Deployer.sol - SWC-114: Use of `delegatecall` for deploying contracts may introduce risks if not handled carefully., SWC-112: Potential risk in allowing unauthorized upgrades.
-
Summary: Analyzed for common Solidity vulnerabilities related to contract deployment.
-
Vulnerability Details:
-
Delegatecall Risks: SWC-114: Use of
delegatecallfor deploying contracts may introduce risks if not handled carefully.
Severity: High(bool success, ) = implementation.delegatecall(data);Line: 104
-
Upgradeability Checks: SWC-112: Potential risk in allowing unauthorized upgrades.
Severity: Highrequire(msg.sender == admin, "Unauthorized upgrade");Line: 85
-
-
Impact: Could result in unauthorized deployments or state corruption.
-
Tools Used: Manual code inspection.
-
Recommendations:
Delegatecall Fix: Ensure strict checks before using
delegatecall.require(implementation != address(0), "Invalid implementation");Upgradeability Fix: Apply strict access control and checks.
require(hasRole(UPGRADER_ROLE, msg.sender), "Unauthorized upgrade");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.