Tadle

DeFi

30,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Overwriting of Related Contracts in deployUpgradeableProxy Function

aresaudits

Summary

Vulnerability Details

In the TadleFactory contract, the deployUpgradeableProxy function is responsible for deploying upgradeable proxy contracts for various related contracts. This function allows the guardian to deploy a new proxy contract that delegates calls to a specified logic (implementation) contract. However, there is a potential issue when the function is called multiple times with the same _relatedContractIndex, leading to the overwriting of previously deployed proxy contracts.

How Proxy and Implementation Contracts Work

Proxy Contract:

Storage: The proxy contract holds the state variables (storage) that persist across upgrades.
Delegation: It uses the delegatecall opcode to delegate calls to the logic (implementation) contract. This means that the logic contract's code is executed in the context of the proxy contract, allowing it to read and write to the proxy's storage.

Logic (Implementation) Contract:

Code: The logic contract contains the actual code (functions) that define the behavior of the contract.
Upgradability: When an upgrade is needed, a new logic contract is deployed, and the proxy contract is updated to point to the new logic contract. The storage remains intact in the proxy contract.

Deployment Process:

Deploying the Proxy:
- The deployUpgradeableProxy function creates a new instance of UpgradeableProxy.
- The constructor of UpgradeableProxy is called with the address of the logic contract (_logic), the guardian address, the factory address, and any initialization data (_data).
Proxy Contract:
- The UpgradeableProxy contract holds the storage.
- It delegates calls to the logic contract specified during deployment.
Logic Contract:
- The logic contract contains the actual implementation of the functions.
- If the logic needs to be updated, a new logic contract is deployed, and the proxy contract's reference to the logic contract is updated.

Overwriting of Related Contracts

The deployUpgradeableProxy function allows the guardian to deploy a new proxy contract for a specified related contract index. However, if this function is called multiple times with the same _relatedContractIndex, the address of the previously deployed proxy contract will be overwritten in the relatedContracts mapping. This means that the reference to the first deployed proxy contract will be lost, and only the address of the most recently deployed proxy contract will be stored.

function deployUpgradeableProxy(

uint8 _relatedContractIndex,

address _logic,

bytes memory _data

) external onlyGuardian returns (address) {

/// @dev the logic address must be a contract

if (!_logic.isContract()) {

revert LogicAddrIsNotContract(_logic);

}

/// @dev deploy proxy

UpgradeableProxy _proxy = new UpgradeableProxy(

_logic,

guardian,

address(this),

_data

);

relatedContracts[_relatedContractIndex] = address(_proxy);

emit RelatedContractDeployed(_relatedContractIndex, address(_proxy));

return address(_proxy);

}

The address of the previously deployed proxy contract will be overwritten in the relatedContracts mapping. This could lead to the loss of reference to the initial proxy contract and its associated logic.

Calling deployUpgradeableProxy twice with the same _relatedContractIndex will result in the second proxy contract overwriting the first one in the relatedContracts mapping. This could be intentional or an issue depending on the intended use case. If it is not desirable to overwrite the previous contract, additional logic should be added to prevent redeployment for the same index.

Impact

Tools Used

Manual Analysis

Recommendations

To prevent overwriting, you could add a check to ensure that a proxy contract has not already been deployed for the given _relatedContractIndex

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

[invalid] finding-Admin-Errors-Malicious

The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,229

24 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.