Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Incorrect initialization of logic contract.

poneta

Summary

Logic contracts for proxies should not be initialized using a constructor, they should instead be initialized using an iniitalizer function.

Vulnerability Details

for implementation of a proxy pattern, the constructor is not used for the logic contract because it's only called when the contract is first created. Instead, an initializer function is typically used to set the initial state of the logic contract.

In Distributor.sol, the constructor is used to set the FACTORY_ADDRESS and STADIUM_ADDRESS which are immutable variables. This contract is used as a logic contract for a proxy, thus values would not be set for the proxy contract, as the constructor is not called when the proxy is created.

Impact

Any state variables initialized in the constructor will not be set for the proxy contract, leading to potential issues in the contract's functionality.
FACTORY_ADDRESS and STADIUM_ADDRESS are set in the constructor and are immutable. In a proxy contract, these variables would not be set, as the constructor is not called.

Tools Used

Manual Analysis

Recommendations

Use an initializer funtion instead of a constructor to initialize Distributor.sol

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.