Error in modifier ifAdmin (using older versions of Openzeppelin Upgradable Contracts), affected by possible collision of function signature #243
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-c
low quality report
This report is of especially low quality
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2023-09-ondo/blob/main/contracts/external/openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#L48
Vulnerability details
In the PR of TransparentUpgradeableProxy (OpenZeppelin/openzeppelin-contracts#4154)
it's indicated that the ifAdmin modifier should not be used because if the implementation contract has a same function selector it can block it (Denial of service).
Proof of Concept
In a future implementation of rUSDY the developer would mistakenly create the function upgradeTo(address) or some function name that would return the same function signature 0x3659cfe6 (such as upgradeTo_790AA3D()) would fail because it would execute the proxy function where the user does not have permissions.
Attached is the test code where the new implementation uses upgradeTo_790AA3D() and calling the function gives error.
https://gist.github.com/Thaddeus19/8d8d3c1a313eb5fedb801db0816bdcaa
https://ipfs.moralis.io:2053/ipfs/QmQ9djbE6o4w7TwRdHkYkRSCK1XjyEiqgPVD5cwpJZwKYg/BugUpgrade.png
Tools Used
Manual Code Review
Recommended Mitigation Steps
Upgrade to the latest version of Openzeppelin contracts (v4.9.0 at the time of the report).
Assessed type
Other
The text was updated successfully, but these errors were encountered: