Lines of code
<https://github.com/code-423n4/2022-08-mimo/blob/9adf46f2efc61898247c719f2f948b41d5d62bbe/contracts/proxy/MIMOProxy.sol#L82>
While there is a check that owner is not changed in a delegatecall, such a check is missing for minGasReserve, which means that the variable can be changed (either maliciously or accidentally because of a storage slot collision). The consequences of this are severe. If the variable is set to a high value, the proxy becomes useless, as execute is no longer callable (or only with a very high gas limit) because of an underflow in the stipend calculation.
Bob, the owner of a proxy performs a delegatecall via execute to a contract that the trusts. However, this contract happens to have a variable at storage slot 2 that is set to 1,0000,000. Therefore, Bob’s proxy is unusable after the execute call.
Mark the variable as immutable, as it is unchangeable anyways.
The text was updated successfully, but these errors were encountered:
👍 1 horsefacts reacted with thumbs up emoji
All reactions