Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Square Cinnamon Wolverine - Non-upgradeable Pausable in UUPS contracts may cause issues #729

Open
sherlock-admin2 opened this issue Dec 5, 2024 · 0 comments
Open

Square Cinnamon Wolverine - Non-upgradeable Pausable in UUPS contracts may cause issues #729

sherlock-admin2 opened this issue Dec 5, 2024 · 0 comments

Comments

@sherlock-admin2
Copy link
Contributor

Square Cinnamon Wolverine

Medium

Non-upgradeable Pausable in UUPS contracts may cause issues

Summary

The use of Pausable rather than UpgradeablePausable in an upgradeable contract system has been reported as a valid bug in the audits of the other contract (Ethos Network Social Contracts). Here is the report of the findings: sherlock-audit/2024-10-ethos-network-judging#145

This same bug is also noticeable in this contract

Root Cause

https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L36

https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/utils/AccessControl.sol#L15

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

Replace Pausable with UpgradeablePausable in all upgradeable contracts within the system.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin2