Teeny Foggy Gecko
Medium
.s.sol files are scripts we are going to use as part of the deployment and upgrade on mainnet, so they are in scope in case there are any issues there was sent in the discord channel by one of the sponsors so these vulnerabilities are in scope. Will be marked as medium only because of the sponsor's statement even if it can very easily be mitigated.
DeployAuctionHouseV3StreamEscrowBase.s.sol :: runInternal() is used to deploy the new version of the protocol that supports the StreamEscrow functionalities.
The issue is that the smart contract NounsAuctionHouseV3 is deployed as a normal smart contract and NOT as an upgradeable smart contract like NounsAuctionHouseV2 is.
The easiest way to solve the problem is to look at nouns-monorepo/packages/nouns-contracts/test/foundry/helpers/DeployUtils.sol :: _deployAuctionHouseAndToken() and to copy the correct way of deploying NounsAuctionHouseV3 as an upgradeable smart contract that will execute NounsAuctionHouseV3 :: initialize() too and all the other functions that will set the correct state of the protoocl in a atomically way.
No response
No response
No response
No response
No response
There is no need for a coded PoC for this issue.
No response