Omniscia Vendor Finance Audit

Initializable Manual Review Findings

INI-01M: Outdated & Vulnerable Initializer Implementation

Type	Severity	Location
Language Specific		Initializable.sol:L33-L36

Description:

The Initializable implementation that exists in the contract refers to an old version of OpenZeppelin that was susceptible to a re-entrant initialization bug as identified in issue #3006 via a bug bounty.

Impact:

It is currently possible for a sub-call within an initializer in a complex inheritance structure to re-initialize the contract if it is performed on an untrusted party that can re-enter the system.

Example:

contracts/utils/Initializable.sol

33require(
34    _initializing || _isConstructor() || !_initialized,
35    "Initializable: contract is already initialized"
36);

Recommendation:

We advise the code to be updated to reference the latest OpenZeppelin implementation, ensuring the code is not susceptible to re-entrancy initialization attacks.

Alleviation:

The contract is no longer part of the codebase rendering this exhibit inapplicable.

Omniscia Vendor Finance Audit

Initializable Manual Review Findings

Initializable Manual Review Findings

INI-01M: Outdated & Vulnerable Initializer Implementation

Description:

Impact:

Example:

Recommendation:

Alleviation:

VendorPoolFactory.sol (VPF-S)

LendingPoolImplementation.sol (LPI-M)

On this page