search

sherlock-audit / 2023-02-kairos-judging

2 stars 0 forks source link

Go-langer - Unimported libraries for initialization #136

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

Go-langer

medium

Unimported libraries for initialization

Summary

Unimported libraries for initialization

Vulnerability Detail

The contract declaration doesn't inherit the imported libraries for initialization.

Impact

If one of the above is used to utilize the diamond upgradeability functionality, the protocol will not be initialized.

Code Snippet

Contract Initializer.sol

Contract Initializer is .... {

}

https://github.com/sherlock-audit/2023-02-kairos/blob/main/kairos-contracts/src/Initializer.sol#L19

Tool used

VS Code

Manual Review

Recommendation

Refactor to this:

Contract Initializer is "LibDiamond" {

}

Please make sure that if you intend to use the Diamond Proxy upgradeability functionality, that you import the above contracts and inherit them in the contract declaration. Also, follow the right procedure workflow as noted below:

The Diamond initialization workflow:

Deploy the initialization contract, DiamondInit. Deploy the implementation contracts. Deploy the Diamond. Execute diamondCut() function. Mapping is upgraded by adding function selectors and facet addresses. The _calldata argument is executed with delegatecall on DiamondInit (same transaction) Diamond state variables are initialized. The Diamond deployment is complete.