strategy is not properly initialized in the constructor
Summary
The strategy contracts inherit from the BaseStrategy, which functions as a base implementation to seamlessly integrate with the TokenStrategyimplementation. it utilizes an immutable proxy pattern that allows the BaseStrategy to remain simple and small. All standard logic is held within theTokenizedStrategy and is reused over any n strategies all using the fallback function to delegatecall the implementation so that strategists can only be concerned with writing their strategy-specific code.
However the function initialize is not called in the constructor of the strategies.
this causes critical state variables used internally by the TokenizedStrategyto be left uninitialized (like S.asset, S.name, etc.).
Vulnerability Details
these uninitialized variables cause functions that depend on them not to behave properly and create the avenue for frontrunning the initialized function.
Impact
TokenizedStrategystate variables that are not initialized can temporarily DOS the strategy, opening up the avenue for frontrunning the function initilize.
Tools Used
Manual Review
Recommendations
initialize the TokenizedStrategyin the strategy constructor.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.