Skip to content

Multiple initialize functions #19

New issue
New issue
Open
Open
Multiple initialize functions#19
Labels
0 (Non-critical)bugSomething isn't workingfixed-in-upstream-repoThis task has been implemented in the upstream reporesolvedsponsor acknowledged
@code423n4

Description

@code423n4
code423n4
opened on Aug 7, 2021

Handle

jonah1005

Vulnerability details

Impact

Multiple initialize functions of floatToken. An attacker may front-runinitializeFloatToken transaction with initialize and mock the exact behaviors and grant the attacker's owner role.

Proof of Concept

https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/FloatToken.sol#L14-L21

Tools Used

None

Recommended Mitigation Steps

While the dev team is aware of this and leaves the comment in the contract, over-ride the initialize function would possibly clear the uncertainty.

  function initialize(
      string memory name,
      string memory symbol
    ) public initializer override {
      revert("!authorized")
    }

Metadata

Metadata

Assignees

No one assigned

    Labels

    0 (Non-critical)bugSomething isn't workingfixed-in-upstream-repoThis task has been implemented in the upstream reporesolvedsponsor acknowledged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions