Irreversible Festival Contract Assignment Limits Upgradeability
Root + Impact
Description
Describe the normal behavior in one or more sentences
the festivalContract should have flexible upgradeability, the owner may want to update it across different festivals or deployments.
Explain the specific issue or problem in one or more sentences
once festivalContract is set, it becomes immutable, preventing future upgrades or fixes even by the owner.
Risk
Likelihood:
Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Happens on the first call to setFestivalContract.
Reason 2
No ability to recover or update the contract reference after that point.
Impact:
Impact 1
Project cannot upgrade to future festival contracts.
Impact 2
Bugs or logic errors in the first set contract become permanent.
Proof of Concept
The contract allows the festivalContract address to be set only once. After the initial assignment, any attempt to change it again reverts with "Festival contract already set". This permanently locks the BeatToken contract to the first assigned festival, preventing upgrades or migration to new festival contracts.
Recommended Mitigation
If future upgrades are needed, remove the one-time require check and allow the owner to update the festivalContract anytime. Just ensure the new address is valid (non-zero) to prevent setting it to an invalid contract.
Lead Judging Commences
`setFestivalContract` only callable once
This is intended. It's done like that because the festival contract requires beat token's address and vice versa.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.