The AssetSwapPathStorage
contract does not fully comply with ERC-7201 due to an incorrect storage namespace calculation. This issue could lead to unintended storage collisions and data corruption across multiple contracts.
The contract defines its storage layout using incomplete ERC-7201 Implementation:
It's missing the & ~bytes32(uint256(0xff))
mask that is crucial for the ERC-7201 namespace pattern to prevent storage collisions. The correct implementation should include the & ~bytes32(uint256(0xff))
mask.
The storage slot
calculation is vulnerable to collisions due to the improper ERC-7201
implementation.
Without this mask, multiple contracts that use similar namespace derivations may overwrite each other’s storage, leading to unintended data corruption.
Due to improper ERC-7201 implementation, different assets could map to the same storage slot
If the namespace mask is not applied, multiple contracts may unintentionally overwrite each other’s storage.
Data from one contract may be mistakenly read or modified by another contract using a conflicting storage slot.
Manual
Referances:
Correcting the Storage Namespace Calculation
Ensures compliance with ERC-7201 by applying the required namespace mask.
Prevents potential storage collisions across different contracts using ERC-7201.
Implementing this fix, will fully align with ERC-7201, reducing the risk of storage conflicts and improving reliability.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.