Lines of code
<https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L88>
The owner of the contract can broke the storage of the LooksRareAggregator contract
The addFunction() function - <https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/LooksRareAggregator.sol#L132> can be called by the owner to to set proxy address and function selector for the function to be called inside this proxy. This function is dangerous because LooksRareAggregator performs delegatecall - <https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L88> to that address. It is not guaranteed that those new proxies wonβt rewrite slots in the LooksRareAggregator storage.
Consider following well-known patterns for proxies management.
The text was updated successfully, but these errors were encountered:
All reactions