Corruptible upgradeable pattern in Bridge.sol due to inheriting from a contract that contain storage and no gap
Summary
Storage of Bridge might be corrupted during an upgrade.
Vulnerability Details
Below's the inheritance of the Bridge contract.
The Bridge contract is meant to be upgradeable. However, it inherits UUPSOwnableProxied, a contract that is not upgradeable-safe.
There is no gap storage implemented on the UUPSOwnableProxied contract. Hence, adding new storage variable to this contract can potentially overwrite the beginning of the storage layout of the Bridge contract. Leading to critical misbehavior of the protocol.
Impact
Storage of the Bridge contract might be corrupted during upgrading, thus causing the bridge to broken and tokens to be stuck.
Tools Used
Manual review.
Recommendations
Consider defining an appropriate storage gap in the UUPSOwnableProxied contract at the end of the storage variable definition. Here's an example:
Lead Judging Commences
invalid-upgradeable-storage-gap-known-issue
Known issue: Lightchaser
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.