Summary

The initialize function can lead to a state where the contract becomes partially initialized and unable to be re-initialized.

Vulnerability Details

The onlyInit modifier sets the implementation as initialized (_initializedImpls[impl] = true) before the actual initialization code in the initialize function is executed.

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/UUPSProxied.sol#L19C2-L26C6

If the initialize function fails or reverts after the modifier has run but before completing all initialization steps, the contract will be left in a partially initialized state and cannot be re-initialized.

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L44C4-L67C1

Impact

Denial of service as it becomes impossible to properly initialize the contract after a failed initialization attempt.

Tools Used

Manual review

Recommendations

Modify the onlyInit modifier to only check if the implementation is initialized, without setting it as initialized.

Move the initialization flag setting to the end of the initialize function: