Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Metamorphic Contract Impact

wiasliaw

Summary

If the owner triggers the setContract function with a metamorphic contract, the implementation can be upgraded to execute arbitrary code.

Vulnerability Details

Given the availability of selfdestruct, there's a potential vulnerability. If an off-chain service automatically handles contest registrations, an organizer could register a metamorphic contract as the implementation.

The exploitation steps are as follows:

1 The organizer deploys a metamorphic contract and registers the contest.

2 The owner triggers setContest with the address of the metamorphic contract as an argument.

3 The organizer makes a normal call to implementation and destroys it. After that, the organizer redeploys an another imeplementation to the same address with create2Factory.

4 The organizer can now execute arbitrary code.

Impact

The impact is assessed as high since the proxy will be take over by the organizer, though the probability is low.

Tools Used

Manual audit.

Recommendations

Utilize extcodehash to verify whether a contract has been destroyed and re-initialized.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.