Default Value Assignment of enums may raise potential concern
Summary
The default assignment of an enum (always the first value) may introduce ambiguity and potential issues within the contract's logic. Without explicit initialization, the default value might mislead users and result in inconsistent states or logic errors.
Vulnerability Details
Lets take the example of the below enum to describe the issue.
Here we have four values defining the state of a State. Created will be the default value irrespective of whether it was previously set of not. As a result, as soon as the Escrow Contract is created, it is in "Created" State and functions like confirmReceipt and initiateDispute are ready to be called.
Additionally I good reference example from OpenZeppelin TimelockController contract can be found here - https://github.com/OpenZeppelin/openzeppelin-contracts/blob/1a77a508f93e2df058cb082def4753a060aefa8f/contracts/governance/TimelockController.sol#L35-L40
Impact
No Security Risk or Impact
Tools Used
Manual Analysis
Recommendations
It is recommended to ensure clear initialization of order when necessary, consider defining null or undefined states.
Sample Fix
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.