Netiher `SDT Operators` cant upgrade their vaults nor `OperatorVCS` from v1 to v2
Vulnerability Details
If an already existing stake.link v1 OperatorVault desires to use stake.link for v2 it will revert on its upgrade, whereas new operators that join stake.link will create their new contract successfully. Furthermore OperatorVCS contract upgrade will also fail.
The reason is because of the reinitializer(3) modifier in the initialize() functions.
Proof Of Concept
If you go the official OperatorVCS for v1 in Etherscan here you will see that the proxy _initialized variable has the value 3.
If you use getVaults() and go the first vault address as example (see here) you will also see that Vaults have _initialized == 3.
To read the private state from Etherscan you can use this browser extension BlockSec Meta Suits.
Now this is the reinitializer() code used by the system:
Impact
Previous operators that want to migrate to v2 will not be able to do so. And the upgrade for the OperatorVCS will not be possible either.
Recommendations
Reinitializer should be reinitializer(4) in both OperatorVaults and OperatorVCS.
Lead Judging Commences
Some contracts will not be initialized due to an incorrect `reinitializer` versions used
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.