Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Anzen and protocol-v2>Informational findings>Missing ,_disableInitializers
GeneralOverview
Findings
High (1)
Medium (3)
Low (2)
Informational (4)Deletion does not delete all valuesMissing _disableInitializersUnnecessary transfer functionality in LockingTokenLack of test flows
DiscussionLack of test flows
Threat ModelWhat are threat models?AnzenGaugeControllerBaseUpg.solAnzenVotingControllerUpg.solLockedUsdzMarket.solLockingToken.solMainnetUSDzMarket.solStakePool.solVotingEscrowAnzenMainchain.solVotingEscrowAnzenSidechain.solVotingResultBroadcaster.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Missing _disableInitializers

Informational Severity
Informational Impact
Low Likelihood

Description

The _disableInitializers is missing in the constructor of the AnzenVotingControllerUpg contract.

Impact

Some functions use the initializer modifier in the constructor, while others use _disableInitializers, resulting in inconsistent usage patterns. According to the OpenZeppelin documentation,

Do not leave an implementation contract uninitialized. An uninitialized implementation contract can be taken over by an attacker, which may impact the proxy. To prevent the implementation contract from being used, you should invoke the _disableInitializers function in the constructor to automatically lock it when it is deployed.

Recommendations

Consider using _disableInitializers in the constructor.

Remediation

Anzen Labs Inc. provided the following response:

The team decided to not make changes for those issues at this time

Zellic © 2025Back to top ↑