[OZ][L03][contracts]:Disable Implementation Contract
Ethanncnm opened this issue · comments
ethan commented
Describe the bug
The L1StandardBridge implementation contract sets the messenger to the zero address,
but this doesn't prevent it from being initialized.
In the interest of limiting the attack surface, consider ensuring the implementation contract
cannot be initialized. This could be achieved by setting the messenger to an unused non-zero
address.