Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

STORAGE COLLISION BETWEEN PROXY AND IMPLEMENTATION

akriosss

Summary

LACK EIP 1967

Vulnerability Details

Storage collision because of lack of EIP1967 could cause conflicts and override sensible variables.
This vulnerability refers to the potential for storage collision between the Proxy contract and its Implementation contract. In the provided code, the Proxy contract uses the first storage slot to store the address of the Implementation contract. If the Implementation contract also uses its first storage slot for storage, it could overwrite the address of the Implementation contract in the Proxy contract, leading to unexpected behavior. This vulnerability could be mitigated by following EIP 1967, which recommends storing the address of the Implementation contract at a specific storage slot to avoid potential collisions.

Tools Used

Manual,Audit Wizard

Recommendations

Consider using EIP1967

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.