Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-08-MIMO-FINDINGS-ISSUES-175
HistoryAug 07, 2022 - 12:00 a.m.

Overwriting storage slots in MIMOProxy

2022-08-0700:00:00
Code4rena
github.com
6
JSON

Lines of code
<https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxy.sol#L19&gt;

Vulnerability details

Impact

The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with storage layout with collision then storage slots can be rewritten. For example, the owner of the contract can be overwritten, which means the loss of access to the contract.

See <https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies&gt;

Recommended Mitigation Steps

Use non-standard storage keys for storing data in a proxy contract.

<https://twitter.com/peckshield/status/1551053190904238080?s=20&gt;

The text was updated successfully, but these errors were encountered:

All reactions

JSON