Omniscia Nexera Audit

ERC20WhitelistGatedUpgradeable Static Analysis Findings

ERC-01S: Inexistent Initialization Protection of Base Implementation

Type	Severity	Location
Language Specific		ERC20WhitelistGatedUpgradeable.sol:L19

Description:

The contract is meant to be upgradeable yet does not properly protect its logic deployment from malicious initializations.

Example:

contracts/ERC20WhitelistGatedUpgradeable.sol

19contract ERC20WhitelistGatedUpgradeable is ERC20CappedMintablePresetUpgradeable, BaseTxAuthDataVerifier {
20    bytes32 public constant WHITELISTED_SPENDER_ROLE = keccak256("WHITELISTED_SPENDER_ROLE");
21
22    error MissingSignatureAndBlockNumber();
23
24    function init(
25        string memory name,
26        string memory symbol,
27        uint256 cap,
28        address defaultAdmin,
29        address minter,
30        address gatingSigner
31    ) public virtual initializer {
32        __ERC20CappedMintablePresetUpgradeable_init(name, symbol, cap, defaultAdmin, minter);
33        _setSigner(gatingSigner);
34    }

Recommendation:

We advise a constructor to be introduced that either invokes the initializer modifier of the Initializable contract or invokes the Initializable::_disableInitializers function to prevent the base implementation from ever being initialized.

Alleviation:

The Initializable::_disableInitializers function call has been introduced to the contract's ERC20WhitelistGatedUpgradeable::constructor, alleviating this exhibit.

Omniscia Nexera Audit

ERC20WhitelistGatedUpgradeable Static Analysis Findings

ERC20WhitelistGatedUpgradeable Static Analysis Findings

ERC-01S: Inexistent Initialization Protection of Base Implementation

Description:

Example:

Recommendation:

Alleviation:

Code Style

ERC20WhitelistGatedUpgradeable.sol (ERC-M)

On this page