Broad Jetblack Alligator
High
Failure to initialize roles will result in a critical loss of functionality for contract users, as authorized actors will be unable to perform necessary operations without proper role assignments.
In BoostStablecoin.sol, Minter.sol, MasterAMO.sol, and SolidlyV2AMO.sol, failing to initialize roles in the constructor or initialization function is a mistake that renders critical functions inaccessible.
https://github.com/sherlock-audit/2024-10-axion/blob/c65e662999d0c79439703fc6713814b4ad023e01/liquidity-amo/contracts/BoostStablecoin.sol#L25C2-L27C68 https://github.com/sherlock-audit/2024-10-axion/blob/c65e662999d0c79439703fc6713814b4ad023e01/liquidity-amo/contracts/MasterAMO.sol#L52C1-L60C85 https://github.com/sherlock-audit/2024-10-axion/blob/c65e662999d0c79439703fc6713814b4ad023e01/liquidity-amo/contracts/Minter.sol#L21C1-L26C62 https://github.com/sherlock-audit/2024-10-axion/blob/c65e662999d0c79439703fc6713814b4ad023e01/liquidity-amo/contracts/SolidlyV2AMO.sol#L40C5-L40C97
- Contracts deployed without proper role initialization.
- No function exists to assign roles post-deployment.
No response
- Smart contract deployed without role initialization.
- Most protocol functions (e.g., getReward, pause, mint) cannot be called by anyone.
The contract role established cannot perform essential functions like minting, pausing, or adjusting critical parameters, resulting in a total loss of intended functionality for the protocol.
No response
set the role to the address in the initialize function
function initialize(address admin, address getrole) external initializer {
__ERC20_init("Boost", "BOOST");
__ERC20Burnable_init();
__Pausable_init();
__AccessControl_init();
_grantRole(DEFAULT_ADMIN_ROLE, admin);
_setupRole(PAUSER_ROLE, getrole);
_setupRole(UNPAUSER_ROLE, getrole);
_setupRole(MINTER_ROLE, getrole);
}