Stability Pool cannot be upgraded successfully due to missing import of UUPS Upgradeable contract
Summary
Stability Pool is meant to implement an upgradeable pattern as mentioned in documentation. However, the contract lacks a proper upgrade mechanism, leading to failed upgrades.
Vulnerability Details
In StabilityPool.sol, these contracts have been imported:
However, UUPSUpgradeableis not imported. Without UUPSUpgradeableor TransparentUpgradeableProxy, the contract itself cannot be upgraded after deployment.
Since the upgradeable pattern is not specified, StabilityPool.sol is not upgradeable as it does not implement either UUPS Upgradeable Pattern or Transparent Upgradeable Proxy pattern correctly.
In UUPSUpgradeable, it provides an upgradeTofunction. Without it, the contract is not upgradeable.
If protocol intends to use Transparent Proxy pattern, ProxyAdminand TransparentUpgradeableProxyis required to be imported to properly upgrade the contract.
Impact
StabilityPool.sol cannot be upgraded successfully due to incorrect upgradeable pattern implementation.
Tools Used
Manual
Recommendations
Depending on the choice of the protocol's upgradeable pattern, ensure UUPSUpgradeableis imported, or ProxyAdminand TransparentUpgradeableProxyis imported and necessary contracts and proxy are deployed, and functions such as upgrade()is called to upgrade accordingly.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.