MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing `__gap[50]` storage variable in Upgradeable contracts

slvdev

Summary

In the context of upgradeable contracts, ensuring forward compatibility between different contract versions is a critical concern. One key strategy for ensuring this compatibility is the use of a __gap storage variable.

The __gap variable acts as a reserved space in the contract's storage layout. This space can then be utilized for adding new state variables in future contract upgrades, while maintaining the original storage layout of the contract.

Without the __gap storage variable, adding new state variables in a contract upgrade can risk overwriting the existing contract storage, potentially leading to unpredictable behavior or data loss.

Therefore, if your contract is designed to be upgradeable, it's crucial to include a __gap storage variable. The absence of this variable in an upgradeable contract can signify a potential risk for future upgrades.

Vulnerability Details

File: contracts/Distribution.sol
14: contract Distribution is IDistribution, OwnableUpgradeable, UUPSUpgradeable {
File: contracts/L1Sender.sol
15: contract L1Sender is IL1Sender, ERC165, OwnableUpgradeable, UUPSUpgradeable {
File: contracts/L2MessageReceiver.sol
9: contract L2MessageReceiver is IL2MessageReceiver, OwnableUpgradeable, UUPSUpgradeable {
File: contracts/L2TokenReceiver.sol
12: contract L2TokenReceiver is IL2TokenReceiver, OwnableUpgradeable, UUPSUpgradeable {
Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.