Unprotected constructor in PerpetualVault contract could allow reinitialization attacks
Title
Unprotected constructor in PerpetualVault contract could allow reinitialization attacks
Summary
The PerpetualVault contract lacks a security safeguard in its constructor.
By not calling _disableInitializers(), the contract remains vulnerable to being reinitialized.
Vulnerability Details
In OpenZeppelin's Initializer contract, the _disableInitializers() function is designed to prevent reinitialization once a contract has been deployed. Without this call in the constructor, an attacker could potentially reinitialize the contract with arbitrary parameters. For example, they might reinvoke initialize() to change key variables, such as the owner or fee address.
Impact
If exploited, it could allow an attacker to seize control of the contract's administration, modify fee structures, or alter access permissions.
Tools Used
Manual Review
Recommendations
Add the _disableInitializers() call in the constructor.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.