Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Upgradeable contracts are not initialized

peanuts

Summary

Upgradeable contracts like AccessControlUpgradeable and ERC1155Upgradeable are not initialized.

Vulnerability Details

__AccessControl_init() and __ERC1155_init(uri_) is not called when importing upgradeable contracts

Usually this should be a medium issue but since the initialization is for best practice, setting it as low.

It is also noted that ERC1155Upgradeable initialize function will call setURI(), which is called directly.

function initialize(
string memory name_,
string memory symbol_,
string memory uri_,
address creator_,
address currency_
) external initializer {
_name = name_;
_symbol = symbol_;
creator = creator_;
currency = currency_;
_setURI(uri_);
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
_grantRole(DAO_CREATOR, creator_);
_grantRole(OWP_FACTORY_ROLE, msg.sender);
}

Impact

Best practice, low impact

Tools Used

Recommendations

Call __AccessControl_init() and __ERC1155_init(uri_) in MembershipERC1155 initialize()

function initialize(
string memory name_,
string memory symbol_,
string memory uri_,
address creator_,
address currency_
) external initializer {
+ __AccessControl_init();
+ __ERC1155_init(uri_);
_name = name_;
_symbol = symbol_;
creator = creator_;
currency = currency_;
_setURI(uri_);
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
_grantRole(DAO_CREATOR, creator_);
_grantRole(OWP_FACTORY_ROLE, msg.sender);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.