Missing storage gap for One World upgradeable contracts
Summary
The MemebershipFactory and MemebershipERC1155 contract does not include a storage gap to reserve storage slots for future variables. In the context of upgradeable contracts, it is critical to reserve storage space for future upgrades by leaving an unused storage gap.
Without a storage gap, when the contract is upgraded in the future and additional variables are added to MemebershipFactory, they may overwrite existing variables in child contracts (e.g., the Vault contract), leading to unexpected behavior or security
vulnerabilities.
Impact
Variable Overwrites: If a new variable is added to MemebershipFactory and MemebershipERC1155 during a future upgrade, it could overwrite storage slots already occupied by variables in the Vault contract or other inheriting contracts, leading to unpredictable behavior.
Loss of State Integrity: Critical state variables could be overwritten, leading to contract malfunctions such as incorrect access control, loss of funds, or unintended behavior.
Tools Used
Manual Review
Recommendations
To avoid future storage collisions, add a storage gap in MemebershipERC115 and MemebershipFactory. A storage gap is typically an array of unused storage slots that allows for future upgrades without overwriting existing storage slots.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.