As you can see, it has no modifier and allows for re-initialization.
Impact
This Allows a malicious owner to change the collateral address, the user and also the fee collector at will, and this is too much power given to the onlyOwner, where the could manipulate and scam, users at will.
shealtielanz
high
Missing Initializer in ControlFacet.sol
Summary
The ControlFacet.sol is missing an initializer modifier on the init function, allows a malicious owner to re-initialize it.
Vulnerability Detail
The ControlFacet.sol
As you can see, it has no modifier and allows for re-initialization.
Impact
This Allows a malicious owner to change the collateral address, the user and also the fee collector at will, and this is too much power given to the onlyOwner, where the could manipulate and scam, users at will.
Code Snippet
Tool used
Manual Review
Recommendation
Import open Zeppeline's initializable.sol library and make use of the initializer modifier to guard against future, re-intialization