Omniscia Steer Protocol Audit
BaseLiquidityManager Manual Review Findings
BaseLiquidityManager Manual Review Findings
BLM-01M: Inexistent Initialization of Base Implementation
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | BaseLiquidityManager.sol:L164 |
Description:
The contract does not properly initialize the base logic implementation permitting it to be taken over by a malicious party.
Impact:
While not an active security threat, it can evolve into one if any form of delegatecall capability is introduced in one of the dependencies of the contract that could cause it to invoke a selfdestruct instruction.
Example:
contracts/vault-types/UniLiquidityManager/BaseLiquidityManager.sol
164constructor() {}Recommendation:
We advise a constructor to be introduced that simply invokes the initializer modifier to ensure that the logic implementation cannot be initialized maliciously.
Alleviation (0ed41ccc18a72b7e559b8d79ab7ba6172362ee3b):
The constructor now properly invokes the initializer modifier preventing initialization of the base logic implementation.