Unused function parameters #3
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Comments
code423n4
added
1 (Low Risk)
julien51
added
the
sponsor acknowledged
|
These changes were actually introduced by the OpenZeppelin team for us as a way to re-initialize the contracts... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
jayjonah8
Vulnerability details
Impact
The initializer2() function in UnlockDiscountTokenV2.sol has the __ERC20Permit_init_unsafe(name()); function call with name() passed in as a variable while the arg name() is never used.
Also in ERC20Patched.sol the function __ERC20Permit_init_unchained(name) has the name argument which is never used.
Proof of Concept
https://github.com/code-423n4/2021-11-unlock/blob/main/smart-contracts/contracts/UnlockDiscountTokenV2.sol#L29
https://github.com/code-423n4/2021-11-unlock/blob/main/smart-contracts/contracts/ERC20Patched.sol#L997
Tools Used
Manual code review
Recommended Mitigation Steps
All unused arguments should be removed
The text was updated successfully, but these errors were encountered: