Submission Details
Severity:
The fallback function in Proxy.sol should be payable
Summary
The fallback function in Proxy.sol should be payable
Vulnerability Details
The fallback function doesn't have payable keyword which will not let it receive any ether from _distribute() from ProxyFactory.sol and will result in loss of funds from the sponsors, since the sponsor is sending funds in in Proxy.sol.
fallback() external {
address implementation = _implementation;
assembly {
let ptr := mload(0x40)
calldatacopy(ptr, 0, calldatasize())
let result := delegatecall(gas(), implementation, ptr, calldatasize(), 0, 0)
let size := returndatasize()
returndatacopy(ptr, 0, size)
switch result
case 0 { revert(ptr, size) }
default { return(ptr, size) }
}
Impact
Funds could get locked up in Proxy contract
Tools Used
Manual review
Recommendations
Mark the fallback function as payable like given below
fallback() external payable {
address implementation = _implementation;
assembly {
let ptr := mload(0x40)
calldatacopy(ptr, 0, calldatasize())
let result := delegatecall(gas(), implementation, ptr, calldatasize(), 0, 0)
let size := returndatasize()
returndatacopy(ptr, 0, size)
switch result
case 0 { revert(ptr, size) }
default { return(ptr, size) }
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
19477 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.