The UUPS proxie standard is implemented incorrectly, making the protocol not upgradeable
Summary
SolConnector.sol contracts inherit OappUpgrrdeble and it inherits UUPSUpgradeable contract from Openzepelin, indicating that the devs of the protocol want to have the possibility of upgrading the above mentioned contracts at some point in the future.
the contracts also implement the OwnableUpgradeable contract, and the _authorizeUpgrade() function in both contracts has the onlyOwner modifer. This function is used to check whether the person who tries to update the implementation contract in the Proxy has the required access.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Contracts that are expected to be upgradable, can't be upgraded due to missing functionality
PoC
No response
Mitigation
Implement a call to the upgradeToAndCall() function
Bent Eggshell Sidewinder
High
The UUPS proxie standard is implemented incorrectly, making the protocol not upgradeable
Summary
SolConnector.sol contracts inherit OappUpgrrdeble and it inherits UUPSUpgradeable contract from Openzepelin, indicating that the devs of the protocol want to have the possibility of upgrading the above mentioned contracts at some point in the future.
the contracts also implement the OwnableUpgradeable contract, and the _authorizeUpgrade() function in both contracts has the onlyOwner modifer. This function is used to check whether the person who tries to update the implementation contract in the Proxy has the required access.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Contracts that are expected to be upgradable, can't be upgraded due to missing functionality
PoC
No response
Mitigation
Implement a call to the upgradeToAndCall() function