Submission Details
Severity:
Anyone Can Upgrade the Implementation Due to Lack of Access Control
Description:
The _authorizeUpgrade function lacks the onlyOwner modifier, allowing anyone to upgrade the implementation without restriction.
function _authorizeUpgrade(address newImplementation) internal override{}
Impact:
Without proper access control, anyone can seize control of your wallet by upgrading it and altering the ownership.
Proof of Concept:
Add this test to the existing test suite to demonstrate the vulnerability:
function testAnyoneCanChangeImplementation() public {
MondrianWallet2 imp2 = new MondrianWallet2();
vm.prank(address(123));
mondrianWallet.upgradeToAndCall(address(imp2), "");
assertEq(proxy.getImp(), address(imp2)); // getImp() was added to ERC1967Proxy contract to ease the test process it just returns the internal _implementation() function result
}
Recommended Mitigation:
Integrate the onlyOwner modifier to _authorizeUpgrade to restrict upgrades to the owner only.
- function _authorizeUpgrade(address newImplementation) internal override{}
+ function _authorizeUpgrade(address newImplementation) internal override onlyOwner{}
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
Lack of access control in _authorizeUpgrade
Rewards breakdown
nSLOC
105This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.