Omniscia Stakewise Audit
ERC20PermitUpgradeable Manual Review Findings
ERC20PermitUpgradeable Manual Review Findings
ERP-01M: Non-Standard Upgradeable Initialization Pattern
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | ERC20PermitUpgradeable.sol:L37-L40 |
Description:
The __ERC20Permit_init needs to invoke all unchained initializer instances of its inherited contracts, however, it does not do so for the __ERC20_init_unchained implementation.
Example:
contracts/tokens/ERC20PermitUpgradeable.sol
23abstract contract ERC20PermitUpgradeable is Initializable, ERC20Upgradeable, IERC20PermitUpgradeable, EIP712Upgradeable {24 using CountersUpgradeable for CountersUpgradeable.Counter;25
26 mapping (address => CountersUpgradeable.Counter) private _nonces;27
28 // solhint-disable-next-line var-name-mixedcase29 bytes32 private _PERMIT_TYPEHASH;30
31 /**32 * @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.33 *34 * It's a good idea to use the same `name` that is defined as the ERC20 token name.35 */36 // solhint-disable-next-line func-name-mixedcase37 function __ERC20Permit_init(string memory name) internal initializer {38 __EIP712_init_unchained(name, "1");39 __ERC20Permit_init_unchained();40 }Recommendation:
We advise it to properly do so to avoid improper usage of the __ERC20Permit_init function.
Alleviation:
The Stakewise team confirmed this exhibit, however, they will retain the current implementation in place to avoid replacing the StakeWiseToken contract.