If the implementation address was set incorrectly due to an error, and the sponsors donate to this address, it is not possible to retrieve these tokens back.
Vulnerability Details
The owner creates a contest and makes a mistake in the implementation address.
The sponsors donate to the proxy.
The organizer deploys the proxy and tries to distribute the tokens to the winners.
The proxy with the incorrect implementation address cannot call the distributor.
Funds are stuck in the proxy and cannot be recovered.
Impact
Funds can get stuck in the proxy and can not be recovered anymore
Tools Used
Manual Review, AuditWizard
Recommendations
There should be a recovery function that is directly implemented on the proxy and does not rely on the distributor.
No recovery function in the proxy
Severity
Medium Risk
Summary
If the implementation address was set incorrectly due to an error, and the sponsors donate to this address, it is not possible to retrieve these tokens back.
Vulnerability Details
Impact
Funds can get stuck in the proxy and can not be recovered anymore
Tools Used
Manual Review, AuditWizard
Recommendations
There should be a recovery function that is directly implemented on the proxy and does not rely on the distributor.