function upgradeTo(address newImplementation) public override {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
function upgradeToAndCall(address newImplementation, bytes memory data) public payable override {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data, true);
}
Issue Summary:
The upgradeTo and upgradeToAndCall function lacks proper access control modifiers, which may allow unauthorized users to perform an upgrade operation. This poses a significant security risk as it enables anyone to upgrade the contract implementation, potentially leading to malicious activities or unintended behaviors.
Detailed Description:
Function Purpose:
The upgradeTo function is intended to upgrade the contract's implementation to a new address (newImplementation). It calls the internal function _authorizeUpgrade to verify authorization and then performs the upgrade using _upgradeToAndCallUUPS.
Missing Access Control:
The function is marked as public, meaning it can be called by any address. Without proper access control, any user can trigger the upgrade process, which can lead to:
Unauthorized upgrades to the contract implementation.
Potential introduction of malicious code or vulnerabilities in the contract.
Additional Notes:
Ensure that the _authorizeUpgrade function performs necessary checks to confirm that the caller is authorized to perform the upgrade.
Review and adhere to best practices for upgradeable contracts, such as those outlined by OpenZeppelin's upgradeable contracts library.
Tools Used
Manual review
Recommended Mitigation Steps
import "@openzeppelin/contracts/access/Ownable.sol";
contract MyContract is Ownable {
function upgradeTo(address newImplementation) public override onlyOwner {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
}
Lines of code
https://github.com/code-423n4/2024-07-basin/blob/main/src/WellUpgradeable.sol#L93-L96
Vulnerability details
Contract Code: WellUpgradeable.sol#L93-L96
Issue Summary: The
upgradeToandupgradeToAndCallfunction lacks proper access control modifiers, which may allow unauthorized users to perform an upgrade operation. This poses a significant security risk as it enables anyone to upgrade the contract implementation, potentially leading to malicious activities or unintended behaviors.Detailed Description:
Function Purpose:
upgradeTofunction is intended to upgrade the contract's implementation to a new address (newImplementation). It calls the internal function_authorizeUpgradeto verify authorization and then performs the upgrade using_upgradeToAndCallUUPS.Missing Access Control:
public, meaning it can be called by any address. Without proper access control, any user can trigger the upgrade process, which can lead to:Additional Notes:
_authorizeUpgradefunction performs necessary checks to confirm that the caller is authorized to perform the upgrade.Tools Used
Manual review
Recommended Mitigation Steps
Assessed type
Access Control