Missing ReentrancyGuardUpgradeable Initialization in KeeperProxy.sol
Summary
The KeeperProxy contract uses the ReentrancyGuardUpgradeable from OpenZeppelin but does not initialize it in the initialize() function.
The initialize() function only initializes the Ownable2Step module but misses initializing the ReentrancyGuardUpgradeable.
__ReentrancyGuard_init() missing, meaning the contract does not properly initialize the _status variable, which is used to track reentrant calls.
Vulnerability Details
Missing __ReentrancyGuard_init() in KeeperProxy::initialize
Impact
functions marked nonReentrant may not actually be protected
Tools Used
Manual Review
Recommendations
Call __ReentrancyGuard_init() in KeeperProxy::initialize
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.