ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

Submission Details

Severity: high

Invalid

UUPSProxied.sol - SWC-112: Ensure only authorized upgrades occur.,SWC-114: Can introduce risks if not handled properly.

Summary: Implements UUPS proxy pattern.
Vulnerability Details:
- Upgradeability Checks: SWC-112: Ensure only authorized upgrades occur.
  Severity: High
  
  require(msg.sender == admin, "Unauthorized upgrade");
  Line: 74
- Delegatecall Risks: SWC-114: Can introduce risks if not handled properly.
  Severity: High
  
  (bool success, ) = implementation.delegatecall(data);
  Line: 92
Impact: Unauthorized upgrades or corrupted state.
Tools Used: Manual code inspection.
Recommendations:
- Upgradeability Fix: Apply stricter checks on upgrades.
  require(hasRole(UPGRADER_ROLE, msg.sender), "Unauthorized upgrade");
- Delegatecall Fix: Ensure safe usage of delegatecall.
  (bool success, ) = implementation.delegatecall(data);

Updates

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.