Summary

The LevelOne contract is an upgradeable contract (UUPS pattern) with unprotected initialize functions, allowing anyone to delete or replace the contract implementation.

Vulnerability Details

The LevelOne contract is upgradeable but does not protect its initialize function LevelOne.initialize(address,uint256,address) at lines 120-136. This leaves the contract vulnerable as anyone can delete it by calling UUPSUpgradeable.upgradeToAndCall(address,bytes) from the OpenZeppelin library.

Impact

Critical. This vulnerability allows any external actor to arbitrarily replace the contract's implementation, potentially gaining control of all contract assets and functionality. This is essentially a backdoor that could lead to complete loss of funds and control.

Tools Used

Slither static analysis tool

Recommendations

• Implement proper access control for the upgrade functionality by overriding the _authorizeUpgrade function with appropriate access restrictions (e.g., onlyOwner or onlyRole(UPGRADER_ROLE)).

• Ensure that the initialize function can only be called once by using the initializer modifier.

• Consider implementing a timelock mechanism for upgrades to provide users time to exit if they disagree with an upgrade.

• Add comprehensive tests specifically for the upgrade functionality.