NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

Missing Storage Gap in Starklane Contract

Summary

The Starklane contract lacks a storage gap, which poses a risk of storage conflicts in future upgrades. This could lead to unintended overwriting of state variables, compromising the contract's integrity and functionality.

Vulnerability Details

The contract does not include a storage gap, which is necessary for upgradeable contracts to prevent storage layout conflicts when new state variables are added.

The end of the contract's state variable declarations does not have a reserved storage gap.

Impact

Without a storage gap:

Future upgrades that introduce new state variables may overwrite existing ones, leading to unpredictable behavior or loss of critical data.

The absence of a storage gap undermines the upgradeability and safety mechanisms, potentially causing operational disruptions.

Tools Used

manual review

Recommendations

Introduce a reserved storage gap at the end of the state variable declarations to safeguard against future upgrades.

contract Starklane is IStarklaneEvent, UUPSOwnableProxied, StarklaneState, StarklaneEscrow, StarklaneMessaging, CollectionManager {
// Existing state variables...
// Storage gap for future upgrades
uint256[50] private __gap;
// Contract logic...
}
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

invalid-upgradeable-storage-gap-known-issue

Known issue: Lightchaser

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.