Biconomy: Nexus

Biconomy

HardhatFoundry

30,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision

cholakovv

Summary

Storage of Nexus contract might be corrupted during an upgrade.

Vulnerability Details

The Nexus contract is intended to be upgradable, but do not have a __gap variable. This would become problematic if a subsequent version was to inherit one of these contracts. If the derived version were to have storage variables itself and additional storage variables were subsequently added to the inherited contract, a storage collision would occur.

Refer to this article:/upgrades https://docs.openzeppelin.com/upgrades-plugins/1.x/writing-upgradeable#storage-gaps

Impact

Storage of Nexus might be corrupted during upgrading.

Tools Used

Manual review

Recommendations

Consider defining an appropriate storage gap at the end of the contract as follows:

uint256[50] __gap; // gap to reserve storage in the contract for future variable additions

Updates

Lead Judging Commences

0xnevi Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

finding-storage-gap

Invalid [known issue [Low-11]](https://github.com/Cyfrin/2024-07-biconomy/issues/1)

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,433

21 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.