Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Uninitialized principal Variable Vulnerability in LevelTwo.sol

monteago30

Summary

In LevelTwo.sol, the principal state variable is declared but never properly initialized during the upgrade process:

address principal;

Vulnerability Details

Although the contract inherits state from LevelOne during an upgrade via the UUPS pattern, the graduate() reinitializer function is empty and doesn't explicitly set this critical administrative variable:

Impact

The impact of this vulnerability is High for several reasons:

Administrative Control Loss: After upgrade, if there's any storage layout change or if the implementation doesn't perfectly preserve the principal's address, the contract could lose its administrative capabilities.
Access Control Failure: The principal variable would likely be responsible for administrative functions in LevelTwo (though these functions aren't fully implemented yet). If this address is incorrect or zero, administrative functions would be inaccessible.
High Likelihood: The risk is particularly high because LevelTwo.sol has an entirely empty graduate() function, making it almost certain that any upgrade would fail to properly initialize this variable.
Contract Recovery Issues: Without a properly set principal address, recovering from any issues post-upgrade would be extremely difficult or impossible.

Tools Used

manual review / Slither and Aderyn tools

Recommendations

Implement a proper initialization in the graduate() function to ensure the principal variable is correctly set:

function graduate() public reinitializer(2) {

// This function should only be callable during the upgrade process

require(msg.sender == address(this), "Only callable during upgrade");

// No explicit initialization needed for principal since storage is preserved

// But it's a good practice to verify critical variables during upgrade

require(principal != address(0), "Principal address not properly migrated");

// Reset session-specific variables

inSession = false;

sessionEnd = 0;

// Initialize any LevelTwo-specific state variables

// ...

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

monteago30 Submitter

6 months ago

yeahchibyke Lead Judge

6 months ago

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.