Closed sherlock-admin closed 1 year ago
SanketKogekar
medium
FootiumGeneralPaymentContract
footiumClub
The footiumClub is never set to a new value but is not made to be immutable either.
immutable
Since the contracts are designed to be upgradeable, its important to make sure no changes are made which can break exisiting functionality.
Make sure below variable is immutable, so it can only be set from constructor/initializer.
IFootiumClub public footiumClub;
footiumClub address could be changed accidentally in future contract upgrades, which is a very common mistake.
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumGeneralPaymentContract.sol#L19-L20
Manual Review
Consider changing the line to -
IFootiumClub public immutable footiumClub;
SanketKogekar
medium
In
FootiumGeneralPaymentContract, setfootiumClubcontract address to be immutable.Summary
The
footiumClubis never set to a new value but is not made to beimmutableeither.Vulnerability Detail
Since the contracts are designed to be upgradeable, its important to make sure no changes are made which can break exisiting functionality.
Make sure below variable is immutable, so it can only be set from constructor/initializer.
Impact
footiumClub address could be changed accidentally in future contract upgrades, which is a very common mistake.
Code Snippet
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumGeneralPaymentContract.sol#L19-L20
Tool used
Manual Review
Recommendation
Consider changing the line to -