Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use `__ERC1155_init` over `_setURI`

jesjupyter

Summary

Using _setURI directly instead of the initializer __ERC1155_init risks potential compatibility issues. It is best practice to use the __ERC1155_init function for better upgrade support.

Vulnerability Details

In the initialize function of MembershipERC1155, the _setURI function is called directly:

_setURI(uri_);

This approach bypasses the recommended initializer function, __ERC1155_init, from the ERC1155Upgradeable contract:

/**
* @dev See {_setURI}.
*/
function __ERC1155_init(string memory uri_) internal onlyInitializing {
__ERC1155_init_unchained(uri_);
}
function __ERC1155_init_unchained(string memory uri_) internal onlyInitializing {
_setURI(uri_);
}

Utilizing __ERC1155_init ensures compatibility with potential updates in the ERC1155 contract, making it a best practice for upgradable contracts.

Impact

Failing to use the initializer function can lead to inconsistent behavior or compatibility issues with future upgrades of ERC1155.

Tools Used

Manual

Recommendations

Invoke __ERC1155_init instead of directly calling _setURI in MembershipERC1155 to maintain compatibility with future contract updates.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!