Proxy vulnerabilities

From WEB3 Vulnerapedia
Jump to navigation Jump to search

How Proxies work?

Proxies in smart contracts are used to solve the problem of having immutable contracts through upgradeability. This upgradeable proxy pattern introduces scalability but also brings in more complexity and security concerns.

Before understanding this it's recommended to understand how smart contract proxies and calls and delegateCalls work. As the way proxies work can be summarized by preserving the storage state of original contract while changing the implementation logic through DELEGATECALL, making proxies work as a gateway between users and smart contract logic since users interact with the proxy which in turn interacts with the specified logic contract.

Proxies uses an initialize() function which are added to implementation contracts to only be called once.

Vulnerabilities

Frontrunning Initialization

Proxy Function Clashing

Proxy Storage Collision

Unable To Upgrade

Uninitialized Proxy

Retrieved from "https://wiki.r.security/w/index.php?title=Proxy_vulnerabilities&oldid=1275"