https://github.com/Cyfrin/2024-07-biconomy/blob/main/contracts/Nexus.sol#L73-L78
The UUPS implementation in Nexus
contract is incorrect. Protocols using UUPSUpgradeable
should initialize their implementation contracts.
The contract is deployed using a proxy pattern whereby the implementation contract is used by the proxy contract for all its logic. The proxy contract will make delegate calls to the implementation contract. This helps to facilitate future upgrades by pointing the proxy contract to a new and upgraded implementation contract.
The vulnerability allows an attacker to take control of an uninitialized implementation contract. This could lead to unauthorized upgrades and potentially malicious control over the contract.
If exploited, this vulnerability could allow attackers to hijack the proxy's logic by upgrading the implementation contract without permission, leading to potential loss of funds or other malicious actions.
Manual code review
Manually initialize the contracts using the initialize
function or constructor method with the initializer
modifier so the implementation contract gets initialized automatically upon deployment.
Initial information about this issue: here - Security advisory: Initialize UUPS implementation contracts and here - UUPSUpgradeable Vulnerability Post-mortem
Invalid, this issue cannot occur because there is no `initialize()` function within the `Nexus.sol` implementation contract. All initial contract initialization is performed within the constructor.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.