Attacker can disable contract functionality #341
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-forgeries/blob/main/src/VRFNFTRandomDraw.sol#L75
Vulnerability details
Impact
Current setup of the protocol is vulnerable to a DoS attack. This can be achieved by anyone calling
initialize()
on the implementationVRFNFTRandomDraw
contract. With the implementation contract initialized the created clones cannot be re-initialized and hence theVRFNFTRandomDrawFactory
contractmakeNewDraw()
function always fails.Proof of Concept
This can be quickly verified with modifying one of the protocol tests:
Notice the test fails with "Initializable: contract is already initialized" when the sender tries to call
makeNewDraw()
.I imagine this can be resolved with some effort and the fact that the protocol is upgradeable but since the protocol is supposed to follow the Hyperstructure concept I'm assuming the plan is at some point to revoke ownership to become or get very close to being an unstoppable contract. After revoking ownership this would be a fatal attack vector. This is why I'm considering the issue as High.
Tools Used
Manual review
Recommended Mitigation Steps
There's a few ways to correct this. I believe a good approach with not too much effort is to only allow the factory to call
VRFNFTRandomDraw:initialize()
. This could be done by using deterministic contract addresses usingCREATE2
.The text was updated successfully, but these errors were encountered: