sherlock-admin2
commented
1 year ago 1 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Future upgradeable scenario is invalid by Sherlock docs
Closed sherlock-admin2 closed 1 year ago
sherlock-admin2
commented
1 year ago 1 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Future upgradeable scenario is invalid by Sherlock docs
psb01
medium
owner of Ownable.sol is not set by default
Summary
The owner account will not be the one that deploys the contract and should provided as a constructor argument during deployment.
Vulnerability Details
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L145-L157 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/Vault.sol
In openzeppelin v5 we need to explicitely initialize ownable constructor by giving initial owner in arguments but In above codes no call to Ownable(_owner) in it's constructor.
Impact
In case of upgradable contract If we don't initialize ownable explicitely then contract is deployed without owner and In case of non-upgradeable scenario It faces Compilation error.
Tool Used
Manual
Code Snippet
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L145-L157 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/Vault.sol
Recommendation
Initialize Ownable explicitly by providing Ownable(initialOwner) in the constructor.