Proxy admin of DripsHub, AddressDriver, NFTDriver and ImmutableSplitsDriver can steal users' tokens by upgrading the contract

Lines of code Vulnerability details Impact Proxy admin of DripsHub, AddressDriver, NFTDriver and ImmutableSplitsDriver can perform different malicious actions through upgrading, all can lead to users' assets being stolen. Proof of Concept An upgradable proxy contract can be upgraded with arbitrar...

Deployer will deploy proxies that cannot be upgraded

Lines of code Vulnerability details Impact In contrast to the Test File, in which you're deploying the proxies directly, the setup from Deployer will keep the Proxy Admin to a zero value. Meaning nobody will be able to upgrade them after the deployment. See POC below to show that the admin slot i...

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, and highly scalable streaming...

[WP-H3] Proxy admin of the upgradeable proxy contracts can steal _borrowAsset and collateralAsset from the contracts and users' wallet

Lines of code Vulnerability details Both LenderPool and PooledCreditLine are upgradeable contract that holds users' allowances, and in certain periods, LendingPool will be holding users' funds. Use of Upgradeable Proxy Contract Structure allows the logic of the contract to be arbitrarily changed...

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

Lines of code Vulnerability details The contest explicitly asks to analyze the contract for "Rug Vectors", so that is what this issue is about. note to reviewers This issue list maybe 7 different problems and recommends different fixes. I could have made seven separate issues for each, but it wou...