Lack of explicit initialization checks in the constructor. contract initialization. #524
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-29
low quality report
This report is of especially low quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/InvestmentManager.sol#L88-L94
Vulnerability details
Impact
In the
InvestmentManager
, there's a vulnerability related to contract initialization, has been identified. This vulnerability poses a significant security risk to the contract and its users. The issue revolves around the absence of explicit initialization checks in the constructor, making it susceptible to exploitation.Proof of Concept
The vulnerability arises due to the reliance on the
escrow
anduserEscrow
addresses as indicators of contract initialization, without an accompanying boolean flag to explicitly confirm the initialization process. The constructor, shown below, initializes these two addresses but lacks a clear initialization check:Code Link
Exploitation Scenario
An attacker deploys the
InvestmentManager
contract with malicious intentions.The attacker sets the
escrow
anduserEscrow
addresses to their own malicious contract addresses, which are not compliant with the actualEscrowLike
andUserEscrowLike
interfaces.Since the constructor doesn't include an explicit
initialized
flag, the attacker successfully deploys the contract without any issues.The attacker then calls sensitive functions on the
manager
contract, assuming that it's initialized. For example, they may call a function that transfers funds or executes other critical operations.exploitManager
function exploits the contract, as it doesn't check for proper initialization using an explicitinitialized
flag. The attacker can potentially execute malicious code or drain funds, causing unexpected behavior or financial losses.Tools Used
Vs
Recommended Mitigation Steps
It is crucial to include an
initialized
flag within the contract. This flag should only be set totrue
once all necessary initialization steps are successfully completed. Sensitive functions in the contract should then check the state of this flag before executing to ensure that the contract is in the desired initialized state.For example:
This way, other functions in the contract can check the
initialized
flag to ensure that the contract is fully initialized before allowing sensitive operations.Assessed type
Error
The text was updated successfully, but these errors were encountered: