Primary

Context

Solady Proxy Initialization Function Call Failure Vulnerability

Vulnerability

A vulnerability exists in Solady versions 0.0.125 prior to 0.1.24, where calling the initialization function of a contract deployed via a proxy can lead to a silent failure. This issue arises if the initialization function does not return a boolean or any other data, as regular Solidity relies on the 'extcodesize' function to determine the success of the call. This method is inadequate when the proxy points to an empty implementation.

Impact

The vulnerability can cause a silent failure when initializing contracts through a proxy, leading to unintended behavior or state.

Remediation

Users are advised to upgrade to Solady version 0.1.24 or later. Additionally, deploy any affected implementations and their factories on new EVM chains as soon as possible.

Added: Jul 17, 2025, 6:24 PM

Updated: Jul 17, 2025, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Solady Proxy Initialization Function Call Failure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating