Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: medium

Possibility of arbitrary execution by low-level call

Summary

Possibility of arbitrary execution by low-level call.

Vulnerability Details

The _deployProxyAndDistribute function and others call the _distribute function.
The _distribute function makes a low-level call to the function specified by implemention with the data argument.
The salts required for execution are registered by the onlyOwner setContest function, which is assumed to be basically safe, but if it is slipped through, arbitrary functions can be executed.

Impact

Calling any function of any contract with ProxyFactory as msg.sender.

Tools Used

Manual Review

Recommendations

Whitelisting of implemention addresses.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.