ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`Starklane` Can't Be Upgraded To Add Or Remove Variable

jesjupyter

Summary

The Starklane contract, which is designed to be upgradeable through the UUPSOwnableProxied mechanism, currently lacks the necessary storage gaps in its implementation and parent contracts. Without these storage gaps or a namespace storage layout, any future upgrades that attempt to add or remove state variables could lead to storage collisions, resulting in unexpected behavior and potentially severe security vulnerabilities.

Vulnerability Details

The Starklane contract is defined as follows:

contract Starklane is IStarklaneEvent, UUPSOwnableProxied, StarklaneState, StarklaneEscrow, StarklaneMessaging, CollectionManager {

...

}

...

contract UUPSOwnableProxied is Ownable, UUPSUpgradeable {

...

}

It inherits from multiple parent contracts, including UUPSOwnableProxied, which is designed for upgradeability.

However, neither the Starklane contract nor most of its parent contracts have reserved any storage gaps or namespace storage layout. The mixed usage of non-upgradeable and upgradeable contracts fails to allow for safe addition or removal of state variables in future upgrades.

Without these gaps, the storage layout is fixed, meaning that any changes to the state variables could overwrite existing data, leading to storage collisions.

Impact

The lack of storage gaps in the Starklane contract and its parent contracts significantly limits the ability to safely upgrade the contract. This oversight could lead to storage collisions, which may result in unexpected behavior, security vulnerabilities, and potential loss of funds. Given that Starklane is a bridge contract, the potential impact of such an issue is high.

Tools Used

Manual

Recommendations

Introduce storage gaps in Starklane and its parent contracts to allow for future upgrades without risking storage collisions.
Use a namespaced storage layout to ensure that new variables do not overlap with existing ones.

Note

The lightchaser has found a Upgradable contracts should have a __gap variable only for UUPSOwnableProxied which is clearly insufficient, fix the UUPSOwnableProxied will not/never solve the issue. The issue posed here is the incorrect mixture of non-upgradeable and upgradeable contracts fails to allow for safe addition or removal of state variables in future upgrades. ``

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

invalid-upgradeable-storage-gap-known-issue

Known issue: Lightchaser

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!