Fallback Function DelegateCall Vulnerabilitiy
Summary
Fallback Function DelegateCall Vulnerability in Proxy Contract
Vulnerability Details
The vulnerability arises from the use of delegate calls in the fallback function of the Proxy contract without performing a check to verify the success of the delegate call. If a delegate call fails, the fallback function will continue executing, potentially leading to unexpected behavior and security vulnerabilities.
Impact
A failed delegate call could lead to incorrect behavior in the contract, and in some cases, it could potentially be exploited by attackers to manipulate the contract's logic or cause it to enter an unintended state.
Tools Used
Manual code review and analysis of the delegate call logic and error handling in the Proxy contract's fallback function.
Recommendations
To mitigate this vulnerability, consider the following recommendations:
-
Check Delegate Call Result: After performing a delegate call, check the result of the call (
result == 1) to verify that the call was successful before continuing with execution. -
Revert on Failure: If the delegate call fails, use the
revertstatement to revert the transaction, ensuring that the fallback function's execution is terminated. -
Separation of Concerns: Minimize the logic executed in the fallback function to reduce the potential for errors or vulnerabilities.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.