Snippet

    function initialize(
        IProtocolConfig _config,
        ICErc20 _cToken,
        string memory _name,
        string memory _symbol
    ) external initializer {
        __ERC20_init(_name, _symbol);
        __Ownable_init();
       ...
  }

https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/vault/SoftVault.sol#L47-L48

    function initialize(IProtocolConfig _config) external initializer {
        __ERC1155_init("HardVault");
        __Ownable_init();
        if (address(_config) == address(0)) revert ZERO_ADDRESS();
        config = _config;
    } 

https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/vault/HardVault.sol#L37-L38

Tool used

VS Code and Manual Review

Recommendation

Add missing calls to __ReentrancyGuard_init() functions of inherited contracts.

In the softVault.sol contract:

    function initialize(
        IProtocolConfig _config,
        ICErc20 _cToken,
        string memory _name,
        string memory _symbol
    ) external initializer {
        __ERC20_init(_name, _symbol);
        __Ownable_init();
        __ReentrancyGuard_init();
       ...
  }

In the hardVault.sol contract:

    function initialize(IProtocolConfig _config) external initializer {
        __ERC1155_init("HardVault");
        __Ownable_init();
        __ReentrancyGuard_init();
        if (address(_config) == address(0)) revert ZERO_ADDRESS();
        config = _config;
    }