Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium

Ether can be blocked in proxy contract.

Silver Hawks

Summary

The sponsor is able to send Ether to the proxy address before it is deployed.

Vulnerability Details

During the funding of the proxy address (not yet deployed), the sponsor is able to send Ether to the proxy address. This Ether will be locked in the proxy contract and will not be able to be withdrawn.

Proof of Concept

Note: the snippet shows only the relevant code for the test. Full test file can be found here.

function test_PoC_M04() public {
vm.startPrank(owner);
bytes32 contestId = keccak256("a contest id");
uint256 closeTime = block.timestamp + 1 weeks;
address implementation = address(new Distributor(address(factory), stadium));
factory.setContest(organizer, contestId, closeTime, implementation);
address proxy = factory.getProxyAddress(_calculateSalt(organizer, contestId, implementation), implementation);
// simulate sponsor sends ether to proxy add
address sponsor = makeAddr("sponsor");
changePrank(sponsor);
vm.deal(sponsor, 1 ether);
payable(proxy).transfer(1 ether);
assertEq(address(proxy).balance, 1 ether);
}

Impact

Since the process of sending funds to the proxy address is not detailed in the documentation, the sponsor could send Ether directly to the pre calculated address.

Tools Used

None.

Recommendations

Add a function to withdraw Ether from the proxy contract.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.