Anyone could upgrade proxy contract
Summary
Anyone could update proxy contract
Vulnerability Details
Contracts uses UUPS proxy, and should override function _authorizeUpgrade with access control modifies. But they dont do it. so anyone could call external function upgradeTo in proxy contract and update implementation address.
From openzeppelin docs: https://docs.openzeppelin.com/contracts/4.x/api/proxy#:~:text=.%20This%20is%20where%20the%20UUPSUpgradeable%20contract%20comes%20in.%20Inheriting%20from%20it%20(and%20overriding%20the%20_authorizeUpgrade%20function%20with%20the%20relevant%20access%20control%20mechanism)%20will%20turn%20your%20contract%20into%20a%20UUPS%20compliant%20implementation.
Impact
Sponsor said, that mock contracts will be deploy to testnet for testing. So, anyone could interfere with testing by calling the contract update function
Tools Used
Manual review
Recommendations
Add modifier onlyOwner to internal function _authorizeUpgrade(address)
Lead Judging Commences
_authorizeUpgrade(address) lacks access control in mock contracts
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.