Submission Details
Severity:
potential storage collision in `StabilityPool` contract because using non upgradeable ReentrancyGuard library
Summary
using non-upgradeable library in upgradeable contract can lead to storage collision
Vulnerability Details
import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
.
.
.
contract StabilityPool is IStabilityPool, Initializable, ReentrancyGuard, OwnableUpgradeable, PausableUpgradeable {
Impact
potential storage slot collision when upgrading the LendingPool contract implementation, the contract then would prone to wrong state because of the collision
Tools Used
manual review
Recommendations
use ReentrancyGuardUpgradeableinstead of ReentrancyGuard
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.