Missing storage __gap in multiple upgradeable contracts can lead to storage collision
Description
Several upgradeable contracts in the codebase inherit from OpenZeppelin's upgradeable contracts but do not implement the required storage gap variable (__gap). The following contracts are affected:
BaseAdapter.soland its implementations:UniswapV2Adapter.solUniswapV3Adapter.solCurveAdapter.sol
PriceAdapter.solWhitelist.solReferral.solZlpVault.solTradingAccountNFT.solBaseKeeper.soland its implementations:DebtSettlementKeeper.solFeeConversionKeeper.solUsdTokenSwapKeeper.sol
When new variables are added to base contracts in future upgrades, they could overlap with the storage of the derived contracts, corrupting the state of the contract. The __gap array reserves storage slots for future versions, preventing storage collision during upgrades.
Impact
Storage collisions could occur during contract upgrades if new variables are added to base contracts
Could lead to corrupted state variables and unexpected behavior
Particularly important for contracts handling user funds like
ZlpVaultand DEX adapters
Recommended Mitigation
Add a storage gap variable to all upgradeable contracts. Example for each contract type:
The size of the gap should be adjusted based on each contract's needs, typically aiming to reserve enough slots for future upgrades while considering gas costs. This pattern must be implemented in all the listed contracts to ensure safe upgradeability.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.