The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Uninitialized variables will render SmartVaultManagerV5 unusable

0xbtk

Summary

SmartVaultManagerV5 misses setters for some of its variables. This means that variables would be always equal to their default values.

Vulnerability Details

The list of uninitialized variables in the SmartVaultManagerV5 contract:

These uninitialized variables cause critical issues in the SmartVaultManagerV5 contract, rendering some of its functions unusable, e.g. SmartVaultManagerV5.mint() will always throw because euros address is still equal to the default value (address(0)). Similarly, collateralRate being unable to initialize results in a perpetual default value (0), causing a DoS in some functions like maxMintable() due to division by zero:

function maxMintable() public view returns (uint256) {
return
(euroCollateral() * ISmartVaultManagerV3(manager).HUNDRED_PC()) /
ISmartVaultManagerV3(manager).collateralRate();
}

Impact

The SmartVaultManagerV5 contract contains multiple uninitialized variables, rendering the contract unusable after deployment.

Tools Used

Manual review

Recommendations

Implement setters for the specified variables to resolve the issue.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

uninitialized-variables

informational/invalid

0xbtk Submitter
over 1 year ago
hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

uninitialized-variables

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.