PausableUpgradeable is not initialized #2

hats-bug-reporter · 2024-11-11T15:32:00Z

Github username: @rilwan99
Twitter username: Ril11111
Submission hash (on-chain): 0x6f9ae2bfc42be8f59f721169bec15459b8d33eee4458af6c452049d1b504f29a
Severity: high

Description:
Description
Router.sol inherits from PausableUpgradeable.sol, however fails to initialie it via __Pausable_init(). This oversight can lead to the PausableUpgradeable contract not being properly initialized, which might cause unexpected behavior when attempting to use pause-related functionality.

Attack Scenario
An attacker could exploit the uninitialized state of the PausableUpgradeable contract to bypass pause-related checks, potentially allowing unauthorized actions to be executed when the contract is expected to be paused.

Attachments

Proof of Concept (PoC) File

Revised Code File (Optional)

The text was updated successfully, but these errors were encountered:

yanisepfl · 2024-11-13T14:58:57Z

Hello,
We classified this issue as invalid because:

It does not result in direct theft of user funds.
The PausableUpgradeable contract does not need to be initialized to work properly: it mainly consists of the paused state variable, which is initialized to false by default.

Thanks

hats-bug-reporter bot added the bug Something isn't working label Nov 11, 2024

yanisepfl added the invalid This doesn't seem right label Nov 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PausableUpgradeable is not initialized #2

PausableUpgradeable is not initialized #2

hats-bug-reporter bot commented Nov 11, 2024

yanisepfl commented Nov 13, 2024

PausableUpgradeable is not initialized #2

PausableUpgradeable is not initialized #2

Comments

hats-bug-reporter bot commented Nov 11, 2024

yanisepfl commented Nov 13, 2024