Closed sherlock-admin3 closed 4 months ago
This is not really an issue for us since we only intend to use this contract via delegate call from the auction house proxy. In that context, owner is already set to be the DAO executor proxy contract.
Disputing the issue altogether.
Another reason, the contract can be redeployed with fix and with no loss.
Hence this issue is invalid.
MohammedRizwan
high
OwnableUpgradeable
is not initialized inNounsAuctionHousePreV2Migrations.sol
Summary
OwnableUpgradeable
is not initialized inNounsAuctionHousePreV2Migrations.sol
Vulnerability Detail
NounsAuctionHousePreV2Migration.sol
is a contract for storage migration between V1 and V2 versions. It hasmigrate()
function to acheive the purpose of storage migration and it can only be accessed by owner of contract.To be noted,
NounsAuctionHousePreV2Migrations.sol
has used openzeppelin'sOwnableUpgradeable
for owner access functionality in contract.The issue here is that, the contract has not initialized the owner which must be done as inherited from
OwnableUpgradeable
.Openzeppeline's
OwnableUpgradeable
specifically states to initialize below function in order to get theonlyOwner
modifier functionality in contracts inheriting it.Therefore, in current implementation it can be seen
__Ownable_init()
is not initlialized therefore the contract is ownerless sinceOwnableUpgradeable
sets the deployer of contract as owner if it initialize the__Ownable_init()
.migrate()
has made use ofonlyOwner()
modifier and it can not be called by contract deployer due to the owner address by default would be zero address. The function will create permanent deniel of service and will always revert if some other account calls it.This breaks the core functionality of
NounsAuctionHousePreV2Migrations.sol
which is supposed to callmigrate()
by contract owner and contract deployer can't access it.Impact
The uninitlized
__Ownable_init()
ofOwnableUpgradeable
inNounsAuctionHousePreV2Migrations.sol
will make_owner
address by default to zero address, Thereforemigrate()
function can not be called and it would break the core functionlity of contract. This will makemigrate()
unusable and the contract can not acheive its true purpose and in worst case it will result in redeployment of contract.Code Snippet
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHousePreV2Migration.sol#L55
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHousePreV2Migration.sol#L26
Tool used
Manual Review
Recommendation
Initialize the
__Ownable_init()
in contract to make use ofonlyOwner()
functionality in contract so thatmigrate()
can be accessed by contract deployer i.e owner without any issues.