First Flight #19: Mondrian Wallet v2
First Flight #19
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Call `__UUPSUpgradeable_init` function is not necessary

0xjoaovictor

Summary

Inside the MondrianWallet2::initialize function has the called of __UUPSUpgradeable_init function but it's not necessary more.

Vulnerability Details

The MondrianWallet2::initialize will be calling unecessary functions, for example:

function initialize() public initializer {
__Ownable_init(msg.sender);
__UUPSUpgradeable_init();
}

But in the lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/UUPSUpgradeable.sol we can see that the __UUPSUpgradeable_init function is empty:

function __UUPSUpgradeable_init() internal onlyInitializing {
}

Impact

The MondrianWallet2::initialize will be have unecessary code.

Tools Used

Solidity and Foundry

Proof Of Concept

Add the following code to the test/ModrianWallet2Test.t.sol:

function testZkDontNeedCallUUPSUpgradeableInitFunction() public {
// First: remove `__UUPSUpgradeable_init();` in the `MondrianWallet2.sol`
// Arrange
MondrianWallet2 newImplementation = new MondrianWallet2();
// Act
vm.prank(ANVIL_DEFAULT_ACCOUNT);
UUPSUpgradeable(address(mondrianWallet)).upgradeToAndCall(address(newImplementation), bytes(""));
}

Run: forge test --zksync --system-mode=true --match-test testZkDontNeedCallUUPSUpgradeableInitFunction -vvv

Recommendations

Remove the __UUPSUpgradeable_init();:

function initialize() public initializer {
__Ownable_init(msg.sender);
- __UUPSUpgradeable_init();
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.