Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

If STADIUM_ADDRESS is compromised, rewards will be wasted on a compromised address

peanuts

Summary

If the STADIUM_ADDRESS is compromised, then rewards will be sent to the compromised address and will be wasted.

Vulnerability Details

When the proxy address is precomputed, the distributor address plays a part. This means that the distributor contract has to be deployed first, and thus the STADIUM + FACTORY addresses is already confirmed.

In test file:
proxyFactory.setContest(
_organizer,
randomId,
block.timestamp + 8 days,
address(distributor)
);

There is quite a long time between the start of the contest and the end of contest (~28 days), and an even longer time (+7 days) until the factory owner can take ownership of the tokens in the proxy address. In this while, if the stadium address is compromised while the contest is ongoing, at least 5% of the token earnings will be lost to the malicious stadium address holder since there is no way to change the stadium address anymore other than redeploying a new contract.

Impact

Loss of rewards if STADIUM_ADDRESS is compromised.

Tools Used

VS Code

Recommendations

Recommend allowing the factory owner to change the stadium address of the distributor contract in case the stadium contract is compromised since factory owner is considered to be trusted. Something like:

  1. Change the immutable state of the stadium address

  2. Have a modifier that checks for factory owner

  3. Function that changes the stadium address

ProxyFactory public proxyFactory;
address private STADIUM_ADDRESS;
modifier onlyFactoryOwner{
require(msg.sender == proxyFactory.owner());
_;
}
function changeStadiumAddress(address _stadiumAddr) external onlyFactoryOwner() {
if (stadiumAddress == address(0)) revert Distributor__NoZeroAddress();
STADIUM_ADDRESS = _stadiumAddr;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.