Summary

The proxy admin was created twice, due to this actual owner will not be able to call the main proxy admin upgrade function which will upgrade the implementation contract

Vulnerability Details

The proxy admin is already created within TransparentUpgradeableProxy(), but MembershipFactory() is creating another instance of the proxy admin contract. This results in two proxy admin instances being created. Below is the structure

User->ProxyAdmin 1->ProxyAdmin 2-> Proxy->Implementation contract

Now, if the actual owner wants to upgrade the implementation contract, they must call the ProxyAdmin2 contract, but they are unable to do so as the owner has access to call only functions in ProxyAdmin1, and ProxyAdmin1 cannot invoke the upgrade function in ProxyAdmin2

Impact

The contract cannot be upgraded, even if the owner intends to do so

Tools Used

Manual Review

Recommendations

Do not create new proxy admin in MembershipFactory function because TransparentUpgradeableProxy() will be doing it already.

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L39

Store and pass contract owner in this second parameter TransparentUpgradeableProxy() function

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L74