upgradeExistingContract will fail to register the new address when newName == oldName. #315
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-742
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/ProtocolDAO.sol#L209-L217
Vulnerability details
Impact
Detailed description of the impact of this finding.
when the new name of the contract is the same as the old name of a contract (which is necessary to move funding from old contracts to upgraded ones), the function
upgradeExistingContract()
will fail to register the new address of the contract and in particular,getContractAddress(newName)
will return zero after the upgrade. The whole system will not work after that since modifiersguardianOrSpecificRegisteredContract()
andonlySpecificRegisteredContract()
will always revert for this contract.Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/ProtocolDAO.sol#L209-L217
The main problem of
upgradeExistingContract()
is that it performsregisterContract()
first and then performsunregisterContract()
. The order should be reversed. Because of this, the following statement ofregisterContract()
is overwritten by the following statement of
unregisteredContract()
:as a result, the registration of the address of the contract under the name is lost when oldName == newName.
Moreover,
getContractAddress(newName)
will return zero after the upgrade. The whole system might fail after that.Tools Used
Remix
Recommended Mitigation Steps
The fix is simple, just exchange the order of
registerContract()
andunregisterContract()
in functionupgradeExistingContract()
:The text was updated successfully, but these errors were encountered: