function initialize(uint96 _royaltyBps, uint256 _REMOTE_CHAIN_ID, address _REMOTE_TOKEN) external {
if (msg.sender != INFERNAL_RIFT_BELOW) {
revert NotRiftBelow();
}
// If this function has already been called, prevent it from being called again
if (initialized) {
revert AlreadyInitialized();
}
// Set this contract to receive marketplace royalty
_setDefaultRoyalty(address(this), _royaltyBps);
// Set our remote chain info
REMOTE_CHAIN_ID = _REMOTE_CHAIN_ID;
REMOTE_TOKEN = _REMOTE_TOKEN;
// Prevent this function from being called again
initialized = true;
}
function initialize(
string memory _name,
string memory _symbol,
uint96 _royaltyBps,
uint256 _REMOTE_CHAIN_ID,
address _REMOTE_TOKEN
) external {
if (msg.sender != INFERNAL_RIFT_BELOW) {
revert NotRiftBelow();
}
// If this function has already been called, prevent it from being called again
if (initialized) {
revert AlreadyInitialized();
}
// Set our ERC721 metadata
name = _name;
symbol = _symbol;
// Set our remote chain info
REMOTE_CHAIN_ID = _REMOTE_CHAIN_ID;
REMOTE_TOKEN = _REMOTE_TOKEN;
// Set this contract to receive marketplace royalty
_setDefaultRoyalty(address(this), _royaltyBps);
// Prevent this function from being called again
initialized = true;
}
Tool used
Manual Review
Recommendation
function initializeERC721Bridgable(address _erc721Bridgable)
external
+ onlyOwner
{
if (ERC721_BRIDGABLE_IMPLEMENTATION != address(0)) {
revert TemplateAlreadySet();
}
+ if(_erc721Bridgable == address(0)){
+ revert AddreesZero(); // or any custom error
+ }
ERC721_BRIDGABLE_IMPLEMENTATION = _erc721Bridgable;
emit ERC721BridgableImplementationUpdated(_erc721Bridgable);
}
function initialize(
string memory _name,
string memory _symbol,
uint96 _royaltyBps,
uint256 _REMOTE_CHAIN_ID,
address _REMOTE_TOKEN
)
external
+ onlyOwner {
if (msg.sender != INFERNAL_RIFT_BELOW) {
revert NotRiftBelow();
}
// If this function has already been called, prevent it from being called again
if (initialized) {
revert AlreadyInitialized();
}
// Set our ERC721 metadata
name = _name;
symbol = _symbol;
+ if(_REMOTE_TOKEN() == address(0)){
+ revert cutomError();
+
// Set our remote chain info
REMOTE_CHAIN_ID = _REMOTE_CHAIN_ID;
REMOTE_TOKEN = _REMOTE_TOKEN;
// Set this contract to receive marketplace royalty
_setDefaultRoyalty(address(this), _royaltyBps);
// Prevent this function from being called again
initialized = true;
}
Happy Green Chimpanzee
Medium
Unprotected initializer
Summary
Consider protecting the initializer functions with modifiers.
Vulnerability Detail
missing check for new Implementation and also there is not any modifier to restrict the initialisation
Code Snippet
Found in src/InfernalRiftBelow.sol : Line: 103
Found in src/InfernalRiftBelow.sol : Line: 103
Missing check for remote token :
Found in src/libs/ERC1155Bridgeable.sol :Line: 53
Found in src/libs/ERC721Bridgeable.sol : Line: 57
Tool used
Manual Review
Recommendation