Submission Details
Severity:
Storage location suggested by EIP 7201 not used
Summary
The file Referraland CustomReferraldoesn't use storage location suggested by EIP 7201 and hence they are not eip compliant.
Vulnerability Details
Quoting from eip 7201, the rationale for selecting storage location is:
https://eips.ethereum.org/EIPS/eip-7201
A requirement for the root is that it shouldn’t overlap with any storage
location that would be part of the standard storage tree used by Solidity and
Vyper (root = 0), nor should it be part of the storage tree derived from any other
namespace (another root). This is so that multiple namespaces may be used alongside each
other and alongside the standard storage layout, either deliberately or accidentally,
without colliding. The term keccak256(id) - 1 in the formula is chosen as a location
that is unused by Solidity, but this is not used as the final location because namespaces
can be larger than 1 slot and would extend into keccak256(id) + n, which is potentially used
by Solidity. A second hash is added to prevent this and guarantee that namespaces are completely
disjoint from standard storage, assuming keccak256 collision resistance and that arrays are not
unreasonably large.
However, in Referraland CustomReferraldoesn't adhere to location mentioned in the eip.
Impact
Possibility of storage collision
Tools Used
Manual
Recommendations
Use the storage location layout suggested by eip 7201 and used in other files.
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Storage computation formula of ERC7201 is not followed. ERC7201 non compliance.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,87821
USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.