Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Anyone can upgrade the contract.

Summary

The contract MondrianWallet2 is upgradable but anyone (not only the owner) can upgrade it.

Vulnerability Details

The contract MondrianWallet2 inherits UUPSUpgradeable and it overrides the function _authorizeUpgrade(). But not adding access control to this function allows for anyone to set the implementation contract since this function is called for authorization by the logic in UUPSUpgradeable. By setting any malicious contract as implementation attacker can selfdestruct() the proxy contract or exploit any of it's logic.

Impact

An attacker can upgrade the contract to any implementation and exploit all functionalities of the contract.

Tools Used

Manual Review

Recommendations

- function _authorizeUpgrade(address newImplementation) internal override {}
+ function _authorizeUpgrade(address newImplementation) internal override onlyOwner {}
Updates

Lead Judging Commences

bube Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of access control in _authorizeUpgrade

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.