TempleGold

Summary

During the review of the smart contract TempleGold in TempleGold.sol, a potential flaw related to a void constructor call was identified. The constructor call Ownable(_initArgs.executor) is being made, but it is not present in a parent contract, which may indicate an issue where the developer assumes the parent constructor is executed, but no code is actually executed.

Vulnerability Details

Void Constructor Calls

• Description: A parent constructor that is being called but is not present in a parent contract can indicate a flaw in the code. This might lead to a situation where the developer assumes that the parent constructor is executed, but in reality, no code is actually executed.

• Code Snippet:

  OFT(_initArgs.name, _initArgs.symbol, _initArgs.layerZeroEndpoint, _initArgs.executor) Ownable(_initArgs.executor)

This snippet is part of the TempleGold contract's constructor.

Impact

If the Ownable constructor is not executed as intended, it could result in improper initialization of the contract, potentially leading to security vulnerabilities or unexpected behavior during contract execution. This can affect the ownership management and authorization mechanisms within the contrac

Tools Used

Manual code review

Recommendations

• Verify the presence of the Ownable constructor in the parent contract and ensure it is correctly called.

• If the Ownable constructor is not needed or does not exist, remove the call to avoid confusion and potential issues.