Race-condition risk with initialize functions

# Handle

0xRajeev


# Vulnerability details

## Impact
Race-condition risk with initialize functions if deployment script is not robust to create and initialize contracts atomically or if factory contracts do not create and initialize appropriately.

If this is not implemented correctly, an attacker can front-run to initialize contracts with their parameters. This, if noticed, will require a redeployment of contracts resulting in potential DoS and  reputational damage.


## Proof of Concept

https://github.com/code-423n4/2021-08-floatcapital/blob/bd419abf68e775103df6e40d8f0e8d40156c2f81/contracts/contracts/LongShort.sol#L188-L193

https://github.com/code-423n4/2021-08-floatcapital/blob/bd419abf68e775103df6e40d8f0e8d40156c2f81/contracts/contracts/FloatToken.sol#L21-L25

https://github.com/code-423n4/2021-08-floatcapital/blob/bd419abf68e775103df6e40d8f0e8d40156c2f81/contracts/contracts/Staker.sol#L179-L186


## Tools Used

Manual Analysis

## Recommended Mitigation Steps

Ensure deployment script is robust to create and initialize contracts atomically or factory contracts create and initialize appropriately.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Race-condition risk with initialize functions #82

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Race-condition risk with initialize functions #82

Description

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions