Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of Storage Gap in Upgradeable Contract TradingAccountBranchTestnet.sol

heim

Summary

This report details the absence of a __gap variable in the TradingAccountBranchTestnet contract, which is crucial for maintaining storage compatibility during upgrades. The lack of this variable poses risks to the integrity and functionality of the contract, especially in scenarios involving future upgrades or modifications.

Vulnerability Details

Description

The TradingAccountBranchTestnet contract, an upgradeable smart contract, lacks a __gap variable. This variable serves as a placeholder for future state variables, ensuring that adding new state variables does not disrupt the storage layout compatibility with existing deployments. Without this variable, any addition of new state variables could lead to a shift in the storage layout, rendering the contract incompatible with its upgraded versions.

Technical Analysis

In Solidity, the order and layout of state variables within a contract are significant due to how Ethereum stores contract data on the blockchain. When a contract inherits from another, the storage layout of the parent contract dictates the layout of the child contract. Adding new state variables can alter this layout, causing issues with contract interactions and potentially leading to bugs or vulnerabilities.

The __gap variable acts as a buffer zone, allowing for the addition of new state variables without affecting the overall storage layout. Its presence ensures that the total storage cost remains constant across upgrades, preventing layout shifts that could break contract functionality.

Impact

The absence of a __gap variable in the TradingAccountBranchTestnet contract:

Breaks Storage Compatibility: Future upgrades or modifications to the contract could inadvertently change the storage layout, leading to compatibility issues between different versions of the contract.
Increases Risk of Bugs: Changes in the storage layout can introduce subtle bugs or vulnerabilities, such as unexpected behavior in functions or incorrect data handling.
Limits Contract Flexibility: Without the ability to safely add new state variables, the contract becomes less flexible and harder to maintain over time.

Tools Used

Manual review

Recommendations

Implement a __gap Variable: Add a __gap variable at the end of the contract to reserve space for future state variables. This will ensure that adding new state variables in the future does not compromise storage compatibility.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.