[H-3] Unrestricted Proxy Upgrade Capability in MarketMakingEngine contract (Access Control + Centralization Risk)
Summary
The MarketMakingEngine inherits UpgradeBranch, which likely contains logic for upgrading contract implementations. If this branch lacks proper access control, an attacker could replace critical logic to drain funds or disrupt protocol operations
Vulnerability Details
Affected Code Structure:
Key Risk Factors:
-
Inherited Upgrade Logic: The UpgradeBranch (not shown) may contain functions like upgradeImplementation() that lack proper access control.
-
Proxy Initialization Risk: The RootProxy constructor initializes the proxy system but may not properly lock implementations post-deployment.
Exploit Scenario:
-
Attacker gains temporary ownership (via social engineering or compromised key)
-
Calls upgradeImplementation() to deploy malicious logic in CreditDelegationBranch
-
Steals all delegated liquidity through manipulated functions
Impact
High Impact: Complete protocol control and fund theft
High Likelihood: Proxy upgrade attacks are common in modular architectures
Critical Risk: Chain-wide impact due to core protocol position
Tools Used
Manual code analysis
Proxy pattern
Recommendations
Implement strict access control for upgrade functions:
-
Use TimelockController for upgrade delays
-
Add implementation freeze after initial setup
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.