Part 2

Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Submission Details
Severity: high
Invalid

Bug in `LookupBranch` contract prevents it from accessing intended storage

Summary

A vulnerability stems in the LookupBranch() not being able to access the intended storage, but rather accessing it’s own storage. Since it was supposed to interact with a proxy which is a critical flaw.

Vulnerability Details:

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/35deb3e92b2a32cd304bf61d27e6071ef36e446d/src/tree-proxy/branches/LookupBranch.sol#L15-L20
function branches() external view returns (Branch.Data[] memory) {
RootUpgrade.Data storage rootUpgrade = RootUpgrade.load();
return rootUpgrade.getBranches();
}

The RootUpgrade.load() uses a storage pointer specific to the LookupBranch contract. When deployed as a standalone contract, it can’t access the intended data.

Impact

This will result in all view functions returning empy data breaking core functionlities like upgrade tracking and branch lookup.

Tools Used

Manual review

Recommendations

Deploy lookUp branch behind a proxy. Aso ensure storage slots are consistent across proxies.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.