Closed code423n4 closed 1 year ago
admin mistake
at most QA
We do not accept this issue. From "Publicly Known Issues / Clarifications & Assumptions" section in the README:
"Governance and Proxy Admins are trusted. Issues that can come from Governance malicious executions or Proxy Admins malicious upgrades will not be taken into account"
donosonaumczuk marked the issue as sponsor disputed
Picodes marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/main/contracts/misc/access/ProxyAdmin.sol#L25-L45
Vulnerability details
Impact
The code implements a rollback function:
The function relies on the value of the
previousImplementation
variable being correctly set to that of the previous implementation.Although the issue can be rectified by issuing a call to
proxy_upgrade
with the valid previous address as input, the functionality is available and therefore should be protected. The functionality can accidentally or intentionally be broken by the Owner callingproxy_upgrade
orproxy_upgradeAndCall
twice with the same address thereby rendering the functionality ofrollbackLastUpgrade
ineffective by overwriting thepreviousImplementation
variable with the current implemetation address as in the code below.Proof of Concept
Test written in foundry and output
Test function:
Output:
Tools Used
Manual Audit Foundry
Recommended Mitigation Steps
It could be considered to check that the new value being set in
proxy_upgrade
andproxy_upgradeAndCall
are not equivalent to the current implementation as belowAssessed type
Invalid Validation