Missing Initialization of OwnableUpgradeable in LenderCommitmentGroup_Smart Contract
Summary
TheLenderCommitmentGroup_Smart contract inherits from OwnableUpgradeable but does not call the required initialization function __Ownable_init() to establish the contract's ownership.
Vulnerability Detail
The contract uses the OpenZeppelin upgradeable contracts framework, which requires explicit initialization of inherited contracts due to the lack of a constructor in the proxy pattern. The OwnableUpgradeable contract provides ownership management features, but without proper initialization, the owner of the contract will not be set, leading to potential issues with access control and ownership-dependent functions.
Impact
Failure to initialize OwnableUpgradeable means that the owner() function will return the zero address, and functions restricted to the owner, such as pauseBorrowing() and unpauseBorrowing(), cannot be called successfully. This compromises the contract's administrative controls and emergency stop mechanisms.
Afriaudit
medium
Missing Initialization of OwnableUpgradeable in
LenderCommitmentGroup_SmartContractSummary
The
LenderCommitmentGroup_Smartcontract inherits fromOwnableUpgradeablebut does not call the required initialization function__Ownable_init()to establish the contract's ownership.Vulnerability Detail
The contract uses the OpenZeppelin upgradeable contracts framework, which requires explicit initialization of inherited contracts due to the lack of a constructor in the proxy pattern. The OwnableUpgradeable contract provides ownership management features, but without proper initialization, the owner of the contract will not be set, leading to potential issues with access control and ownership-dependent functions.
Impact
Failure to initialize OwnableUpgradeable means that the owner() function will return the zero address, and functions restricted to the owner, such as pauseBorrowing() and unpauseBorrowing(), cannot be called successfully. This compromises the contract's administrative controls and emergency stop mechanisms.
Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L158
Tool used
Manual Review
Recommendation
Include a call to __Ownable_init() within the initialize function to properly set the initial owner of the contract.
Duplicate of #35