The contract MondrianWallet2
is upgradable but anyone (not only the owner) can upgrade it.
The contract MondrianWallet2
inherits UUPSUpgradeable
and it overrides the function _authorizeUpgrade()
. But not adding access control to this function allows for anyone to set the implementation contract since this function is called for authorization by the logic in UUPSUpgradeable
. By setting any malicious contract as implementation attacker can selfdestruct()
the proxy contract or exploit any of it's logic.
An attacker can upgrade the contract to any implementation and exploit all functionalities of the contract.
Manual Review
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.