Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium

`Distributor` is missing a storage `__gap` variable

madalad

Summary

The Distributor contract is missing a storage gap variable, which affects its upgradeability and makes future storage collisions much more likely.

Vulnerability Details

Distributor is an implementation contract, meaning that it is intended to be upgraded in the future. When performing such an upgrade, it is important to avoid storage collisions when adding/removing state variables, as they can cause severe and unexpected consequences such as loss of funds.

Storage gap variables allow state variables to be added/removed freely in future versions without causing storage collisions. See here for more information on storage gaps, and here for a more detailed description on storage collisions.

Impact

Potential storage collisions in future versions can cause significant and irreversible damage to the protocol.

Tools Used

Manual review

Recommendations

Add a storage gap variable to Distributor:

/**
* @title Distributor contract
* @notice General ERC20 stable coin tokens, e.g. JPYC, USDC, USDT, DAI, etc, are suppsoed to be used in SPARKN.
* @notice This contract is used as the implementation of proxy contracts to distribute ERC20 token(e.g. JPYC) to winners
* @dev The main logic of prize token distribution sits in this contract waiting to be called by factory contract
* @dev Although the contract is immutable after deployment, If we want to upgrade the implementation contract
* we can deploy a new one and change the implementation address of proxy contract.
*/
contract Distributor {
// contract code
+ uint256[50] __gap;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!