Hawk High

Summary

Since the LevelTwo is the upgrade contract for LevelOne via UUPSProxy, a critical issue was found related to storage layout compability. The new implementation LevelTwo does not preserve the original layout defined in LevelOne, which can lead to serious runtime bugs, fund mismanagement, or access control failure after upgrade.

Vulnerability Details

Instead of inheriting from the original contract LevelOne, LevelTwo declares as a new Initializeable.

As a result, variables such as principal, bursary, isStudent, and studentScore may point to corrupted or misaligned values after the upgrade. This happens because the proxy keeps using the original layout, even after the logic is upgraded.

Impact

The impact of deploying LevelTwo without preserving the original layout is severe:

• Access control may fail. The principal address could be lost or changed, letting the wrong account control upgrades or withdraw funds.

• Student and teacher data may be corrupted. Lists and scores could return wrong values or break entirely.

• USDC funds may be mismanaged. The bursary value might be read from or written to the wrong location.

• The contract may become unusable. Storage mismatches could make functions revert or behave unpredictably.

Tools Used

• Manual review and comparasion between LevelOne and LevelTwo

• Knowledge of EIP-1967 and UUPS proxy patterns

Recommendations

• Implement inheritation from LevelOne to LevelTwo to preserve the layout storage:

  import "./LevelOne.sol";

  ​

  contract LevelTwo is LevelOne {

  // Code here...

  }

• Do not redeclare variables already defined in LevelOne.