Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium

Distributor/Implementation can be a Metamorphic or selfdestructable contract

alra

Summary

Distributor contract implementation could reach selfdestruct and derive in a loss of funds when a deterministic deploys replenishes the address with malicious code.

Vulnerability Details

If distributor contract has a selfdestruct() or can reach one, it turns into a Metamorphic contract, which means it can be emptied of its code at the address which proxy is looking at, and via deterministic deployments, be replenished with malicious code, capable of through a delegate call of the proxy, empty the Proxy funds.

File: src/ProxyFactory.sol
// Set implementation of selfestructable contract
function setContest(address organizer, bytes32 contestId, uint256 closeTime, address implementation)
// On contract close, when the funds are already distributed, selfdestruct the contract, and deploy the malicious code
function deployProxyAndDistribute(bytes32 contestId, address implementation, bytes calldata data)

Impact

Total loss of funds at Proxy contract

Tools Used

Manual Review

Recommendations

  • Ensure that no selfdestruct opcode is reachable by the contract, either directly or via delegatecall or callcode. If the contract cannot be selfdestructed, it cannot be redeployed.

  • Ensure that the contract was deployed from a source that does not permit redeploys (for instance, by not using CREATE2, or by storing each deployment and preventing duplicate deployments). You’ll also need to make sure that the deployer is not metamorphic itself.

  • Ensure that the contract you are interacting with has not changed via EXTCODEHASH or the like at the start of the transaction before proceeding with the rest of the transaction.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.