Unstructured HomeFi Proxy Storage Collision. #9
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
invalid
This doesn't seem right
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
code423n4
added
2 (Med Risk)
This was referenced Aug 6, 2022
Closed
Open
|
in the case of audius the proxy was not using unstructured storage |
zgorizzo69
added
disagree with severity
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/AudiusProject/audius-protocol/blob/6e853cc6b62e2730940bcdf9b6e345d93c71b09b/eth-contracts/contracts/AudiusAdminUpgradeabilityProxy.sol#L14
Vulnerability details
The ProxyAdmin Variable does not store on Random Storage Slot. This Causes Storage Collision between Proxy and Implementation contract.
https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies#unstructured-storage-proxies
Impact
Creates Storage Collision on Proxy and Impl contra
Recommended Mitigation Steps
Assign Random storage slot to ProxyAdmin Variable. Refer to https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies#unstructured-storage-proxies
The text was updated successfully, but these errors were encountered: