StakingRewardsPool missing gap variable
Summary
Note that the gap variable has not been mentioned in known issues for StakingRewardsPool contract
StakingRewardsPool contract is missing storage gap variable. This will cause problems in new version of the contract like storage collision. The gap is crucial for upgradeable contracts.
Vulnerability Details
The StakingRewardsPool contract is missing a storage gap, which is a crucial safety feature for upgradeable contracts.
Storage gaps are used in upgradeable smart contracts to ensure that future versions of the contract can add new variables to storage without causing conflicts. When the implementation contract is upgraded, the storage layout must remain consistent to prevent data corruption and unexpected behavior.
Impact
1. Storage Collision: Without storage gaps, adding new variables in future contract versions can overwrite existing storage slots, causing unpredictable behavior and potential data corruption.
2. Broken Upgrades: The contract can't be safely upgraded to add new features or fix bugs, limiting its long-term usefulness.
Tools Used
Manual Review
Recommendations
Add storage gap variable to reserve space for future upgrades.
Here's a example for OpenZeppelin
https://docs.openzeppelin.com/upgrades-plugins/1.x/writing-upgradeable#storage-gaps
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.