Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

No Access Control in Constructor Vulnerability

kerdakov

Summary

No Access Control in Constructor Vulnerability in Proxy Contract

Vulnerability Details

The vulnerability stems from the absence of access control in the constructor of the Proxy contract. As a result, any address can deploy a Proxy instance with any implementation address, potentially leading to unauthorized deployments and unintended behavior.

Impact

Unauthorized or malicious actors could deploy Proxy instances with arbitrary implementation addresses, potentially compromising the security and functionality of the contract.

Tools Used

Manual code review and analysis of the access control mechanisms in the Proxy contract's constructor.

Recommendations

To mitigate this vulnerability, consider the following recommendations:

Access Control in Constructor: Implement access control checks in the constructor to restrict its execution to authorized addresses only.
Access Restriction Logic: Determine which addresses should have the ability to deploy Proxy instances and implement logic to enforce access restrictions.
Documentation: Clearly document the intended usage of the constructor and its access control mechanisms.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.