Improper Initialization Control in init() Function Enables Critical Parameter Overwrite

## Location

[https://github.com/code-423n4/2025-05-upside/blob/main/contracts/UpsideProtocol.sol#L312-L315](https://github.com/code-423n4/2025-05-upside/blob/main/contracts/UpsideProtocol.sol)

## Problem and Impact

The **`init()`** function in the affected smart contract lacks an initialization lock, allowing the **`owner`** to reinitialize the **`liquidityTokenAddress`** even after the initial setup. This missing protection mechanism could lead to privilege escalation, denial of service, or corruption of critical contract state if exploited by a malicious or compromised owner.

## Recommendation

**Add an Initialization Lock**: Use a boolean flag (e.g., **`isInitialized`**) to prevent reinitialization.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Improper Initialization Control in init() Function Enables Critical Parameter Overwrite #4

Location

Problem and Impact

Recommendation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Improper Initialization Control in init() Function Enables Critical Parameter Overwrite #4

Description

Location

Problem and Impact

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions