search

sherlock-audit / 2023-11-covalent-judging

3 stars 2 forks source link

iberry - The '_bspRequiredStake' variable is not initialized in the 'initialize' function #106

Closed sherlock-admin closed 7 months ago

sherlock-admin commented 7 months ago

iberry

medium

The '_bspRequiredStake' variable is not initialized in the 'initialize' function

Summary

The smart contract 'BlockSpecimenProofChain' has a vulnerability related to the initialization of the '_bspRequiredStake' variable. The variable is not initialized in the 'initialize' function, which can lead to potential issues as the contract relies on this variable for certain calculations and conditions

Vulnerability Detail

The '_bspRequiredStake' variable is not initialized in the 'initialize' function.

Impact

This can result in unexpected behavior or vulnerabilities as the contract relies on '_bspRequiredStake' for certain calculations and conditions. The uninitialized variable may lead to incorrect calculations and decisions, posing a risk to the functionality and security of the smart contract

Code Snippet

https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/BlockSpecimenProofChain.sol#L521-L523

function getBSPRoleData() external view returns (uint128 requiredStake, address[] memory activeMembers) {
    return (_bspRequiredStake, _blockSpecimenProducers.values());
}

Tool used

Manual Review

Recommendation

It is recommended to initialize the '_bspRequiredStake' variable in the 'initialize' function. Ensure that all essential variables are properly initialized to avoid unintended behavior or vulnerabilities. Review and update the initialization logic to set a meaningful and secure initial value for '_bspRequiredStake'.

Duplicate of #62

sherlock-admin2 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid