GitHub
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/Referral.sol
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/CustomReferralConfiguration.sol

Summary

The CustomReferralConfiguration and Referral libraries are not ERC7201 compliant. Neither library includes the required @custom:storage-location annotation in their structs. Additionally, both libraries use keccak256 to compute the storage slot but do not follow the exact formula prescribed by ERC-7201 (keccak256(abi.encode(uint256(keccak256(bytes(id))) - 1)) & ~bytes32(uint256(0xff))).

Impact

Storage collisions chances are high and also compatibility issues can occur, let me explain below:

• Storage Collisions: The ERC-7201 formula is designed to avoid collisions with the default storage layout used by Solidity and Vyper. Not following this formula increases the risk of storage collisions, where different variables or structs overwrite each other's storage slots. This can corrupt data and lead to unpredictable contract behavior.

• Tooling Compatibility: Blockchain explorers, debuggers, and other development tools may not recognize the storage layout without the annotation, leading to potential misinterpretations of storage data. This can complicate the debugging process and hinder the development workflow.

Recommendation

• Modify the slot computation to use the formula defined by ERC-7201.

• Add the NatSpec annotation to indicate the storage location.