MultiInvoker will be upgraded . The current multi invoker is of version 2 . Therefore , to re-initialize the contract, the version should be 3 .
Vulnerability Detail
In the initialize function , the initializer version is 2 instead of 3 . Therefore , if any of the below contracts are to be updated , the initializer will need to be called.
batcher
collateral
reserve
But as the version is 2 , it will fail.
While discussing this with the sponsor, they conveyed they don't intend to change the current contracts, but as it was not mentioned in the docs or audit note. I consider it a valid issue.
Impact
Multi invoker will not be able to approve the contracts if needed
supernova
medium
Multi Invoker cannot be initialized
Summary
MultiInvoker will be upgraded . The current multi invoker is of version 2 . Therefore , to re-initialize the contract, the version should be 3 .
Vulnerability Detail
In the
initialize
function , the initializer version is 2 instead of 3 . Therefore , if any of the below contracts are to be updated , the initializer will need to be called.But as the version is 2 , it will fail.
While discussing this with the sponsor, they conveyed they don't intend to change the current contracts, but as it was not mentioned in the docs or audit note. I consider it a valid issue.
Impact
Multi invoker will not be able to approve the contracts if needed
Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial/contracts/multiinvoker/MultiInvoker.sol#L49-L64
Tool used
Manual Review
Recommendation
Use version 3 instead of 2 in initializer of multi invoker