Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix TransparentUpgradeableProxy's transparency #4154

Merged

Conversation

Amxx
Copy link
Collaborator

@Amxx Amxx commented Apr 3, 2023

The TransparentUpgradeableProxy uses the ifAdmin modifier to achieve transparency. If a non-admin address calls the proxy the call should be frowarded transparently. This works well in most cases, but the forwarding of some functions can fail if there is a selector conflict and decoding issue.

Lets consider the upgradeTo(address) function. The associated function selector is 0x16a27ecd.

If the implementation ever includes another function signature that happens to:

  • not have any argument
  • use the same function selector

Then calling this function would not be possible. Any call would match upgradeTo(address) on the proxy, and before the ifAdmin proxy has any chance to redirect the call, the abi decoder would fail to retrieve the expected address.

This could be used by malicious a developer to block access to functions that is correctly implemented.

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@changeset-bot
Copy link

changeset-bot bot commented Apr 3, 2023

🦋 Changeset detected

Latest commit: b082da8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
openzeppelin-solidity Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@frangio frangio requested a review from ernestognw April 4, 2023 16:16
Copy link
Contributor

@frangio frangio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix looks good to me but all of the checks are failing.

contracts/interfaces/IERC1967.sol Outdated Show resolved Hide resolved
contracts/interfaces/IERC1967.sol Show resolved Hide resolved
.changeset/thirty-shrimps-mix.md Outdated Show resolved Hide resolved
ernestognw
ernestognw previously approved these changes Apr 4, 2023
Copy link
Member

@ernestognw ernestognw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a minor comment

frangio and others added 2 commits April 4, 2023 23:12
Co-authored-by: Ernesto García <ernestognw@gmail.com>
Co-authored-by: Francisco <fg@frang.io>
@Amxx Amxx marked this pull request as ready for review April 5, 2023 14:56
@Amxx Amxx merged commit 5523c14 into OpenZeppelin:master Apr 5, 2023
@Amxx Amxx deleted the fix/TransparentUpgradeableProxy/ifAdmin branch April 5, 2023 14:57
frangio pushed a commit that referenced this pull request Apr 5, 2023
Co-authored-by: Francisco <fg@frang.io>
Co-authored-by: Ernesto García <ernestognw@gmail.com>
(cherry picked from commit 5523c14)
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.9._
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not correct since it's released as part of v4.8.3. Will open a PR @Amxx.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI #4183

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants