[R&D review] Disable initializers in Compound supply vault
QGarchery opened this issue · comments
We should call the ERC4626UpgradeableSafe
constructor, otherwise the implementation can be hijacked.
Note that the current contract seems to have been correctly initialized somehow
Actually, it's initialized in the ERC4626UpgradeableSafe
through its constructor inherited by SupplyVaultBase
.
Here is a gist as an example.
Ok, then it's all good, thanks !