๐ขTutorial 41: Multiple Token Addresses in Proxied Tokens
In decentralized finance (DeFi) systems, tokens are often deployed using proxy patterns to enable upgrades without changing the tokenโs address. However, a common vulnerability arises when proxied tokens have multiple addresses. Contracts interacting with these tokens, particularly when handling transfers or safeguarding funds, may incorrectly assume that each token is associated with a single address. This can lead to critical security flaws.
One such vulnerability occurs in the context of rescue functions, which are designed to recover tokens mistakenly sent to the contract. If the rescue function assumes a single address per token, proxied tokens with multiple addresses could be incorrectly rescued or drained. This creates an attack vector where the contract owner, under the guise of rescuing tokens, could potentially steal all funds in the pool.
In this section, we will explore how vulnerabilities related to multiple token addresses can arise in proxied tokens and examine the security risks they pose in DeFi protocols.
Last updated