search

sherlock-audit / 2024-08-flayer-judging

0 stars 0 forks source link

Happy Green Chimpanzee - Unprotected initializer #712

Open sherlock-admin3 opened 4 days ago

sherlock-admin3 commented 4 days ago

Happy Green Chimpanzee

Medium

Unprotected initializer

Summary

Consider protecting the initializer functions with modifiers.

Vulnerability Detail

missing check for new Implementation and also there is not any modifier to restrict the initialisation

Code Snippet

Found in src/InfernalRiftBelow.sol : Line: 103

 function initializeERC721Bridgable(address _erc721Bridgable) external {
        if (ERC721_BRIDGABLE_IMPLEMENTATION != address(0)) {
            revert TemplateAlreadySet();
        }

        ERC721_BRIDGABLE_IMPLEMENTATION = _erc721Bridgable;
        emit ERC721BridgableImplementationUpdated(_erc721Bridgable);
    }

Found in src/InfernalRiftBelow.sol : Line: 103

function initializeERC1155Bridgable(address _erc1155Bridgable) external {
        if (ERC1155_BRIDGABLE_IMPLEMENTATION != address(0)) {
            revert TemplateAlreadySet();
        }

        ERC1155_BRIDGABLE_IMPLEMENTATION = _erc1155Bridgable;
        emit ERC1155BridgableImplementationUpdated(_erc1155Bridgable);
    }

Missing check for remote token :

Found in src/libs/ERC1155Bridgeable.sol :Line: 53

    function initialize(uint96 _royaltyBps, uint256 _REMOTE_CHAIN_ID, address _REMOTE_TOKEN) external {
        if (msg.sender != INFERNAL_RIFT_BELOW) {
            revert NotRiftBelow();
        }

        // If this function has already been called, prevent it from being called again
        if (initialized) {
            revert AlreadyInitialized();
        }

        // Set this contract to receive marketplace royalty
        _setDefaultRoyalty(address(this), _royaltyBps);

        // Set our remote chain info
        REMOTE_CHAIN_ID = _REMOTE_CHAIN_ID;
        REMOTE_TOKEN = _REMOTE_TOKEN;

        // Prevent this function from being called again
        initialized = true;
    }

Found in src/libs/ERC721Bridgeable.sol : Line: 57

  function initialize(
        string memory _name,
        string memory _symbol,
        uint96 _royaltyBps,
        uint256 _REMOTE_CHAIN_ID,
        address _REMOTE_TOKEN
    ) external {
        if (msg.sender != INFERNAL_RIFT_BELOW) {
            revert NotRiftBelow();
        }

        // If this function has already been called, prevent it from being called again
        if (initialized) {
            revert AlreadyInitialized();
        }

        // Set our ERC721 metadata
        name = _name;
        symbol = _symbol;

        // Set our remote chain info
        REMOTE_CHAIN_ID = _REMOTE_CHAIN_ID;
        REMOTE_TOKEN = _REMOTE_TOKEN;

        // Set this contract to receive marketplace royalty
        _setDefaultRoyalty(address(this), _royaltyBps);

        // Prevent this function from being called again
        initialized = true;
    }

Tool used

Manual Review

Recommendation


 function initializeERC721Bridgable(address _erc721Bridgable) 
external 
+ onlyOwner
{
        if (ERC721_BRIDGABLE_IMPLEMENTATION != address(0)) {
            revert TemplateAlreadySet();
        }
+     if(_erc721Bridgable == address(0)){
+        revert AddreesZero(); // or any custom error
+ } 
        ERC721_BRIDGABLE_IMPLEMENTATION = _erc721Bridgable;
        emit ERC721BridgableImplementationUpdated(_erc721Bridgable);
    }

    function initialize(
        string memory _name,
        string memory _symbol,
        uint96 _royaltyBps,
        uint256 _REMOTE_CHAIN_ID,
        address _REMOTE_TOKEN
    ) 
external 
+ onlyOwner {
        if (msg.sender != INFERNAL_RIFT_BELOW) {
            revert NotRiftBelow();
        }

        // If this function has already been called, prevent it from being called again
        if (initialized) {
            revert AlreadyInitialized();
        }

        // Set our ERC721 metadata
        name = _name;
        symbol = _symbol;

+     if(_REMOTE_TOKEN() == address(0)){
+      revert cutomError();
+
        // Set our remote chain info
        REMOTE_CHAIN_ID = _REMOTE_CHAIN_ID;
        REMOTE_TOKEN = _REMOTE_TOKEN;

        // Set this contract to receive marketplace royalty
        _setDefaultRoyalty(address(this), _royaltyBps);

        // Prevent this function from being called again
        initialized = true;
    }