The contract initializer lacks access controls, allowing anyone to initialize it. This vulnerability enables malicious users to front-run the initialize() call with incorrect parameters.
Vulnerability Detail
If the initializer is not executed in the same transaction as the constructor, a malicious user can front-run the initialize() call, forcing the contract to be redeployed.
contract initializer is missing access controls, allowing users to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing redeployed.
Impact
High risk of misconfiguration, requiring contract redeployment.
function initialize(string memory name, uint16 borrowCurrencyId) public virtual initializer {
__INIT_VAULT(name, borrowCurrencyId);
// Double check to ensure that these tokens are matching
require(BORROW_TOKEN == address(_underlyingToken()));
_initialize();
}
initialize function does not have access control. That is vulnerable to front-running.
Tool used
Manual Review
Recommendation
Setting the owner in the contract's constructor to the msg.sender and adding the onlyOwner modifier to all initializers would be a sufficient level of access control.
Clever Pink Bat
Low/Info
Front-runable initializer
Summary
The contract initializer lacks access controls, allowing anyone to initialize it. This vulnerability enables malicious users to front-run the initialize() call with incorrect parameters.
Vulnerability Detail
If the initializer is not executed in the same transaction as the constructor, a malicious user can front-run the initialize() call, forcing the contract to be redeployed. contract initializer is missing access controls, allowing users to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing redeployed.
Impact
High risk of misconfiguration, requiring contract redeployment.
Code Snippet
https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/main/leveraged-vaults-private/contracts/vaults/staking/BaseStakingVault.sol#L60
initialize function does not have access control. That is vulnerable to front-running.
Tool used
Manual Review
Recommendation
Setting the owner in the contract's constructor to the
msg.sender
and adding theonlyOwner
modifier to all initializers would be a sufficient level of access control.