Lines of code
<https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperStrategyGranarySupplyOnly.sol#L62>
<https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperStrategyGranarySupplyOnly.sol#L19>
ReaperStrategyGranarySupplyOnly calls function __ReaperBaseStrategy_init() from ReaperBaseStrategyv4,
but ReaperBaseStrategyv4 is not Initializable. If the __ReaperBaseStrategy_init function is not called during contract initialization, it can cause critical issues as the state variables initialized in this function wonβt be set properly. This can lead to unexpected behavior and vulnerabilities such as reentrancy, funds being stuck in the contract, or even complete loss of funds.
For example, if βwantβ is not initialized properly, the contract may not be able to interact with the expected token and may result in usersβ funds being locked in the contract indefinitely.
Similarly, if roles are not initialized properly, it can result in unauthorized access to sensitive functions or funds.
Recommended steps: Add Initializable to contract declaration.
abstract contract ReaperBaseStrategyv4 is
ReaperAccessControl,
IStrategy,
UUPSUpgradeable,
AccessControlEnumerableUpgradeable,
"Initializable"
{
The text was updated successfully, but these errors were encountered:
All reactions