Lucene search

K
code423n4Code4renaCODE423N4:2022-01-DEV-TEST-REPO-FINDINGS-ISSUES-254
HistoryDec 12, 2023 - 12:00 a.m.

Proxy's logic contract relies on code in the constructor

2023-12-1200:00:00
Code4rena
github.com
3
proxy
logic contract
constructor
initializer function
vulnerability
code execution

7.2 High

AI Score

Confidence

Low

Lines of code


122, 50, 25, 67, 98, 67, 22

Vulnerability details


Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract’s constructor - only its initializer. Move all code in the constructor to the initializer function.

File: contracts/Balancer.sol

/// @audit initConnectedOFT()
122      constructor(
123          address _routerETH,
124          address _router,
125          address _owner
126      ) Owned(_owner) {
127          if (_router == address(0)) revert RouterNotValid();
128          if (_routerETH == address(0)) revert RouterNotValid();
129          routerETH = IStargateRouter(_routerETH);
130          router = IStargateRouter(_router);
131:     }



File: contracts/tOFT/BaseTOFT.sol

/// @audit initMultiSell()
50       constructor(
51           address _lzEndpoint,
52           address _erc20,
53           IYieldBoxBase _yieldBox,
54           string memory _name,
55           string memory _symbol,
56           uint8 _decimal,
57           uint256 _hostChainID,
58           address payable _leverageModule,
59           address payable _strategyModule,
60           address payable _marketModule,
61           address payable _optionsModule
62       )
63           BaseTOFTStorage(
64               _lzEndpoint,
65               _erc20,
66               _yieldBox,
67               _name,
68               _symbol,
69               _decimal,
70               _hostChainID
71           )
72           ERC20Permit(string(abi.encodePacked("TapiocaOFT-", _name)))
73       {
74           leverageModule = BaseTOFTLeverageModule(_leverageModule);
75           strategyModule = BaseTOFTStrategyModule(_strategyModule);
76           marketModule = BaseTOFTMarketModule(_marketModule);
77           optionsModule = BaseTOFTOptionsModule(_optionsModule);
78:      }



File: contracts/tOFT/modules/BaseTOFTLeverageModule.sol

/// @audit initMultiSell()
25       constructor(
26           address _lzEndpoint,
27           address _erc20,
28           IYieldBoxBase _yieldBox,
29           string memory _name,
30           string memory _symbol,
31           uint8 _decimal,
32           uint256 _hostChainID
33       )
34           BaseTOFTStorage(
35               _lzEndpoint,
36               _erc20,
37               _yieldBox,
38               _name,
39               _symbol,
40               _decimal,
41               _hostChainID
42           )
43:      {}



File: contracts/Vesting.sol

/// @audit init()
67       constructor(uint256 _cliff, uint256 _duration, address _owner) {
68           require(_duration > 0, "Vesting: no vesting");
69   
70           cliff = _cliff;
71           duration = _duration;
72           owner = _owner;
73:      }



File: contracts/markets/bigBang/BigBang.sol

/// @audit init()
98:      constructor() MarketERC20("Tapioca BigBang") {}



File: contracts/usd0/BaseUSDO.sol

/// @audit initMultiHopBuy()
67       constructor(
68           address _lzEndpoint,
69           IYieldBoxBase _yieldBox,
70           address _owner,
71           address payable _leverageModule,
72           address payable _marketModule,
73           address payable _optionsModule
74       ) BaseUSDOStorage(_lzEndpoint, _yieldBox) ERC20Permit("USDO") {
75           leverageModule = USDOLeverageModule(_leverageModule);
76           marketModule = USDOMarketModule(_marketModule);
77           optionsModule = USDOOptionsModule(_optionsModule);
78   
79           transferOwnership(_owner);
80:      }



File: contracts/usd0/modules/USDOLeverageModule.sol

/// @audit initMultiHopBuy()
22       constructor(
23           address _lzEndpoint,
24           IYieldBoxBase _yieldBox
25:      ) BaseUSDOStorage(_lzEndpoint, _yieldBox) {}

Assessed type


other


The text was updated successfully, but these errors were encountered:

All reactions

7.2 High

AI Score

Confidence

Low