search

sherlock-audit / 2024-02-jala-swap-judging

6 stars 4 forks source link

Myrault - Contract ChilizWrapperFactory.sol cannot be compiled #251

Closed sherlock-admin2 closed 6 months ago

sherlock-admin2 commented 6 months ago

Myrault

medium

Contract ChilizWrapperFactory.sol cannot be compiled

Summary

ChilizWrapperFactory.sol inherits Ownable but does not pass parameters to the constructor of Ownable, causing the contract to fail to compile.

Vulnerability Detail

Error:
Compiler run failed:
Error (3415): No arguments passed to the base constructor. Specify the arguments or mark "ChilizWrapperFactory" as abstract.
  --> contracts/utils/ChilizWrapperFactory.sol:11:1:
   |
11 | contract ChilizWrapperFactory is IChilizWrapperFactory, Ownable {
   | ^ (Relevant source part starts here and spans across multiple lines).
Note: Base constructor parameters:
  --> lib/openzeppelin-contracts/contracts/access/Ownable.sol:38:16:
   |
38 |     constructor(address initialOwner) {
   |                ^^^^^^^^^^^^^^^^^^^^^^

Warning (9302): Return value of low-level calls not used.
  --> contracts/mocks/MockWETH.sol:45:9:
   |
45 |         payable(msg.sender).call{value: wad}("");
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Impact

ChilizWrapperFactory.sol failed to compile successfully

Code Snippet

https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/utils/ChilizWrapperFactory.sol#L11-L75

Tool used

Manual Review

Recommendation

diff --git a/jalaswap-dex-contract/contracts/utils/ChilizWrapperFactory.sol b/jalaswap-dex-contract/contracts/utils/ChilizWrapperFactory.sol
index a2c5bc8..3277f93 100644
--- a/jalaswap-dex-contract/contracts/utils/ChilizWrapperFactory.sol
+++ b/jalaswap-dex-contract/contracts/utils/ChilizWrapperFactory.sol
@@ -9,6 +9,9 @@ import {SafeERC20} from "../libraries/SafeERC20.sol";
 import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";

 contract ChilizWrapperFactory is IChilizWrapperFactory, Ownable {
+    constructor() Ownable (msg.sender){
+
+    }
     mapping(address => address) public underlyingToWrapped;
     mapping(address => address) public wrappedToUnderlying;
nevillehuang commented 6 months ago

Invalid, although it could be an issue, given it is unknown what version of OZ is specified as seen here

  1. If OZ >=4.9.3 < 5.0.0 is used, owner is the deployer and is auto transffered as seen here
  2. If OZ >5.0.0 is used, it will indeed revert as owner need to be explicitly initialized as seen here

Since this is a deployment configuration error similar to the previously known PUSH0 issue, I believe this is invalid.