You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
notDelegated modifier prevents AssetFactory::deploySwapAssets and AssetFactory::deployLv to be used
Summary
AssetFactory.sol is a UUPSUpgradeable implementation contract that should be used via an ERC-1967 proxy. However, the notDelegated modifier prevents the deploySwapAssets and deployLv functions to be called via the proxy.
Vulnerability Detail
The AssetFactory.sol contract implements OpenZeppelin's UUPS (Universal Upgradeable Proxy Standard). It serves as the implementation contract which should be called by an ERC-1967 proxy using delegatecall. The notDelegated modifier prevents the deploySwapAssets and deployLv functions to be called via the proxy, and thus makes core functionalities of the protocol unusable.
Impact
New swap assets (Depeg Swap and Cover Token) and new liquidity vault tokens cannot be deployed. This is a severe limitation to the functioning of the protocol.
sherlock-admin3
changed the title
Dandy Cider Urchin - notDelegated modifier prevents AssetFactory::deploySwapAssets and AssetFactory::deployLv to be used
MadSisyphus - notDelegated modifier prevents AssetFactory::deploySwapAssets and AssetFactory::deployLv to be used
Sep 25, 2024
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
MadSisyphus
Medium
notDelegated
modifier preventsAssetFactory::deploySwapAssets
andAssetFactory::deployLv
to be usedSummary
AssetFactory.sol
is a UUPSUpgradeable implementation contract that should be used via an ERC-1967 proxy. However, thenotDelegated
modifier prevents thedeploySwapAssets
anddeployLv
functions to be called via the proxy.Vulnerability Detail
The
AssetFactory.sol
contract implements OpenZeppelin's UUPS (Universal Upgradeable Proxy Standard). It serves as the implementation contract which should be called by an ERC-1967 proxy usingdelegatecall
. ThenotDelegated
modifier prevents thedeploySwapAssets
anddeployLv
functions to be called via the proxy, and thus makes core functionalities of the protocol unusable.Impact
New swap assets (Depeg Swap and Cover Token) and new liquidity vault tokens cannot be deployed. This is a severe limitation to the functioning of the protocol.
Code Snippet
https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/assets/AssetFactory.sol#L144
https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/assets/AssetFactory.sol#L179
Tool used
Manual Review
Recommendation
Remove the
notDelegated
modifiers fromAssetFactory::deploySwapAssets
andAssetFactory::deployLv
Duplicate of #185
The text was updated successfully, but these errors were encountered: