The initialize
function in the contract does not call the __UUPSUpgradeable_init
initializer function. Although the __UUPSUpgradeable_init
hook is currently empty, best practices for upgradeable contracts suggest including this call in case future implementations require it. The absence of this call in all the contract could lead to missed initialization steps in future versions of the contract, potentially creating upgrade-related issues and deviating from standard practices.
This vulnerability presents a low risk but introduces a potential upgrade hazard that could affect the contract’s security and functionality over time. Specifically, if future upgrades depend on the __UUPSUpgradeable_init
function, the lack of this call in earlier initializations could result in improper setup or vulnerabilities.
Add the __UUPSUpgradeable_init()
call in the initialize
function to ensure all inherited initializers are called
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.