4 matches found
When a user is given the owner privilege of multiple MIMOProxy through transferOwnership, the user cannot choose which MIMOProxy to use as the current Proxy
Lines of code Vulnerability details Impact currentProxies is only set when the user calls the deployFor function of the MIMOProxyRegistry contract, function deployForaddress owner public override returns IMIMOProxy proxy IMIMOProxy currentProxy = currentProxiesowner; // Do not deploy if the proxy...
If a MIMOProxy owner destroys their proxy, they cannot deploy another from the same address
Lines of code Vulnerability details When deploying a new MIMOProxy, the MIMOProxyRegistry first checks whether a proxy exists with the same owner for the given address. If an existing proxy is found, the deployment reverts: MIMOProxyRegistrydeployFor function deployForaddress owner public overrid...
The lazy update of _currentProxies results in non-owners being able to execute functions that require owner privileges
Lines of code Vulnerability details Impact In the MIMOProxyRegistry contract, the getCurrentProxy function returns the address of the mimoProxy contract corresponding to the owner's address in currentProxies. function getCurrentProxyaddress owner external view override returns IMIMOProxy proxy...
Registry not updated when proxy ownership is transferred
Lines of code Vulnerability details Impact When the ownership of a MIMOProxy instance is transferred using the transferOwnership function, the MIMOProxyRegistry contract is not updated, although it is the main entry point of all the workflows, as described in the README.md file. Even after the...