Open sherlock-admin4 opened 2 months ago
Escalate
This issue is not a duplicate of #272. This is a valid medium issue uncovering the inability of TitlesGraph
contract upgrade.
Possible duplicates are #87 #142 #170 #180 #209 #281 #319 #342
Escalate
This issue is not a duplicate of #272. This is a valid medium issue uncovering the inability of
TitlesGraph
contract upgrade.Possible duplicates are #87 #142 #170 #180 #209 #281 #319 #342
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with escalation. Also documented the issue in #170 which has been incorrectly duped as #272 too
Responded in #272.
Borderline low/medium. Tending towards low because in earlier contest issues like this were considered low.
Responded in #272.
Borderline low/medium. Tending towards low because in earlier contest issues like this were considered low.
I think you are confusing this issue with #281, which is an entirely different problem. There are at least 3 different issues being grouped here, see https://github.com/sherlock-audit/2024-04-titles-judging/issues/272#issuecomment-2113628980
Responded in #272.
Borderline low/medium. Tending towards low because in earlier contest issues like this were considered low.
Medium due to rules (https://docs.sherlock.xyz/audits/judging/judging#v.-how-to-identify-a-medium-issue): Breaks core contract functionality.
Agree with the escalation, planning to accept it and make a new issue family of medium severity with the following duplicates:
Result: Medium Has Duplicates
The protocol team fixed this issue in the following PRs/commits: https://github.com/titlesnyc/wallflower-contract-v2/pull/1
The Lead Senior Watson signed off on the fix.
alexzoid
medium
Incompatibility of Upgradeability Pattern in TitlesGraph Contract
Summary
The
TitlesGraph
contract is designed to be upgradeable, utilizing theUUPSUpgradeable
pattern. However, it's instantiated via a constructor in theTitlesCore
contract setup.Vulnerability Detail
In the
TitlesCore
contract,TitlesGraph
is instantiated directly using a constructor rather than being set up as a proxy. This could lead to unexpected behavior when attempting to upgrade the contract, as the proxy would not have access to the initialized state variables or might interact incorrectly with uninitialized storage.Impact
Inability to leverage the upgradeability.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/TitlesCore.sol#L44-L49
Tool used
Manual Review
Recommendation
Deploy the
TitlesGraph
contract without initializing state in the constructor. Deploy a proxy that points to the deployedTitlesGraph
implementation. Correct approach using a proxy pattern for upgradeable contracts: