The Diamond contract uses a delegatecall to invoke functions on other contracts. However, it does not verify if the callee contract is trustworthy or not, which can potentially allow an attacker to take over the contract.
In the Diamond contract, the fallback
function uses a delegatecall to invoke functions on other contracts. Delegatecall is a low-level function that allows one contract to execute the code of another contract, while maintaining the context of the original contract. This means that when Diamond contract uses delegatecall, it allows the callee contract to modify its state variables.
Here is the code snippet with the issue:
The problem here is that there is no verification on the facet
contract to which the delegatecall is being made. If an attacker can somehow make the contract delegatecall to a malicious contract, they can manipulate the state variables of the Diamond contract.
An attacker could potentially exploit this vulnerability to take over the Diamond contract. This can lead to a complete loss of funds for the contract holders.
Manual Review
Deploy the Diamond contract and a malicious contract.
Make the Diamond contract delegatecall to the malicious contract.
The malicious contract modifies the state variables of the Diamond contract, taking over the contract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.