sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { No clear impact mentioned}
Closed sherlock-admin closed 7 months ago
sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { No clear impact mentioned}
nevillehuang
commented
7 months ago Invalid, not required since initialization performs no logic as seen here. The future upgrades would consitute future integration not supported based on sherlock rules
0xAnmol
medium
__AccessControl_init` is not called on initialize
Summary
The
CouncilMember:initializefunction should include a call to the__AccessControl_initfunction to ensure that the contract's internal states are initialized correctly.Vulnerability Detail
The purpose of the
CouncilMember:initializefunction is to properly initialize the proxy state. This is achieved by calling the init function of the inherited contract, such as__ERC72_Init.In addition, the
CouncilMember.solcontract inherits fromAccessControlEnumerableUpgradeable, which has an empty init function called__AccessControl_init. Although this function is empty, it is recommended to include the initialization to maintain compatibility with any future updates of OZ.Impact
Incompatibility with future versions of OZ.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L66
Tool used
Manual Review
Recommendation
call __AccessControl_init in initialize function.