The StrategyArb
, StrategyOp
, and StrategyMainnet
contracts lack an upgradability pattern, meaning their logic cannot be modified post-deployment. This limitation poses risks related to bug fixes, security vulnerabilities, and evolving requirements.
The absence of an upgrade mechanism means that if a critical vulnerability is discovered after deployment, it cannot be patched without redeploying a new contract. This not only increases the risk for users but also complicates fund management during migrations.
Inability to Fix Bugs: If a vulnerability is discovered, funds may remain at risk until a new version is deployed.
User Frustration: Users may face challenges in accessing their funds or may need to migrate manually to a new contract.
Potential for Exploits: A static contract is more susceptible to exploitation if a bug exists that could be leveraged by malicious actors.
Manual code review of StrategyArb
, StrategyOp
, and StrategyMainnet
contracts.
Implement an Upgradability Pattern: Utilize a proxy pattern to enable contract upgrades without losing state or requiring user migration.
ensure that access control measures are in place for any upgradeable functions to prevent unauthorized modification
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.