Initializers can be front-run

Question

Initializers can be front-run

Closed this issue 10 months ago · 3 comments

Initializers could be front-run, allowing an attacker to either set their own values, take ownership of the contract, and in the best case forcing a re-deployment.
There are two instances of these problems

File: contract/MCV2_Token.sol
23: function init(string calldata name_, string calldata symbol_) external {

File: contract/MCV2_MultiToken.sol
37: function init(string calldata name_, string calldata symbol_, string calldata uri_) external {

Answer 1 · 2023-12-13T07:21:24.000Z

That would have been true if the deployment and initialization happened in two separate transactions.
In here, both are happening in a single transaction:

MCV2_Token newToken = MCV2_Token(token); //deployment 
newToken.init(tp.name, tp.symbol); //initialization

Hence, this scenario is not possible.

Answer 2 · 2023-12-13T09:34:40.000Z

I agree with @0x3agle

Answer 3 · 2023-12-13T09:37:01.000Z

I only checked the deployment test.
In the test, there was not immediate initialization.
Sorry, I think this one is invalid one, again