Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: low

Implementation Upgradability

vjacs

Summary

In ProxyFactory.sol, the implementation address is required to be passed in every function as a parameter. This may not be best practice as this is prone to mistakes/typos.
Moreover, there is no upgradability function in the ProxyFactory.sol. In case there is any changes required to the implementation contract, the new address will have to be passed which again may result in mistakes.

Vulnerability Details

The variable implementation which holds the address of the logic contract is required to be passed in as a parameter in each function. This is not required as the the address will be the same unless upgraded.

Impact

If a contest is set with a wrong implementation address, there is no way to recover from that other than redeploying with the correct address again.
Instead of manually passing the variable each time, it can be read from a state variable directly.

Tools Used

Manual review

Recommendations

Two steps:

  1. Create a state variable called s_implementation and initialize it later using the next step

address public s_implementation;

  1. Create an upgrade function which allows the OWNER ONLY to change the implementaion address

function upgradeImplementation(address _newImplementation) public onlyOwner{
if(_newImplementation==address(0)){
revert ProxyFactory__NoZeroAddress();
}
s_implementation=_newImplementation;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!