070.md

Petite Pewter Orangutan

High

TellerV2::constructor is not calling __Pausable_init() which will interrupt contract's pause functionality

Summary

TellerV2::constructor is not calling __Pausable_init() which will interrupt contract's pause functionality

Root Cause

No response

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

If you don't call __Pausable_init() in the constructor, the Pausable functionality won't be initialized. This means that the Pausable modifier won't work as intended

PoC

TellerV2::constructor

    function initialize(
        uint16 _protocolFee,
        address _marketRegistry,
        address _reputationManager,
        address _lenderCommitmentForwarder,
        address _collateralManager,
        address _lenderManager,
        address _escrowVault,
        address _protocolPausingManager
    ) external initializer {
        __ProtocolFee_init(_protocolFee);

@>      //__Pausable_init();

        require(
            _lenderCommitmentForwarder.isContract(),
            "LCF_ic"
        );
        lenderCommitmentForwarder = _lenderCommitmentForwarder;

        require(
            _marketRegistry.isContract(),
            "MR_ic"
        );
        marketRegistry = IMarketRegistry(_marketRegistry);

        require(
            _reputationManager.isContract(),
            "RM_ic"
        );
        reputationManager = IReputationManager(_reputationManager);

        require(
            _collateralManager.isContract(),
            "CM_ic"
        );
        collateralManager = ICollateralManager(_collateralManager);

       
       
        require(
            _lenderManager.isContract(),
            "LM_ic"
        );
        lenderManager = ILenderManager(_lenderManager);


         

         require(_escrowVault.isContract(), "EV_ic");
        escrowVault = IEscrowVault(_escrowVault);




        _setProtocolPausingManager(_protocolPausingManager);
    }

Mitigation

Uncomment the __Pausable_init()