The TadleFactory::deployUpgradeableProxy
function allows the deployment of protocol-related contracts by taking an index to determine which contract to deploy.
However, there is no validation to ensure that the provided _relatedContractIndex
is within the expected range (1 to 5) and that the correct logic contract is deployed at the specified index.
This oversight can lead to unintended behavior, such as accessing uninitialized entries in the relatedContracts
mapping, which may return a zero address, or deploying incorrect logic contracts, potentially leading to vulnerabilities.
Additionally, the lack of validation can also lead to unintentionally overwriting existing contracts, resulting in loss of state and functionality.
Incorrect Logic Association: If the wrong logic contract is deployed at a given index, it could lead to unexpected behavior and vulnerabilities in the system, as the contract may not function as intended.
Zero Address Issues: Providing an invalid index results in the logic being not initialized at the correct index, leading to runtime errors when attempting to interact with the contract or unexpected behavior in the system.
Contract Overwriting: Lack of index validation increases the risk of unintentionally overwriting existing contracts, potentially disrupting system functionality and causing loss of critical data.
The following test demonstrates how an invalid _relatedContractIndex
can lead to unintended deployments. The first part shows deployment with an out-of-range index, while the second part shows deployment with an incorrect logic contract.
Add the following PoC to the PreMarkets.t.sol
test file:
Manual Review
Implement validation for _relatedContractIndex
in the TadleFactory::deployUpgradeableProxy
function to ensure it falls within the expected range (1 to 5, inclusive).
Verify that the deployed logic contract corresponds to the specified index, possibly using interfaces to ensure type safety.
Revert the transaction if an invalid index is provided, ensuring the contract state remains consistent and secure.
The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.