QA Report #139
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
[L-01] Missing constructor and modifier for contracts using Initializable
Impact
OpenZeppelin recommends adding an empty constructor with the
initializer
modifier in order to avoid exploits.https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxy.sol#L12
Recommended Mitigations Steps
Add an empty constructor with the initializer modifier.
OpenZeppelin's main concern is for contracts using
UUPSUpgradeable
. However, I would still recommend adding it for all contracts usingInitializable
as an extra layer of security to avoid having to send a transaction to invokeinitialize()
after the contract is deployed to ensure no one else can initialize.[NC-01] Remove floating pragma
Locking the pragma will make sure that the contract does not get deployed using outdated compiler versions.
https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxy.sol
https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxyFactory.sol
https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/interfaces/IMIMOProxyFactory.sol
https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/interfaces/IMIMOProxyRegistry.sol
[NC-02] Empty receive function
The function should revert if the intention is not to receive ether, or add a functionality for the received ether.
https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxy.sol#L38
The text was updated successfully, but these errors were encountered: