OptimismPortal2 introduced the disputeGameFactory variable. This variable can not be set after the contract upgrade.
Vulnerability Detail
The disputeGameFactory variable is only set in the initialize function. This function wont be callable on the proxy after the upgrade, as it has been called before and the _initialized field is now already set on mainnet.
Impact
The disputeGameFactory is used in the proveWithdrawalTransaction function. If its set to address(0), this function won't be callable and hence core functionality of the OptimismPortal will be rendered unusable until a further contract upgrade
99Crits
medium
DisputeGameFactory cant be set for OptimismPortal
Summary
OptimismPortal2 introduced the
disputeGameFactoryvariable. This variable can not be set after the contract upgrade.Vulnerability Detail
The
disputeGameFactoryvariable is only set in theinitializefunction. This function wont be callable on the proxy after the upgrade, as it has been called before and the_initializedfield is now already set on mainnet.Impact
The
disputeGameFactoryis used in theproveWithdrawalTransactionfunction. If its set to address(0), this function won't be callable and hence core functionality of theOptimismPortalwill be rendered unusable until a further contract upgradeCode Snippet
https://github.com/sherlock-audit/2024-02-optimism-2024/blob/9621139ea1c02b9f920206c59be4378a186e2179/optimism/packages/contracts-bedrock/src/L1/OptimismPortal2.sol#L147-L155
Tool used
Manual Review
Recommendation
Either:
Duplicate of #82