the bug is from the absence of a compatibility check when setting or upgrading the implementation contract. The StakingProxy uses the delegatecall method to forward function calls to the implementation contract stored at a predefined slot in storage. While delegatecall enables the proxy to execute functions defined in the implementation contract, it operates under the assumption that the state layout and logic of the new implementation are compatible with the existing state of the proxy.
here this is defines a unique storage slot for storing the implementation address.
bytes32 public constant SERVICE_STAKING_PROXY = 0x9e5e169c1098011e4e5940a3ec1797686b2a8294a9b77a4c676b121bdc0ebb5e;
and here The constructor initializes the implementation address, ensuring it is not zero. However, it does not verify if the new implementation is compatible with the existing state variables of the proxy.
and here The fallback function delegates all calls to the implementation contract but does not check if the implementation’s state is consistent with the proxy’s state.
the bug in the contract is can lead to Loss of Data Integrity cause If the proxy is upgraded to a new implementation that has different state variables or a different state layout, it can result in data corruption
Tools Used
manual review
Recommended Mitigation Steps
it's need to ensure that every upgrade is involves a compatibility check and a safe state migration process.
Lines of code
https://github.com/code-423n4/2024-05-olas/blob/3ce502ec8b475885b90668e617f3983cea3ae29f/registries/contracts/staking/StakingProxy.sol#L23
Vulnerability details
root of the bug :
the bug is from the absence of a compatibility check when setting or upgrading the implementation contract. The StakingProxy uses the delegatecall method to forward function calls to the implementation contract stored at a predefined slot in storage. While delegatecall enables the proxy to execute functions defined in the implementation contract, it operates under the assumption that the state layout and logic of the new implementation are compatible with the existing state of the proxy. here this is defines a unique storage slot for storing the implementation address.
and here The constructor initializes the implementation address, ensuring it is not zero. However, it does not verify if the new implementation is compatible with the existing state variables of the proxy.
and here The fallback function delegates all calls to the implementation contract but does not check if the implementation’s state is consistent with the proxy’s state.
Impact
the bug in the contract is can lead to Loss of Data Integrity cause If the proxy is upgraded to a new implementation that has different state variables or a different state layout, it can result in data corruption
Tools Used
manual review
Recommended Mitigation Steps
it's need to ensure that every upgrade is involves a compatibility check and a safe state migration process.
Assessed type
Other