stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`SDLPoolPrimary.sol` and `SDLPoolSecondary.sol` contracts are both upgradeable their initializer function on them can be front-run causing the contracts to have unintended initialization

engrpips

Summary

SDLPoolPrimary.sol and SDLPoolSecondary.sol contracts are both upgradeable smart contracts and the initializer function on them can be front-run causing the contracts to have unintended initialization

Vulnerability Details

Impact

Not initializing the contracts on deployment and forgetting to initialize them would make it so any one can call the initialization function and initialize the contract with whatever values they pass in to the function and that would in return break the protocol.

Tools Used

Manual Review

Recommendations

The protocol should make sure to initialize the contracts on deployment so as to avoid forgetting to initialize them and leaving them open for anybody to initialize

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.