The
ConfidencePoolFactoryenforces important protocol rules during pool deployment, such as verifying that the stake token is allowlisted (isTokenAllowlisted) and ensuring that only the agreement owner can create the pool.However,
ConfidencePool.initialize()does not restrict who can call it. It lacks any check to confirm thatmsg.senderis actually the factory contract.Because of this, an attacker can completely bypass the factory. They can independently deploy a standard EIP-1167 minimal proxy pointing to the
ConfidencePoolimplementation and callinitialize()directly. This allows the attacker to force-initialize a pool linked to a legitimate agreement but with malicious configurations, such as non-allowlisted tokens, or setting themselves as the moderator and recovery address.
Likelihood:
Anyone can interact directly with the blockchain to deploy minimal proxies (EIP-1167 clones) and trigger the unconstrained initialize function without factory authorization.
Impact:
This breaks the core deployment invariants. Users tracking valid agreements could be deceived into interacting with these independently cloned pools. Since the attacker controls the moderator and recovery permissions on these rogue clones, any user funds deposited into them can be swept and stolen.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.