First Flight #19: Mondrian Wallet v2
First Flight #19
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Malicious user can change the protocol logic by calling `MondrianWallet2::_authorizeUpgrade` to drain the funds of the protocol

NightHawK

Summary

The UUPS guidelines are not followed and anyone is authorized to upgrade the contract.

Vulnerability Details

The OpenZeppelin documentation states that the _authorizeUpgrade function must be overridden to include access restriction to the upgrade mechanism.

This function is called by upgradeTo and upgradeToAndCall. Normally, this function will use an access control modifier such as Ownable.onlyOwner. This is not the case in Line 167 of MondrianWallet2.sol.

Impact

A malicious user can upgrade the protocol with a new version. This upgraded new version of the protocol can allow all the funds of the protocol to be transferred to the malicious user.

Tools Used

Manual Review

Recommendations

_authorizeUpgrade on Line 167 of MondrianWallet2.sol must revert when called by non owner. Look at the following code.

+error MondrianWallet2__NotFromOwner();
-function _authorizeUpgrade(address newImplementation) internal override {}
+function _authorizeUpgrade(address newImplementation) internal override {
+ if (msg.sender != owner()) {
+ revert MondrianWallet2__NotFromOwner();
+ }
+}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of access control in _authorizeUpgrade

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.