The initialization of StakedUSDf may fail
The USDfSilo contract's initialize
function calls to set the _stakingVault
address using silo_.setStakingVault()
.
However, since setStakingVault
can be invoked by any caller before the initialization, this may lead to a failed contract initialization.
contract StakedUSDf is IStakedUSDf, AccessControlUpgradeable, ERC20PermitUpgradeable, ERC4626Upgradeable {
// [...]
function initialize(
IERC20 usdf,
address admin,
USDfSilo silo_,
uint32 initialVesting,
uint24 initialCooldown
)
external
initializer
{
// [...]
silo = silo_;
silo_.setStakingVault();
}
// [...]
}
contract USDfSilo {
// [...]
constructor(address usdf) {
_USDF = IERC20(usdf);
}
// [...]
function setStakingVault() external {
require(_stakingVault == address(0), AlreadySet());
_stakingVault = msg.sender;
}
// [...]
}
Falcon provided the following response:
we already deployed the contracts successfully and the issue is not relevant anymore.