Proxy's logic contract relies on code in the constructor

Lines of code 122, 50, 25, 67, 98, 67, 22 Vulnerability details Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract's constructor - only its initializer. Move all code in the constructor to the initializer function. File:...

Proxy's logic contract relies on code in the constructor

Lines of code 122, 50, 25, 67, 98, 67, 22 Vulnerability details Impact Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract's constructor - only its initializer. Move all code in the constructor to the initializer function. File:...

The prime Initializer function in prime.sol is marked “virtual”

Lines of code Vulnerability details Impact The prime initializer is responsible for setting the state variables in the prime.sol contract. The deal breaker here is; Use of virtual - If the function in the parent contract is expected to be overridden in its child contracts, it should be declared a...

Update initializer library to prevent reentrancy during initialization

Lines of code Vulnerability details Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an external initializer function, usually called initialize. It then becomes necessary to protect this initializer function so it can only be called once. The...

Privilege Escalation

openzeppelin/contracts is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization in the initializer function which allowed an actor with executor role to escalate privileges...

Improper Initialization in OpenZeppelin

In OpenZeppelin =v4.4.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an...