Zaros Part 1

Github
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/external/chainlink/keepers/BaseKeeper.sol#L23
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/external/chainlink/keepers/market-order/MarketOrderKeeper.sol#L76-L88
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/external/chainlink/keepers/market-order/MarketOrderKeeper.sol#L162

Summary

The BaseKeeper contract allows the address of the Keeper forwarder to be set via the setForwarder function, which updates the Keeper forwarder address. However, the self.forwarder variable is never initialized within the contract. As a result, the performUpkeep function in MarketOrderKeeper and LiquidationKeeper, which uses the onlyForwarder modifier, will not work correctly if self.forwarder is not initialized. Along with this when someone calls getConfigin MarketOrderKeeper, it will fetch wrong data about forwarder

Impact

If the self.forwarder variable is not properly initialized, the performUpkeep function will not work as intended. This will prevent the Keeper's forwarder contract from executing its functions, leading to potential failures in upkeep operations such as account liquidation.

Recommendation

To ensure that the self.forwarder variable is properly initialized, it should be set during the contract's initialization process. This can be done by adding an initialize function that sets the forwarder address, so it does not wait for an admin to call the setter later. This approach will ensure that the performUpkeep function works correctly from the start.