search

Cyfrin / 2023-08-sparkn

Other
10 stars 15 forks source link

No recovery function in the proxy #541

Open codehawks-bot opened 1 year ago

codehawks-bot commented 1 year ago

No recovery function in the proxy

Severity

Medium Risk

Summary

If the implementation address was set incorrectly due to an error, and the sponsors donate to this address, it is not possible to retrieve these tokens back.

Vulnerability Details

  1. The owner creates a contest and makes a mistake in the implementation address.
  2. The sponsors donate to the proxy.
  3. The organizer deploys the proxy and tries to distribute the tokens to the winners.
  4. The proxy with the incorrect implementation address cannot call the distributor.
  5. Funds are stuck in the proxy and cannot be recovered.

Impact

Funds can get stuck in the proxy and can not be recovered anymore

Tools Used

Manual Review, AuditWizard

Recommendations

There should be a recovery function that is directly implemented on the proxy and does not rely on the distributor.

PatrickAlphaC commented 1 year ago

https://github.com/Cyfrin/2023-08-sparkn/issues/262#issuecomment-1709450774

TheSchnilch commented 1 year ago

I think this issue should also be reopened, as well as the other issues with this label.

TheSchnilch commented 1 year ago

897

PatrickAlphaC commented 1 year ago

reopened