Omniscia Steer Protocol Audit

DynamicJobs Manual Review Findings

DynamicJobs Manual Review Findings

DJS-01M: Inexistent Initialization of Base Implementation

TypeSeverityLocation
Language SpecificDynamicJobs.sol:L28

Description:

The contract does not properly initialize the base logic implementation permitting it to be taken over by a malicious party.

Impact:

While not an active security threat, it can evolve into one if any form of delegatecall capability is introduced in one of the dependencies of the contract that could cause it to invoke a selfdestruct instruction.

Example:

contracts/DynamicJobs.sol
28constructor() {}
29

30function initialize(
31    address _orchestrator,
32    address, // Steer multisig not used here
33    address, // Internal governance not used here
34    bytes calldata _params
35) external initializer {

Recommendation:

We advise a constructor to be introduced that simply invokes the initializer modifier to ensure that the logic implementation cannot be initialized maliciously.

Alleviation (200f275c40cbd4798f4a416c044ea726755d4741):

A constructor was introduced that properly invokes the initializer modifier and disallows initialization of the logic implementation, alleviating this exhibit in full.

Prev

BundleRegistry.sol (BRY-M)

Next

GasVault.sol (GVT-M)

On this page