Anubis - Contract Upgradeability and Initialization

[sherlock-admin2]

Anubis

medium

Contract Upgradeability and Initialization

Summary

As an Initializable contract, ensuring that the contract is properly initialized and preventing re-initialization is crucial for maintaining the contract's integrity.

Vulnerability Detail

If the initialization mechanism has flaws or if the contract can be re-initialized, it might lead to security issues like resetting critical state variables or changing the contract's behavior.

Impact

Improper initialization or re-initialization can lead to setting incorrect addresses for availBridge or other critical parameters, impacting the contract's behavior.

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/MessageReceiver.sol#L25-L28

The __MessageReceiver_init function is intended to initialize the contract.

Tool used

Manual Review

Recommendation

1. Ensure Proper Initialization: Make sure that the contract is properly initialized upon deployment and that the initialization logic correctly sets up all necessary state variables.
2. Protect Against Re-initialization: Ensure that the contract cannot be re-initialized once deployed, which could potentially reset its state or configuration.

[sherlock-admin]

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Invalid. The function have access control

takarez commented:

invalid because {invalid: initalization is an admin job and considered trusted}