[M-2] Non-upgradable version of `ReentrancyGuard` inherited by an upgradable contract `StabilityPool.sol`.
Summary
The StabilityPool.sol contract is designed to be an upgradable contract but it inherits the non-upgradable version of ReentrancyGuard from openzeppelin which is not designed to be upgradable.
Vulnerability Details.
Impact
The ReentrancyGuard itself has a constructor that initializes a state variable uint256 private _status.This variable is set to the status NOT_ENTERED in the constructor.Because this is an upgradable contract,the constructor is never called by the proxy and it remains un-initialized.
All the other contracts that are inherited by the StabilityPool.sol uses custom storage slots to store their variables to minimize the risk of storage collision but because the ReentrancyGuardis not meant to be upgradable, the _status varable occupies the storage slot 0 of the proxy and there is no custom storage slot to store the _status to minimise the risk of storage collision therefore a future upgrade is in a major risk of storage collison.
Tools Used
manual review
Recommendations
inherit openzeppelin's ReentrancyGuardUpgradeable instead of the regular ReentrancyGuard
initialize the ReentrancyGuardUpgradeable in the initialize function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.