The ERC721Bridgeable contract is designed to be upgradable via the UUPS proxy pattern. However, the owner of the ERC721Bridgeable
contract is the CollectionManager
contract, which does not have the necessary functionality to perform the upgrade.
The Starklane::withdrawTokens() function triggers the deployment of an ERC721Bridgeable
contract via the CollectionManager::_deployERC721Bridgeable()
function when the address of the bridged collection on L1 is a zero address.
The CollectionManager
contract acts as the deployer and owner of the ERC721Bridgeable
contract. However, the CollectionManager
contract lacks the necessary functionality to perform upgrades, such as calling the upgradeToAndCall
function.
The upgradable contract ERC721Bridgeable
deployed by the bridge cannot be upgraded.
vscode
Implement a function in CollectionManager
for the authorized role to upgrade the ERC721Bridgeable
contract .
Likelyhood/Impact: High, it will never (until an upgrade) be able to update or transfer the ownership of any collections created on L1.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.