The _initStrategy
function in the StrategyArb
contract is unprotected, allowing potential reinitialization of critical variables and token approvals. This exposes the contract to risks such as unauthorized changes to the router
address and token mismanagement.
Issue: The _initStrategy
function lacks an access control mechanism or restriction to prevent it from being called multiple times. Although it is intended to be used during the constructor, it remains exposed as internal
, allowing potential invocation through inheritance or derived contracts.
Affected Code:
Root Cause: The absence of a modifier like initializer
or an explicit access control mechanism leaves the function vulnerable to misuse.
Unauthorized Reinitialization: An attacker or faulty derived contract can reinitialize the router
variable, redirecting token approvals to an unintended address.
Token Mismanagement: Repeated calls to _initStrategy
could lead to excessive or incorrect token approvals, potentially allowing unauthorized transfers.
Increased Attack Surface: Exposed initialization logic can serve as an entry point for exploiting other vulnerabilities within the system.
Static analysis tool: Aderyn
Restrict Access:
Use a modifier like initializer
or a custom onlyOnce
modifier to ensure the function is executed only once.
Example:
Access Control: If _initStrategy
needs to remain callable, restrict it using role-based access modifiers like onlyOwner
or onlyManagement
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.