-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redundant sender checks in CustomProxyAdmin.changeImplementation function #109
Comments
I disagree with this issue. Verifying only |
I understand that |
I see your point, but I still believe keeping the Thoughts? |
make sense to keep |
Yes that seems reasonable. I understand what you're saying now, thanks. |
In
CustomProxyAdmin.sol
, thechangeImplementation
function contains redundant sender checks:Since
bootstrapper
is intended to be the address of the proxy, checking bothmsg.sender != bootstrapper
andmsg.sender != address(proxy)
is redundant. Verifyingmsg.sender == address(proxy)
should suffice to prevent unauthorized upgrades.This issue was identified in PR #102, see comment.
cc: @adu-web3
The text was updated successfully, but these errors were encountered: