non-atomic on-chain initialization creates a universal race condition between structure creation and configuration

# non-atomic on-chain initialization creates a universal race condition between structure creation and configuration When an on-chain structure (pool, proxy, vault, wallet) is created in one step and configured in a subsequent step, the gap between creation and configuration is exploitable. An attacker who observes the creation can intervene to set initial state under attacker-controlled terms. This pattern recurs across four distinct protocol categories, each exploiting the same structural gap: **AMM pools**: a pool created without liquidity has its price set to any arbitrary value before legitimate liquidity arrives, because swaps against empty reserves move the price without constraint. Capital cost: effectively zero. **Proxies**: since [[non-atomic proxy deployment creates a front-running window where any actor can write to the ERC1967 implementation storage slot before the legitimate initialization transaction confirms]], an uninitialized proxy's implementation slot is writable by any actor until the initialization transaction confirms. **Vaults**: since [[ERC-4626 vault share price manipulation via direct token donation exploits the share-to-asset ratio in newly deployed vaults]], a newly deployed vault with `totalShares == 0` allows the first depositor to control the share price ratio before legitimate depositors arrive. **Bootstrap re-entry**: since [[bootstrap and initialization logic that remains reachable after launch creates a permanent re-initialization attack surface]], protocols returning to an empty state through normal operations reopen the creation-configuration gap. The shared defense: make initialization atomic with creation. Passing initialization data to constructors (proxies), deploying liquidity in the same transaction as pool creation (AMMs), virtual shares (vaults), and one-time flags rather than state-condition gates (bootstrap) all close the gap. Since [[temporal gap between value accumulation and distribution creates an exploitable window for parameter manipulation timing attacks and dilution]], multi-step initialization is the deployment-phase specialization of the broader temporal gap class. --- Relevant Notes: - [[non-atomic proxy deployment creates a front-running window where any actor can write to the ERC1967 implementation storage slot before the legitimate initialization transaction confirms]] -- proxy instance: implementation slot writable between deployment and initialization - [[ERC-4626 vault share price manipulation via direct token donation exploits the share-to-asset ratio in newly deployed vaults]] -- vault instance: share price controllable before legitimate depositors arrive - [[bootstrap and initialization logic that remains reachable after launch creates a permanent re-initialization attack surface]] -- bootstrap instance: lifecycle reset reopens the creation-configuration gap - [[temporal gap between value accumulation and distribution creates an exploitable window for parameter manipulation timing attacks and dilution]] -- parent pattern: multi-step initialization is the deployment-phase specialization - [[deployment-phase vulnerabilities are structurally invisible to standard smart contract audits because auditors examine implementation code correctness not deployment transaction sequences]] -- explains why this pattern class is systematically missed by audits Topics: - [[vulnerability-patterns]]