Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Storage Slot Collision

KimSeokJin

[M-2] Potential Storage Slot Collision
Description:
The ORIGINAL variable is stored in a private immutable slot, but there is no explicit comment or documentation ensuring this storage slot doesn't collide with other contracts that might inherit from NoDelegateCall.

Impact:
Inheriting contracts could inadvertently overwrite the ORIGINAL variable if they use the same storage slot, leading to unintended behavior.

Proof of Concept:
Deploy a contract inheriting NoDelegateCall and another contract that also uses a private immutable variable in the same storage slot.

Recommended Mitigation:
Document the storage slot usage and ensure derived contracts use distinct storage slots.

Mitigation Code:
Add documentation to inform developers about the storage slot usage:

/// @title NoDelegateCall
/// @notice This contract implements logic to prevent delegate calls. The ORIGINAL variable is stored at a specific slot.
/// @dev Ensure that derived contracts do not use the same storage slot for other variables.
abstract contract NoDelegateCall {
/// @dev The address of the original contract that was deployed.
+ /// Storage slot for ORIGINAL: first slot in contract storage
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.