Prehistoric Emerald Poodle
Medium
The current implementation of the initialize function revokes the SETTER_ROLE from the msg.sender immediately after the initialization process. This is problematic because the SETTER_ROLE is required for several functions, including setWhitelistedTokens, which allows the management of whitelisted tokens. By revoking this role, the contract will not allow any further modifications to the whitelisted tokens, effectively locking the contract's ability to manage its reward tokens after initialization.
The immediate revocation of the SETTER_ROLE in the initialize function of the contract poses significant risks to its functionality and flexibility. This design choice limits the ability to modify critical parameters and manage whitelisted tokens after initialization, potentially leading to operational challenges and security vulnerabilities.
No response
No response
No response
By revoking the SETTER_ROLE, the contract will no longer allow any account to call functions that require this role, such as setWhitelistedTokens, setVault, setTokenId, and setParams. This means that once the contract is initialized, it cannot be modified to add or remove whitelisted tokens or adjust other critical parameters.
Specially the setWhitelistedTokens() which was not initialized beforehand.
No response
Instead of revoking the SETTER_ROLE at the end of the initialize function, consider using the onlyInitializing modifier to restrict the execution of setter functions to the initialization phase only. This way, the role can remain active for the duration of the initialization process, allowing for necessary configurations without permanently locking out the ability to manage the contract's state.