sa9933 - The UUPS proxie standard is implemented incorrectly, making the protocol not upgradeable #168
Labels
Sponsor Disputed
The sponsor disputed this issue's validity
Comments
sherlock-admin3
added
the
Sponsor Disputed
sherlock-admin4
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sa9933
High
The UUPS proxie standard is implemented incorrectly, making the protocol not upgradeable
Summary
SolConnector.sol contracts inherit OappUpgrrdeble and it inherits UUPSUpgradeable contract from Openzepelin, indicating that the devs of the protocol want to have the possibility of upgrading the above mentioned contracts at some point in the future.
the contracts also implement the OwnableUpgradeable contract, and the _authorizeUpgrade() function in both contracts has the onlyOwner modifer. This function is used to check whether the person who tries to update the implementation contract in the Proxy has the required access.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Contracts that are expected to be upgradable, can't be upgraded due to missing functionality
PoC
No response
Mitigation
Implement a call to the upgradeToAndCall() function
The text was updated successfully, but these errors were encountered: