Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

UUPS Upgradeability Risk

mustaphaabdulaziz00

Summary

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/39e33b2f6b3890573bb1affc41a7e520277ceb2c/src/zlp/ZlpVault.sol#L213

The contract employs the UUPS (Universal Upgradeable Proxy Standard) upgradeability pattern, which has inherent risks due to the direct access it provides to the upgrade mechanism. If the _authorizeUpgrade function is not implemented securely, it could allow unauthorized or malicious upgrades, compromising the contract's integrity and functionality.

Vulnerability Details

/// @inheritdoc UUPSUpgradeable

function _authorizeUpgrade(address) internal override onlyOwner {}

Minimal Authorization Logic:
The _authorizeUpgrade function relies solely on the onlyOwner modifier, which checks that the caller is the contract owner. If ownership is transferred accidentally, or if the owner account is compromised, an attacker could perform malicious upgrades.

Ownership Risk:
Ownership is a single point of failure. If ownership is transferred to an untrusted address or lost, the contract becomes vulnerable to unauthorized upgrades.

Upgradeability Risks:
Malicious upgrades could introduce backdoors, change the functionality of the contract to siphon funds, or disrupt critical operations.

Lack of Multi-Signature Governance:
The upgradeability mechanism lacks multi-signature or decentralized governance, increasing the risk of centralization and unauthorized changes.

Exploitation Scenario:

An attacker compromises the owner's private key and calls the upgradeTo function to deploy a malicious implementation contract.

The new implementation could, for instance, transfer all vault assets to the attacker's address.

Impact

Loss of Control: The contract's functionality could be altered to benefit a malicious actor.

Loss of Funds: Assets stored in the contract could be drained.

Ecosystem Trust Damage: Exploitation of the upgrade mechanism can undermine user confidence in the contract's security.

Tools Used

Manual Review

Recommendations

Implement Multi-Signature Governance

Require multiple trusted parties to approve an upgrade. Use a multi-signature wallet such as Gnosis Safe to manage ownership.

Example Implementation:

function _authorizeUpgrade(address newImplementation) internal override {

require(MultiSigWallet.isApproved(msg.sender), "Unauthorized upgrade");

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.