onlyProxy MODIFIER CAN BE BYPASSED BY A MALICIOUS PROXY CONTRACT AND CAN PUSH THE IMPLEMENTATION CONTRACT INTO AN UNDESIRABLE STATE

Lines of code Vulnerability details Impact The Upgradeable.onlyProxy modifier is used to ensure that a function can only be called by the proxy and can not be directly called in the Upgradeable.sol contract. The onlyProxy modifier implementation is as follows: modifier onlyProxy // Prevent setup...

Anyone Can selfdestruct The VaultProxy Contract.

Lines of code Vulnerability details Vulnerability Details -Since the initialise function is missing initializer modifier as it's inteded to be not protected as per ETHx smart contract functions documentation , And Since VaultFactory contract doesn't initialize the VaultProxy upon its initializati...

Authorization Bypass

OpenZeppelin Contracts is vulnerable to authentication bypass. The vulnerability exists because initializer modifier is not properly handled which allows an attacker to cause reentrancy by executing an external call to an untrusted address...

Update initializer modifier to prevent reentrancy during initialization

Lines of code Vulnerability details Impact The solution uses: "@openzeppelin/contracts": "^4.0.0", "@openzeppelin/contracts-upgradeable": "^4.3.2", These dependencies have a known high severity vulnerability: Which makes these contracts vulnerable: contracts/helpers/CryptoPunksHelper.sol: 19:...