Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
31 lines (17 loc) · 787 Bytes

017.md

File metadata and controls

31 lines (17 loc) · 787 Bytes
Raw

0x0

high

Constructor Usage For Upgradable Contract

Summary

Upgradable contracts must not use traditional constructors.

Vulnerability Detail

MarketExtended has a constructor. State that is set via a traditional constructor will not be executed within the context of the contract.

Impact

  • State set at deployment time will not be valid in the context of the contract for market storage.

Code Snippet

constructor(address _paymentToken, IRegistry _registry) initializer MarketStorage(_paymentToken, _registry) {}

Tool used

Manual Review

Recommendation

  • Assign the MarketStorage state within the initialize() function