Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Corruptible Upgradable Patterns in Multiple contracts

0xhuntoor

Summary

Storage of upgradeable contracts will be corrupted during an upgrade.

Vulnerability Detail

Note! Contracts In BOLD don't have gaps while Italic do have

  • StackingPool -> StackingRewardsPool

  • Startegy -> VaultControllerStrategy -> CommunityVCS and OperatorVCS

The problem is that those contracts have storage variable and not only view functions or immutable variables, and they should be upgradable compliant

If any storage variable would be added to them during upgrade, then they would be prone to storage corruption for the inheriting contracts that are in-scope like CommunityVCS StackingPool OperatorVCS and some storage will be overridden in the mentioned contracts

Without gaps, adding new storage variables to any of these contracts can potentially overwrite the beginning of the storage layout of the child contract, causing critical misbehaviors in the system.

Impact

During contract upgrades some storage variables will be overridden and according to the importance of that variable will be the impact

can be up to whole functionality halt

Recommendation

Add storage gaps in every upgradable contract and their parents as recommended by openzeppeline

Updates

Lead Judging Commences

inallhonesty Lead Judge
11 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0xhuntoor Submitter
11 months ago
inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.