You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
AssetFactory.sol proxy contract cannot be initialized
Summary
The notDelegated modifier in the initialize function in the AssetFactory.sol contract prevents the proxy contract from being initialized. This means that the contract can not be used as it was intended, i.e. as an upgradeable contract to be called via an EIP-1967 proxy.
Vulnerability Detail
The AssetFactory.sol contract implements OpenZeppelin's UUPS (Universal Upgradeable Proxy Standard). It serves as the implementation contract which should be called by an EIP-1967 proxy using delegatecall. This means that contract initialization should happen also via delegatecall and state changes should happen on the proxy contract's state. However, in the AssetFactory.sol contract this is impossible because of the notDelegated modifier.
Impact
The AssetFactory.sol smart contract is unusable, because it cannot be initialized. This prevents Depeg Swaps and Cover Tokens from being created, and since they are some of the most important pillars of the protocol, this makes the whole protocol unusable.
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
MadSisyphus
High
AssetFactory.sol
proxy contract cannot be initializedSummary
The
notDelegated
modifier in theinitialize
function in theAssetFactory.sol
contract prevents the proxy contract from being initialized. This means that the contract can not be used as it was intended, i.e. as an upgradeable contract to be called via an EIP-1967 proxy.Vulnerability Detail
The
AssetFactory.sol
contract implements OpenZeppelin's UUPS (Universal Upgradeable Proxy Standard). It serves as the implementation contract which should be called by an EIP-1967 proxy usingdelegatecall
. This means that contract initialization should happen also viadelegatecall
and state changes should happen on the proxy contract's state. However, in theAssetFactory.sol
contract this is impossible because of thenotDelegated
modifier.Impact
The
AssetFactory.sol
smart contract is unusable, because it cannot be initialized. This prevents Depeg Swaps and Cover Tokens from being created, and since they are some of the most important pillars of the protocol, this makes the whole protocol unusable.Code Snippet
https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/assets/AssetFactory.sol#L48
Tool used
Manual Review
Recommendation
Remove the
notDelegated
modifier from theinitalize
function to allow the proxy contract to be initialized.Duplicate of #185
The text was updated successfully, but these errors were encountered: