Skip to content

Impact by Etherscan's lack of error on Reinit issues #604

New issue
New issue
Open
Open
Impact by Etherscan's lack of error on Reinit issues#604
@Hellobloc

Description

@Hellobloc
Hellobloc
opened on Jun 24, 2025

Introduction

crytic-compile will not recognize this problem when meet a reinit contract. This is mainly because the data returned by the Etherscan API does not provide any error information for reinit, although this waring information is displayed on the etherscan web page. But it is worth noting that all API-dependent tools have been impact.

Details

Related PoC Contract : https://api-sepolia.etherscan.io/api?module=contract&action=getsourcecode&address=0x9fB39EE8a5879DC788a525D29C596b9BBBE9f5A4&apikey=HEGX18IPPBPB9M23C4W1UDNP5I4F57XX1F

Image

https://sepolia.etherscan.deth.net/address/0x9fB39EE8a5879DC788a525D29C596b9BBBE9f5A4

Image

https://sepolia.etherscan.io/address/0x9fB39EE8a5879DC788a525D29C596b9BBBE9f5A4#code

Impact

It is worth noting that this problem will cause the user to obtain a source code that does not match the current bytecode. Because the target contract may be created using create2 and after verification is completed, another bytecode is deployed.

Ethic Things

i already report the reinit issue in API feedback in 2 year ago. but etherscan don't give any feedback. so i think i should report to the user of this api.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions