Summary

The MarketMakingEngineConfigurationBranch.sol contract is designed to be upgradeable and inherits from OwnableUpgradeable. In the constructor, it calls _disableInitializers() to lock the implementation. However, there is no separate initializer function defined, which can lead to confusion about the correct upgrade/deployment pattern.

Vulnerability Details

In constructor() {

_disableInitializers();
}

There is no accompanying initialize() function that sets initial state for the proxy deployment.

If the contract is deployed incorrectly (for example, as a standalone contract instead of via a proxy), the absence of an initializer function might lead to uninitialized state variables. In a worst‑case scenario, this might allow an attacker to re‑initialize the contract if a separate initialization function were ever added later without proper access controls.

Impact

An uninitialized contract may expose sensitive configuration functions to unintended parties.

Future upgrades must be carefully coordinated to ensure that new initializer functions are secured.

Tools Used

Manual review

Recommendations

If the contract is meant to be deployed via a proxy, provide a dedicated initialize() function that sets all necessary state variables and calls parent initializers (e.g., __Ownable_init()).