9 matches found
Proxy's logic contract relies on code in the constructor
Lines of code 122, 50, 25, 67, 98, 67, 22 Vulnerability details Impact Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract's constructor - only its initializer. Move all code in the constructor to the initializer function. File:...
Hash Collisions and Front-Running Risk
Lines of code Vulnerability details Salt Value in Proxy Deployment: The contract uses a salt value of 0 during the deployment of proxy delegator contracts. This introduces a significant security concern related to potential hash collisions. If multiple delegators attempt to deploy to the same...
people can steal others voting power by creating mlicous proxy contracts
Lines of code Vulnerability details Impact bad actor can control over the other peoples voting power in delegate proxy contracts. lets start from delegateMulti when somebody calls it it leads to delegateMulti and it calls processDelegationsource, target, amount; in the process of loop. if you loo...
Unprotected initialize functions can front-run by MEV or by an Attacker
Lines of code Vulnerability details Vulnerability Detail It should be avoided that the implementation of proxy contracts can be initialized by third parties. This can be the case if the initialize function is unprotected. Since the implementation contract is not meant to be used directly without ...
State varaible marketplace has never been initialized in LooksRareProxy.sol
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. State varaible marketplace has never been initialized in LooksRareProxy.sol. Although it has been initialized in the constructor, it won't count since functions such as execute will only be called via...
Uninitializing Bridge Contracts' State Variables
Lines of code Vulnerability details Vulnerability Details The L1ERC20Bridge and L1EthBridge are implementation contracts that would be delegatecalled by their corresponding proxy contracts. In other words, all state variables and assets would be stored in the proxy contracts. In contrast, the...
Proxy storage collision - contracts might be bricked
Lines of code Vulnerability details The proxy contracts save the implementation variables in the first storage slot see links above. This will lead to storage collusions when the implementation contract tries to read/update the first storage slot. For the implementation contract, the first storag...
Improper Validation Of create2 Return Value
Handle leastwood Vulnerability details Impact The BeaconProxyDeployer.deploy function is used to deploy lightweight proxy contracts that act as each asset's vault. The function does not revert properly if there is a failed contract deployment or revert from the create2 opcode as it does not...
Data Corruption
vyper causes data corruption. Incorrect data handling allows an attacker to cause a data corruption via certain Web3 libraries with Vyper-deploy forwarder proxy contracts using Vyper's built-in createforwarderto function...