Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Missing Reserved Storage Gap in `PriorityPool`, `OperatorStakingPool` and `FundFlowController` Contracts Causes slot collisions in future upgrades

pro_king

Summary

In the contract that uses the UUPSUpgradeable pattern, there is no reserved storage gap. This omission creates a risk of storage slot collisions when the contract is upgraded, potentially corrupting the contract’s state. The storage layout can change between versions, and without a gap to account for these changes, future upgrades may overwrite existing storage variables, leading to unpredictable behavior and potentially severe financial or operational impacts.

Vulnerability Detail

When using the UUPS (Universal Upgradeable Proxy Standard) pattern for upgradeable contracts, it's crucial to leave a storage gap in the contract's state variables. This ensures that future upgrades that introduce new state variables do not overwrite existing ones.

In this contracts, there is no uint256[50] private __gap; or similar placeholder to reserve storage slots for potential future upgrades. Without this reserved gap, when new variables are added in future versions, they may conflict with current state variables, causing storage slot collisions. This can result in:

Incorrect values for critical state variables.
Loss of important data or functionality.
Unpredictable behavior or contract failures.

Impact

Data corruption: Future upgrades may overwrite current state variables, leading to data loss or corruption.
Functional failures: Contracts functionality may break due to misaligned storage, which could trigger unintended consequences in operations like fund management, user balances, or governance decisions.
Financial loss: If critical variables such as token balances or staking amounts are corrupted, it could lead to significant financial losses for users or the protocol.

Code Snippet

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/linkStaking/OperatorStakingPool.sol#L16
https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/linkStaking/FundFlowController.sol#L16
https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/priorityPool/PriorityPool.sol#L21

Tool used

Manual Review

Recommendation

To prevent storage collisions during future upgrades, add a storage gap in the contracts. This will reserve storage slots that can be safely used in future versions, preventing overwriting of existing state variables.

Recommended Fix:

+ uint256[50] private __gap; // Reserve 50 storage slots for future upgrades

By adding a gap, it ensure that the contract remains safe for upgrades, protecting state variables from unintended overwrites.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!