Incorrect Initialization Of Smart Contracts With Access Control Issue
Submitted by (4) Haipls, also found by byndooa, cryptphi, and TrungOre
Summary:
All next Impact depends on actions and attention from developers when deployed:
Loss of funds
Failure of the protocol, with the need for redeploy
Loss of control over protocol elements (some smart contracts)
The possibility of replacing contracts and settings with harmful ones Because:
Hardhat does not stop the process with a deploy and does not show failed transactions if they have occurred in some cases
Malicious agents can trace the protocol deployment transactions and insert their own transaction between them
Mitigation:
Carry out checks at the initialization stage or redesign the deployment process with the initialization of contracts during deployment.
A good practice is to verify after each initialization
Last updated