Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Corruptible Upgradability Pattern in LLMOracleManager

0xnbvc

Vulnerability Details

The LLMOracleManager contract is inherited by the upgradeable LLMOracleCoordinator contract, but it does not implement storage gaps. This makes the contract vulnerable to storage collisions during upgrades.

The inheritance chain is as follows:

LLMOracleCoordinator

└── LLMOracleManager //@audit no storage gaps

└── OwnableUpgradeable

While OwnableUpgradeable.sol from OpenZeppelin implement the "ERC-7201: Namespaced Storage Layout", LLMOracleManager does not nor has a storage gap.

Adding new storage variables to LLMOracleManager in future upgrades could potentially overwrite the beginning of the storage layout of LLMOracleCoordinator, causing critical misbehaviors in the system.

Impact

Storage of LLMOracleCoordinator might be corrupted during upgrades
This could lead to loss of critical protocol configuration and state regarding registry, feeToken, nextTaskId, requests, responses or validations state variables.
The entire oracle system could become non-functional if storage is corrupted

Recommendations

Add a storage gap at the end of LLMOracleManager.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.