Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Hyperbeat Pay>Design>Component: ManagementAccountFactory
GeneralOverview
Findings
Critical (1)
Medium (3)
Low (7)
Informational (1)
Indeterminate (2)
DiscussionIncompatible with nonstandard ERC-20 tokensWithdrawal-fee bypass with dust amountsMissing token whitelist validation in ACTION_CUSTOM pathTest suite
DesignComponent: ManagementAccountComponent: ManagementAccountFactoryComponent: ServiceRegistryComponent: TokenWhitelistRegistryComponent: MorphoService
Audit ResultsAssessment Results

Component: ManagementAccountFactory

Description

The ManagementAccountFactory is an upgradable factory contract responsible for deploying ManagementAccount instances. It serves as the central configuration hub for the Hyperbeat Pay system, maintaining global parameters that all ManagementAccount instances reference. The factory deploys new accounts using a proxy pattern and enforces implementation whitelisting to ensure secure upgrades.

Invariants

Initialization safety

  • The factory can only be initialized once.

  • The constructor disables initializers to prevent initialization of the implementation contract.

Access control

  • Only IMPLEMENTATION_ADMIN_ROLE can modify configuration parameters, manage the implementation whitelist, and authorize factory upgrades.

  • The DEFAULT_ADMIN_ROLE can grant or revoke the IMPLEMENTATION_ADMIN_ROLE.

Implementation whitelist enforcement

  • Only whitelisted implementations can be set as the active implementation via setImplementation.

  • The currently active implementation cannot be removed from the whitelist.

Attack surface

  • Permissionless createAccount. The createAccount function lacks access control, allowing any external party to deploy an unlimited number of account instances for a specific owner (see Finding ref).

  • Configuration updates. Only IMPLEMENTATION_ADMIN_ROLE can update the configurations, preventing malicious external parties from modifying the global configurations.

  • Operator replacement. Only IMPLEMENTATION_ADMIN_ROLE can update the operator address, preventing malicious external parties from modifying the operator.

  • Factory upgrade. Only IMPLEMENTATION_ADMIN_ROLE can upgrade the factory, preventing malicious external parties from performing unauthorized upgrades.

Zellic © 2025Back to top ↑