Failure to Upgrade Bridge Contract with a New Owner
Summary
When attempting to upgrade the bridge contract, the initialize function is invoked to set up the new configuration. However, due to a flaw in how the initialize function is implemented, the process will fail if a new owner is specified during the upgrade.
Vulnerability Details
Below is the code snippet for the initialize function:
The function begins by transferring ownership to the new owner specified in the data parameter. It then proceeds to set the Starklane L2 address and selector using setStarklaneL2Address and setStarklaneL2Selector functions.
However, the problem arises because both setStarklaneL2Address and setStarklaneL2Selector are functions that can only be executed by the admin. Since the ownership is transferred to the new owner before these functions are called, the original owner no longer has the necessary permissions to complete the process. As a result, the upgrade will fail if a new owner address is provided.
Impact
This vulnerability prevents the current owner from successfully upgrading the bridge contract when attempting to assign a new owner during the upgrade process.
Tools Used
Manual Review
Recommendations
To resolve this issue, the ownership transfer should be moved to the end of the initialize function. This ensures that the original owner retains the necessary permissions to execute all required admin functions before transferring ownership.
Here is the modified code:
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.