Submission Details
Severity:
wrong initliazation or just typo in description in L2/ ReseedBean.sol
Summary
// TODO: replace with implmentation once developed.
address internal constant CP2_U_BEAN_ETH_WELL_IMPLMENTATION = address(0);
address internal constant CP2_U_BEAN_WSTETH_WELL_IMPLMENTATION = address(0);
address internal constant SS_U_BEAN_STABLE_WELL_IMPLMENTATION = address(0);
Vulnerability Details
Can accidentally deploy proxy with 0 implementation and try to init it.
Impact
Needed redeploy or just dev time.
Tools Used
slither
Recommendations
do checks if proxy is deployed with nonzero implementation
in line 161, 175, 194,
or split into two steps one deploying all proxies with proper name of proxies, and the make update script to update implementation to non zero and init.
Good practice name of the proxy correspond to the proxy implementation, yes it ads one layer of inheritance, but after revealing the code you it easier to analyze because not every proxy revelaed contract name is ERC1967
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.