0x73696d616f - Missing `__Ownable_init()` call in `LenderCommitmentGroup_Smart::initialize()`
Opened this issue · 2 comments
sherlock-admin2 commented
0x73696d616f
high
Missing __Ownable_init()
call in LenderCommitmentGroup_Smart::initialize()
Summary
__Ownable_init()
is not called in LenderCommitmentGroup_Smart::initialize()
, which will make the contract not have any owner.
Vulnerability Detail
LenderCommitmentGroup_Smart::initialize()
does not call __Ownable_init()
and will be left without owner.
Impact
Inability to pause and unpause borrowing in LenderCommitmentGroup_Smart
due to having no owner, as these functions are onlyOwner
.
Code Snippet
Tool used
Manual Review
Vscode
Recommendation
Modify LenderCommitmentGroup_Smart::initialize()
to call __Ownable_init()
:
function initialize(
...
) external initializer returns (address poolSharesToken_) {
__Ownable_init();
}
sherlock-admin2 commented
The protocol team fixed this issue in the following PRs/commits:
teller-protocol/teller-protocol-v2-audit-2024#13
sherlock-admin2 commented
The Lead Senior Watson signed off on the fix.