Hijack implementation contract ownership
Summary
Hijack implementation contract ownership
Vulnerability Details
Implementation of the upgradeable smart contract LevelOne.sol contains an initialization function LevelOne::initialize(), but does not provide the recommended constructor calling _disableInitializers(); in order to prevent a direct calls to initialize(). That's against the protocol recommendations and allows anyone to hijack ownership of the implementation contract, driving to undesired and vulnerable behavior.
Impact
attacker could call all functions restricted with
onlyPrincipal
Tools Used
Manual review
Foundry
PoC
Add the following test to LevelOneAndGraduateTest.t.sol.
Recommendations
Add constructor to contract LevelOne with the following implementation:
This way, the smart contract will prevent possible attacks by malicious users from directly calling the initialization of the smart contract and hijacking its ownership.
Lead Judging Commences
contract can be re-initialized
The system can be re-initialized by an attacker and its integrity tampered with due to lack of `disableInitializer()`
contract can be re-initialized
The system can be re-initialized by an attacker and its integrity tampered with due to lack of `disableInitializer()`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.