The Audius contracts can be upgraded using the unstructured storage proxy pattern.
This pattern requires the use of an initializer instead of the constructor to set the initial values of the state variables.
In some of the contracts, the initializer is not initializing all of the state variables.
Consider setting all the required variables in the initializer. If there is a reason for leaving them uninitialized, consider documenting it, and adding checks on the functions that use those variables to ensure that they are not called before initialization.
- OpenZeppelin Audit Audius Finding M10
- Configuration
- Medium Severity
- Initialization
- State Variables
- Initialize + Checks
- Document
- Youtube Reference
- Medium Risk severity finding from OpenZeppelin’s Audit of Audius