Closed sherlock-admin closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { No clear impact mentioned}
Invalid, not required since initialization performs no logic as seen here. The future upgrades would consitute future integration not supported based on sherlock rules
0xAnmol
medium
__AccessControl_init` is not called on initialize
Summary
The
CouncilMember:initialize
function should include a call to the__AccessControl_init
function to ensure that the contract's internal states are initialized correctly.Vulnerability Detail
The purpose of the
CouncilMember:initialize
function is to properly initialize the proxy state. This is achieved by calling the init function of the inherited contract, such as__ERC72_Init
.In addition, the
CouncilMember.sol
contract inherits fromAccessControlEnumerableUpgradeable
, which has an empty init function called__AccessControl_init
. Although this function is empty, it is recommended to include the initialization to maintain compatibility with any future updates of OZ.Impact
Incompatibility with future versions of OZ.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L66
Tool used
Manual Review
Recommendation
call __AccessControl_init in initialize function.