Initializer called in constructor
The initializer function is typically called in an upgradable contract as a way of initializing the storage variables, as the constructor itself will not be called. However, in the case of Ownable2.sol, the initializer is called in the constructor, which does not follow the intended pattern for upgradable contracts.
constructor() {
Ownable_init();
}
// @audit-issue this is not really an initializer
function Ownable_init() internal {
_transferOwnership(_msgSender());
}
We recommend removing the call to the initializer in the constructor and instead calling it in an external initialize
function, as is the standard for upgradable contracts. This should be applied project wide, as the same erroneous pattern is used in other contracts as well.