Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Corruptible Upgradability Pattern

davidjohn24

Summary

Swap.sol is not designed for upgrade. This library is missing __gap array for upgradability.

Vulnerability Details

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/35deb3e92b2a32cd304bf61d27e6071ef36e446d/src/market-making/leaves/Swap.sol#L4

Zeros has tree proxy pattern for upgradability. But this library has no gap

Impact

Storage of vault contracts might be corrupted during upgrading.

Tools Used

Recommendations

Modify the structure of contracts

struct Data {
address assetFrom; // 20 bytes
uint96 amount; // 12 bytes (fits in the same slot as address)
uint128 minUsdTokenOut; // 16 bytes
uint128 deadline; // 16 bytes
uint256[50] __gap; // Reserved storage gap for future upgrades
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.