The Logic of the Contract's Variable Declaration Order and Type should always be maintained
Summary
Maintaining the order and type of state variables is crucial for ensuring the compatibility and integrity of the storage layout across different contract versions. The protocol fails to do it.
Vulnerability Details
ThunderLoan.sol :
while ThunderLoanUpgraded.sol has the following:
As we can see there will be a collision between the TunderLoan's s_feePrecision and s_flashLoanFee from ThunderLoanUpgraded.
Impact
Performing the upgrade will disrupt the functionality of the contract.
Tools Used
Manual review.
Recommendations
Ensure that s_flashLoanFee remains in slot 1 of the upgraded contract. Even if it's not that gas efficient, keep both the initial variables, in the way they were declared in the ThunderLoan contract and declare the constant at the end (this constan't doesn't affect storage anyway because it's baked directly into the bytecode of the contract when it is compiled)
In ThunderLoanUpgraded.sol
Lead Judging Commences
storage collision on upgrade
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.