QA Report #4
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
reviewed
Issues that Backd has reviewed (just for internal tracking, can ignore this)
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/AddressProvider.sol#L47
Vulnerability details
Impact
In
AddressProvider.sol
the use of Open Zeppelin upgradeable contracts indicates thatAddressProvider.sol
should be upgradeable. The problem is that it uses aconstructor
function which should not be used in upgradeable contracts since it can break upgradeability.Proof of Concept
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/AddressProvider.sol#L47
Tools Used
Manual code review
Recommended Mitigation Steps
Consider deleting the
constructor
function and adding its logic inside theinitialize()
function.The text was updated successfully, but these errors were encountered: