`initialize` should not be able to call again
Summary
Without the `initializer` modifier, there is a risk that the initialization function can be called multiple times.
Vulnerability Details
Several contracts have the same issue:
TokenManager.sol
SystemConfig.sol
Impact
The contracts can be initializer again
Tools Used
Manual code review
Recommendations
Always use the `initializer` modifier for initialization functions in proxied contracts and ensure they're called once during deployment.
Lead Judging Commences
[invalid] finding-Rescuable-initializeOwner-lack-access-control
Aside from `Rescuable.sol` being OOS, this is invalid based on codehawks guidelines regarding unprotected initializers. Additionally, this should be called concurrently when deploying a new proxy, but this submissions does not identify that particular issue of an uninitialized owner for proxy contracts
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.