`WrappedAvail :: constructor` can cause `bridge` to an address that does not belong to the correct `bridge` address

Summary

constructor must use msg.sender

Vulnerability Detail

WrappedAvail :: constructor can cause bridge to an address that does not belong to the correct bridge address beacuse is set as a parameter not as msg.sender

Impact

bridge address is used for minting and burning if is incorrect you can't burn or mint

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/WrappedAvail.sol#L18

Tool used

Manual Review

Recommendation

set bridge address with msg.sender

-    constructor(address _bridge) ERC20Permit("Wrapped Avail") ERC20("WAVAIL", "Wrapped Avail") {

-        bridge = _bridge;
    }

+    constructor() ERC20Permit("Wrapped Avail") ERC20("WAVAIL", "Wrapped Avail") {

+        bridge = msg.sender;
    }

sherlock-audit / 2023-12-avail-judging

kgothatso - `WrappedAvail :: constructor ` can cause `bridge` to an address that does not belong to the correct `bridge` address #50

`WrappedAvail :: constructor` can cause `bridge` to an address that does not belong to the correct `bridge` address

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-12-avail-judging

kgothatso - `WrappedAvail :: constructor ` can cause `bridge` to an address that does not belong to the correct `bridge` address #50

WrappedAvail :: constructor can cause bridge to an address that does not belong to the correct bridge address

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

`WrappedAvail :: constructor` can cause `bridge` to an address that does not belong to the correct `bridge` address