Direct Implementation Deployment Instead of Proxy in Borrow Offer Creation

Summary

In DBOImplementation (borrow offer) is deployed directly instead of using a proxy. This approach bypasses the intended proxy architecture and results in the creation of an independent instance of DBOImplementation even though the DebitaProxyContract is imported.

Root Cause

While creating a new borrow offer, the code instantiates DBOImplementation directly:

DBOImplementation borrowOffer = new DBOImplementation();

This direct instantiation ignores the proxy pattern, which would have allowed for upgradeability by pointing to a logic contract through a proxy. The correct deployment approach, as shown in other sections of the contract (e.g., the lending offer creation), should involve wrapping the implementation in a proxy.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

Instantiating a proxy with the address of DBOImplementation as the logic contract.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

013.md

013.md

Direct Implementation Deployment Instead of Proxy in Borrow Offer Creation

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

013.md

Latest commit

History

013.md

File metadata and controls

Direct Implementation Deployment Instead of Proxy in Borrow Offer Creation

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation