Proxy Implementation of Factory Contract
The following threats are what was found during the course of the audit, along with our comments and suggestions for the users.
No High Level Risks Found!
This is amazing for ChainFactory, as our proxy contract has no high level risks, ensuring your safety and security.
No Medium Level Risks Found!
Our proxy contract has no medium level risks, further ensuring your safety and security.
Low Level Risk: Extreme caution should be taken when deploying new contract versions.
When deployed, the contract by default is not initialized and without owner. The initialize function sets msg.sender as owner and can be called by anyone.
This risk highlights the need for ChainFactory users to be vigilent in deploying contracts. When deploying an implementation behind a proxy, the variables must be stored on the proxy storage slots.
As workaround, we create an "initialization" function that is usually public and anyone can execute that, so our deployer automatically and immediately executes the deploy.
Informational: Owner can add credits to already exiting users
Informational: Owner can set/change discount levels.
These items are great for the users, because we can add credits to your account if you get a coupon or discount or other type of benefit for use in the Factory, or can change the discount levels when additional discounts are offered.
Informational: Owner can change multi sig and treasury address
Informational: Owner can change factory and stake tokens
Informational: Owner can set new templates and change existing ones
These items represent our ability to set the multisign and treasury address for your projects after they are deployed, and can allow us to update the templates offered in the proxy.
Last updated