DEFAULT_ADMIN_ROLE in BuyOrderIssuer.sol is not initiliazed
Summary
BuyOrderIssuer.sol inherit from abstract contract OrderProcessor.sol which use AccessControlDefaultAdminRulesUpgradeable from openzeppelin, the DEFAULT_ADMIN_ROLE is not set on deployment, thus impossible to upgrade using _authorizeUpgrade or _grantRole
Vulnerability Detail
Because the contract will not have a DEFAULT_ADMIN_ROLE, it's not possible to upgrade the contract afterward or _grantRole
Impact
Impossible to add/remove role or upgrade contract after deployment
Code Snippet
Tool used
Manual Review
Recommendation
On deployment, follow Openzeppelin guideline and add a constructor initializing the DEFAULT_ADMIN_ROLE:
foufrix
high
DEFAULT_ADMIN_ROLE in BuyOrderIssuer.sol is not initiliazed
Summary
BuyOrderIssuer.sol inherit from abstract contract OrderProcessor.sol which use
AccessControlDefaultAdminRulesUpgradeablefrom openzeppelin, the DEFAULT_ADMIN_ROLE is not set on deployment, thus impossible to upgrade using _authorizeUpgrade or_grantRoleVulnerability Detail
Because the contract will not have a DEFAULT_ADMIN_ROLE, it's not possible to upgrade the contract afterward or
_grantRoleImpact
Impossible to add/remove role or upgrade contract after deployment
Code Snippet
Tool used
Manual Review
Recommendation
On deployment, follow Openzeppelin guideline and add a constructor initializing the DEFAULT_ADMIN_ROLE: