Summary

Upgradeable contracts from protocol repo (/src/repo) are inheriting contracts that are not upgradeable. This can cause a storage shift if new variables are introduced in the inherited contracts.

Vulnerability Details

Rescuable contract is inherited in every contract in /core folder. This contract inherits from OpenZeppelin Ownable and Pausable. These contracts are not upgradeable but are being used in a upgradeable contract themselves.

Impact

When upgrading - a new variable could be introduced to the storage of openzeppelin contracts that are inherited - this shifts the entire storage layout by one (1) or how many new variables are introduced.

Protocol is broken entirely after the upgrade because of the storage shift.

We consider the impact to be high and likelihood to be low since there would have to be a new variable introduced to the openzeppelin inherited contracts. Therefore, the vulnerability is medium.

Tools Used

Manual review

Recommendations

Use OpenZeppelin upgradeable contracts to inherit from when writing upgradeable contracts. https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable

Also - properly initialize the upgradable contracts.