🚩
HACKBOOK OF A HACKER
  • README
  • CTF Writeups
    • Intigriti Challenges
      • 1223
    • ASIS CTF quals 2022
      • Beginner Ducks
    • CSAW 2022
      • Dockreleakage
      • My Little Website
      • Word Wide Web
    • Cybersecurityrumble CTF 2022
      • Crymeplx
      • Revmeplx
    • HTB University CTF 2023
      • Rev
        • Windowsofopportunity
    • Metared 2022
      • 1x02..ware
      • Backwards
    • Reply CTF 2022
      • Dungeons And Breakfast
    • Teamitaly CTF 2022
      • Flag Proxy
    • MOCA CTF 2024 Quals
      • RaaS [WEB]
  • Smart Contracts Security
    • Code 4 Rena
      • High Risk Findings
        • Anyone Can Pass Any Proposal
        • Arithmetic Rounding
        • Can Vote Multiple Times By Transferring NFT In Same Block As Proposal
        • Never Ending Proposal
        • Reusing Signatures
        • Signature Verification Can Be Bypass With Zero Address
        • Untyped Data Signing
        • Wrong Calculation Of Apr
      • Low Risk Non Critical
        • Dont Check If Some Entity Actually Exists
      • Medium Risk Findings
        • Bypass Signature Validity Check
        • Copy Of Lack Of Verification In Hashes
        • Function May Run Out Of Gas Leading To Loss
        • Incorrect Initialization Of Smart Contracts With Access Control Issue
        • Invalid Signature Lead To Access Control
        • Lack Of Checks If One Entity Get Hacked
        • Lack Of Verification In Hashes
        • Missing Upper Limit
        • Missing Zero Address Checks
        • Possible Dos Because Unbounded Loop Can Run Out Of Gas
        • Too Much Trust To Certain Roles
        • Unreversable Actions
        • Useless Nft
  • T.I.L.
    • 16 09 22
Powered by GitBook
On this page
  • Summary:
  • Mitigation:
  1. Smart Contracts Security
  2. Code 4 Rena
  3. Medium Risk Findings

Incorrect Initialization Of Smart Contracts With Access Control Issue

Submitted by (4) Haipls, also found by byndooa, cryptphi, and TrungOre

PreviousFunction May Run Out Of Gas Leading To LossNextInvalid Signature Lead To Access Control

Last updated 1 year ago

Summary:

All next Impact depends on actions and attention from developers when deployed:

  • Loss of funds

  • Failure of the protocol, with the need for redeploy

  • Loss of control over protocol elements (some smart contracts)

  • The possibility of replacing contracts and settings with harmful ones Because:

  1. Hardhat does not stop the process with a deploy and does not show failed transactions if they have occurred in some cases

  2. Malicious agents can trace the protocol deployment transactions and insert their own transaction between them

Mitigation:

  1. Carry out checks at the initialization stage or redesign the deployment process with the initialization of contracts during deployment.

  2. A good practice is to verify after each initialization

https://code4rena.com/reports/2022-08-rigor/#m-14-incorrect-initialization-of-smart-contracts-with-access-control-issue