TransparentUpgradeableProxy: is there any risk in omitting admin check from `receive` function?

Hi, we're trying to use TransparentUpgradeableProxy but having issue from the msg.sender != admin check in receive() function. The high gas cost of sload op in admin() leads our contracts to fail due to 2300 gas limit when eths are transfered from other contracts which we do not have control of.

A possible solution we're considering is to use a modified version of TransparentUpgradeableProxy with the msg.sender != admin check removed from the receive function.
Using UUPS is not an option since we would need to migrate all our codebase to Solidity 0.8.x from the current 0.6.x codebase and we're a very small team with time constraints.

So our question is, given that the admin will only interact with the contract for upgrades, and never send calls to other functions, would there be any risk or other consequences from this modification?

Ye Park

:1234: Code to reproduce

:computer: Environment

This check is related to the possible attack described in this article:

The main mitigation against this attack is the ifAdmin modifier. The check in the receive function that you mention is not strictly needed as a mitigation, but it results in a more complete implementation of the concept that the admin has a different view of the proxy than everybody else.

Rather than removing this check, I would consider taking the UUPS contracts and porting them to Solidity 0.6.

1 Like