A vulnerability stems in the LookupBranch()
not being able to access the intended storage, but rather accessing it’s own storage. Since it was supposed to interact with a proxy which is a critical flaw.
The RootUpgrade.load()
uses a storage pointer specific to the LookupBranch
contract. When deployed as a standalone contract, it can’t access the intended data.
This will result in all view functions returning empy data breaking core functionlities like upgrade tracking and branch lookup.
Manual review
Deploy lookUp branch behind a proxy. Aso ensure storage slots are consistent across proxies.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.